Docstrings · FlatRBAC.jl

FlatRBAC.AbstractPermission — Type

type AbstractPermission

Interface methods

name()::String
actions()::Vector{String}
resources()::Vector{String}
scope()::Scope
hash()::UInt64

Implementing custom permissions

struct CustomPermission
    activity::String
    resources::Vector{Symbol}
end

FlatRBAC.name(custom::CustomPermission)      = Base.string(CustomPermission)
FlatRBAC.scope(custom::CustomPermission)     = FlatRBAC.All
FlatRBAC.actions(custom::CustomPermission)   = [custom.activity]
FlatRBAC.resources(custom::CustomPermission) = string.(custom.resources)

FlatRBAC.AbstractRole — Type

type AbstractRole

Roles are collection of permissions and can be assigned to subjects

Interface methods

name(<:AbstractRole)::String
description(<:AbstractRole)::String
permissions(<:AbstractRole)::Vector{<:AbstractPermission}
hash(<:AbstractRole)::UInt64

FlatRBAC.AbstractSubject — Type

type AbstractSubject

Interface methods

id::String
name::String
roles::Vector{<:AbstractRole}
hash()::UInt64

FlatRBAC.Permission — Type

Permission(str::String, description::String="")

Build a Permission from a shorthand representation

Examples

Permission("client:books:read,rent")
# Permission("client", ["books"], ["read", "rent"], "", None)

Permission("client::read,rent") # any resource
# Permission("client", ["*"], ["read", "rent"], "", None)

Permission("admin") # any resource, any actions
# Permission("admin", ["*"], ["*"], "", None)

Permission("staff:books") # any action over books
# Permission(staff:books:*:none)

Permission("multi-rental:books,cds:rent")
# Permission("multi-rental", ["books", "cds"], ["rent"], "", None)

Permission("author:*:update:own", "An author can update their own resources")
# Permission("author", ["*"], ["update"], "An author can update their own resources", Own)

FlatRBAC.Permission — Type

mutable struct Permission <:AbstractPermission

Permissions dot not know who can perform actions, only what can be performed on resources

rent_book = Permission(name="books", resources=["ulysses"], actions=["read", "rent"])
// alternatively
rent_book = Permission("books:ulysses:read,rent")

FlatRBAC.Role — Type

mutable struct Role <:AbstractRole

Grating permissions

grant!(role, permissions::Permission...)
grant!(role, roles::Role...)

Removing permissions and roles

revoke!(role, permissions::Permission...)

revoke!(role, roles::Role...)

FlatRBAC.Scope — Type

type Scope

Interface methods

Base.string(scope::Scope)::String
iswildcard(scope::Scope)::Bool
Scope(::Val{:lowercaseName})::Scope

FlatRBAC.Scope — Method

function Scope(str::String)

Construct Scope from a string representation

Examples

abstract type MyScope <:FlatRBAC.Scope end

Base.string(::Type{MyScope})    = "MyScope"

# Implementing this interface significantly improves performance
FlatRBAC.Scope(::Val{:myscope}) = MyScope

# Case insensitive, will check against lowercase representation
@assert FlatRBAC.Scope("MySCOPE") == MyScope "This should not error"

FlatRBAC.Subject — Type

mutable struct Subject <:AbstractSubject

A subject represents and entity interacting with an application

In a flat RBAC model, subjects will obtain permissions from their assigned roles, direct assignment is not supported

Methods

grant!
revoke!

FlatRBAC.implies — Method

None does not grant Own

FlatRBAC.implies — Method

Checking against Own defaults to true, devs are responsible for appropriate ownership checks

FlatRBAC.implies — Method

Checking Own supertype against Own subtypes is always true, devs are responsible for appropriate ownership checks

FlatRBAC.implies — Method

implies(this::P, that::P) where P<:AbstractPermission

Check whether a permission implies another permission is also granted

this must satisfy all [resource=>actions...] combinations from that

Example

# A permission to grant an user access to read and list its own data
user_perm = Permission("user_read:database:read,list:own")

implies(user_perm, Permission(":database:read:own")) == true # user can both read and list

implies(user_perm, Permission(":database:read,list,delete:own")) == false # user cannot delete
implies(user_perm, Permission(":database:read:all"), scoped=true) == false # user cannot read in all scope

FlatRBAC.implies — Method

Default Scope cases

FlatRBAC.implies — Method

Checking same scope is always true

FlatRBAC.iswildcard — Function

iswildcard(str::String)
iswildcard(::Type{<:Scope})
iswildcard(permission::Permission)
iswildcard(grant::Grant)

FlatRBAC.revoke! — Method

Revoke permission from role

FlatRBAC.revoke! — Method

Revoke from base all permissions from role

FlatRBAC.revoke! — Method

Revoke set of permissions from role

FlatRBAC.revoke! — Method

Revoke role from subject