Safe Haskell	None
Language	Haskell2010

Auth.Biscuit.Datalog.ScopedExecutor

Synopsis

type BlockWithRevocationId = (Block, ByteString)
runAuthorizer :: BlockWithRevocationId -> [BlockWithRevocationId] -> Authorizer -> IO (Either ExecutionError AuthorizationSuccess)
runAuthorizerWithLimits :: Limits -> BlockWithRevocationId -> [BlockWithRevocationId] -> Authorizer -> IO (Either ExecutionError AuthorizationSuccess)
runAuthorizerNoTimeout :: Limits -> BlockWithRevocationId -> [BlockWithRevocationId] -> Authorizer -> Either ExecutionError AuthorizationSuccess
runFactGeneration :: Limits -> Map Natural (Set Rule) -> FactGroup -> Either PureExecError FactGroup
data PureExecError
- = Facts
- | Iterations
- | BadRule
data AuthorizationSuccess = AuthorizationSuccess {
- matchedAllowQuery :: MatchedQuery
- allFacts :: FactGroup
- limits :: Limits
}
getBindings :: AuthorizationSuccess -> Set Bindings
queryAuthorizerFacts :: AuthorizationSuccess -> Query -> Set Bindings
getVariableValues :: (Ord t, FromValue t) => Set Bindings -> Text -> Set t
getSingleVariableValue :: (Ord t, FromValue t) => Set Bindings -> Text -> Maybe t
newtype FactGroup = FactGroup {
- getFactGroup :: Map (Set Natural) (Set Fact)
}

Documentation

type BlockWithRevocationId = (Block, ByteString) Source #

runAuthorizer Source #

Arguments

:: BlockWithRevocationId	The authority block
-> [BlockWithRevocationId]	The extra blocks
-> Authorizer	A authorizer
-> IO (Either ExecutionError AuthorizationSuccess)

Given a series of blocks and an authorizer, ensure that all the checks and policies match

runAuthorizerWithLimits Source #

Arguments

:: Limits	custom limits
-> BlockWithRevocationId	The authority block
-> [BlockWithRevocationId]	The extra blocks
-> Authorizer	A authorizer
-> IO (Either ExecutionError AuthorizationSuccess)

Given a series of blocks and an authorizer, ensure that all the checks and policies match, with provided execution constraints

runAuthorizerNoTimeout :: Limits -> BlockWithRevocationId -> [BlockWithRevocationId] -> Authorizer -> Either ExecutionError AuthorizationSuccess Source #

runFactGeneration :: Limits -> Map Natural (Set Rule) -> FactGroup -> Either PureExecError FactGroup Source #

Small helper used in tests to directly provide rules and facts without creating a biscuit token

data PureExecError Source #

A subset of ExecutionError that can only happen during fact generation

Constructors

Facts
Iterations
BadRule

Instances

Instances details

Eq PureExecError Source #
Instance details Defined in Auth.Biscuit.Datalog.ScopedExecutor Methods (==) :: PureExecError -> PureExecError -> Bool # (/=) :: PureExecError -> PureExecError -> Bool #
Show PureExecError Source #
Instance details Defined in Auth.Biscuit.Datalog.ScopedExecutor Methods showsPrec :: Int -> PureExecError -> ShowS # show :: PureExecError -> String # showList :: [PureExecError] -> ShowS #

data AuthorizationSuccess Source #

Proof that a biscuit was authorized successfully. In addition to the matched allow query, the generated facts are kept around for further querying. Since only authority facts can be trusted, they are kept separate.

Constructors

AuthorizationSuccess
Fields matchedAllowQuery :: MatchedQuery The allow query that matched allFacts :: FactGroup All the facts that were generated by the biscuit, grouped by their origin limits :: Limits Limits used when running datalog. It is kept around to allow further datalog computation when querying facts

Instances

Instances details

Eq AuthorizationSuccess Source #
Instance details Defined in Auth.Biscuit.Datalog.ScopedExecutor Methods (==) :: AuthorizationSuccess -> AuthorizationSuccess -> Bool # (/=) :: AuthorizationSuccess -> AuthorizationSuccess -> Bool #
Show AuthorizationSuccess Source #
Instance details Defined in Auth.Biscuit.Datalog.ScopedExecutor Methods showsPrec :: Int -> AuthorizationSuccess -> ShowS # show :: AuthorizationSuccess -> String # showList :: [AuthorizationSuccess] -> ShowS #

getBindings :: AuthorizationSuccess -> Set Bindings Source #

Get the matched variables from the allow query used to authorize the biscuit. This can be used in conjuction with getVariableValues or getSingleVariableValue to extract the actual values

queryAuthorizerFacts :: AuthorizationSuccess -> Query -> Set Bindings Source #

Query the facts generated by the authority and authorizer blocks during authorization. This can be used in conjuction with getVariableValues and getSingleVariableValue to retrieve actual values.

⚠ Only the facts generated by the authority and authorizer blocks are queried. Block facts are not queried (since they can't be trusted).

💁 If the facts you want to query are part of an allow query in the authorizer, you can directly get values from AuthorizationSuccess.

getVariableValues :: (Ord t, FromValue t) => Set Bindings -> Text -> Set t Source #

Extract a set of values from a matched variable for a specific type. Returning Set Value allows to get all values, whatever their type.

getSingleVariableValue :: (Ord t, FromValue t) => Set Bindings -> Text -> Maybe t Source #

Extract exactly one value from a matched variable. If the variable has 0 matches or more than one match, Nothing will be returned

newtype FactGroup Source #

Constructors

FactGroup
Fields getFactGroup :: Map (Set Natural) (Set Fact)

Instances

Instances details

Eq FactGroup Source #
Instance details Defined in Auth.Biscuit.Datalog.Executor Methods (==) :: FactGroup -> FactGroup -> Bool # (/=) :: FactGroup -> FactGroup -> Bool #
Show FactGroup Source #
Instance details Defined in Auth.Biscuit.Datalog.Executor Methods showsPrec :: Int -> FactGroup -> ShowS # show :: FactGroup -> String # showList :: [FactGroup] -> ShowS #
Semigroup FactGroup Source #
Instance details Defined in Auth.Biscuit.Datalog.Executor Methods (<>) :: FactGroup -> FactGroup -> FactGroup # sconcat :: NonEmpty FactGroup -> FactGroup # stimes :: Integral b => b -> FactGroup -> FactGroup #
Monoid FactGroup Source #
Instance details Defined in Auth.Biscuit.Datalog.Executor Methods mempty :: FactGroup # mappend :: FactGroup -> FactGroup -> FactGroup # mconcat :: [FactGroup] -> FactGroup #