Safe Haskell	None
Language	Haskell2010

Avers.Server

Synopsis

serveAversAPI :: Handle -> Authorizations -> Server AversAPI
credentialsObjId :: Handle -> Credentials -> Handler ObjId
data Authorizations = Authorizations {
- createObjectAuthz :: Credentials -> Text -> Authz
- lookupObjectAuthz :: Credentials -> ObjId -> Authz
- patchObjectAuthz :: Credentials -> ObjId -> [Operation] -> Authz
- deleteObjectAuthz :: Credentials -> ObjId -> Authz
- uploadBlobAuthz :: Credentials -> Text -> Authz
- lookupBlobAuthz :: Credentials -> BlobId -> Authz
- lookupBlobContentAuthz :: Credentials -> BlobId -> Authz
}
type Authz = [Avers AuthzR]
data AuthzR
- = ContinueR
- | AllowR
- | RejectR
defaultAuthorizations :: Authorizations
runAuthorization :: Handle -> Authz -> Handler ()
trace :: Avers () -> Avers AuthzR
sufficient :: Avers Bool -> Avers AuthzR
requisite :: Avers Bool -> Avers AuthzR
sessionCreatedObject :: Session -> ObjId -> Avers Bool
sessionIsObject :: Session -> ObjId -> Avers Bool

Documentation

serveAversAPI :: Handle -> Authorizations -> Server AversAPI Source #

credentialsObjId :: Handle -> Credentials -> Handler ObjId Source #

Convert the Credentials into an ObjId to which the ceredentials refer. That's the object the client is authenticated as.

data Authorizations Source #

Defines all the authorization points which are used in the server. For each you can supply your own logic. The default is to allow everything.

Constructors

Authorizations
Fields createObjectAuthz :: Credentials -> Text -> Authz lookupObjectAuthz :: Credentials -> ObjId -> Authz patchObjectAuthz :: Credentials -> ObjId -> [Operation] -> Authz deleteObjectAuthz :: Credentials -> ObjId -> Authz uploadBlobAuthz :: Credentials -> Text -> Authz lookupBlobAuthz :: Credentials -> BlobId -> Authz lookupBlobContentAuthz :: Credentials -> BlobId -> Authz

type Authz = [Avers AuthzR] Source #

Authorization logic is implemented as a list of Avers actions, each of which we call a module and returns a result (AuthzR), which determines what happens next.

data AuthzR Source #

The result of a single module is either ContinueR, which means we continue executing following modules, AllowR which means that the action is allowed and any following modules are skipped, or RejcetR which means that the action is rejected and following modules are skipped as well.

Constructors

ContinueR
AllowR
RejectR

defaultAuthorizations :: Authorizations Source #

runAuthorization :: Handle -> Authz -> Handler () Source #

Run the authorization logic inside of the Servant monad.

trace :: Avers () -> Avers AuthzR Source #

This doesn't change the result, but allows you to run arbitrary Avers actions. This is useful for debugging.

sufficient :: Avers Bool -> Avers AuthzR Source #

If the given Avers action returns True, it is sufficient to pass the authorization check.

requisite :: Avers Bool -> Avers AuthzR Source #

The given Avers action must return True for this authorization check to pass.

sessionCreatedObject :: Session -> ObjId -> Avers Bool Source #

True if the session created the given object.

sessionIsObject :: Session -> ObjId -> Avers Bool Source #

True if the session is the given object. In most cases, a session has full access to the object against which it was created.