biscuit-haskell-0.2.1.0: Library support for the Biscuit security token
Safe HaskellNone
LanguageHaskell2010

Auth.Biscuit.Datalog.ScopedExecutor

Synopsis

Documentation

runAuthorizer Source #

Arguments

:: BlockWithRevocationId

The authority block

-> [BlockWithRevocationId]

The extra blocks

-> Authorizer

A authorizer

-> IO (Either ExecutionError AuthorizationSuccess) 

Given a series of blocks and an authorizer, ensure that all the checks and policies match

runAuthorizerWithLimits Source #

Arguments

:: Limits

custom limits

-> BlockWithRevocationId

The authority block

-> [BlockWithRevocationId]

The extra blocks

-> Authorizer

A authorizer

-> IO (Either ExecutionError AuthorizationSuccess) 

Given a series of blocks and an authorizer, ensure that all the checks and policies match, with provided execution constraints

runFactGeneration :: Limits -> Map Natural (Set Rule) -> FactGroup -> Either PureExecError FactGroup Source #

Small helper used in tests to directly provide rules and facts without creating a biscuit token

data PureExecError Source #

A subset of ExecutionError that can only happen during fact generation

Constructors

Facts 
Iterations 
BadRule 

data AuthorizationSuccess Source #

Proof that a biscuit was authorized successfully. In addition to the matched allow query, the generated facts are kept around for further querying. Since only authority facts can be trusted, they are kept separate.

Constructors

AuthorizationSuccess 

Fields

getBindings :: AuthorizationSuccess -> Set Bindings Source #

Get the matched variables from the allow query used to authorize the biscuit. This can be used in conjuction with getVariableValues or getSingleVariableValue to extract the actual values

queryAuthorizerFacts :: AuthorizationSuccess -> Query -> Set Bindings Source #

Query the facts generated by the authority and authorizer blocks during authorization. This can be used in conjuction with getVariableValues and getSingleVariableValue to retrieve actual values.

⚠ Only the facts generated by the authority and authorizer blocks are queried. Block facts are not queried (since they can't be trusted).

💁 If the facts you want to query are part of an allow query in the authorizer, you can directly get values from AuthorizationSuccess.

getVariableValues :: (Ord t, FromValue t) => Set Bindings -> Text -> Set t Source #

Extract a set of values from a matched variable for a specific type. Returning Set Value allows to get all values, whatever their type.

getSingleVariableValue :: (Ord t, FromValue t) => Set Bindings -> Text -> Maybe t Source #

Extract exactly one value from a matched variable. If the variable has 0 matches or more than one match, Nothing will be returned