biscuit-haskell-0.4.0.0: Library support for the Biscuit security token
Safe HaskellNone
LanguageHaskell2010

Auth.Biscuit.Datalog.ScopedExecutor

Synopsis

Documentation

runAuthorizer Source #

Arguments

:: BlockWithRevocationId

The authority block

-> [BlockWithRevocationId]

The extra blocks

-> Authorizer

A authorizer

-> IO (Either ExecutionError AuthorizationSuccess) 

Given a series of blocks and an authorizer, ensure that all the checks and policies match

runAuthorizerWithLimits Source #

Arguments

:: Limits

custom limits

-> BlockWithRevocationId

The authority block

-> [BlockWithRevocationId]

The extra blocks

-> Authorizer

A authorizer

-> IO (Either ExecutionError AuthorizationSuccess) 

Given a series of blocks and an authorizer, ensure that all the checks and policies match, with provided execution constraints

runFactGeneration :: Limits -> Natural -> Map Natural (Set EvalRule) -> FactGroup -> Either PureExecError FactGroup Source #

Small helper used in tests to directly provide rules and facts without creating a biscuit token

data PureExecError Source #

A subset of ExecutionError that can only happen during fact generation

data AuthorizationSuccess Source #

Proof that a biscuit was authorized successfully. In addition to the matched allow query, the generated facts are kept around for further querying. Since only authority facts can be trusted, they are kept separate.

Constructors

AuthorizationSuccess 

Fields

getBindings :: AuthorizationSuccess -> Set Bindings Source #

Get the matched variables from the allow query used to authorize the biscuit. This can be used in conjuction with getVariableValues or getSingleVariableValue to extract the actual values

getVariableValues :: (Ord t, FromValue t) => Set Bindings -> Text -> Set t Source #

Extract a set of values from a matched variable for a specific type. Returning Set Value allows to get all values, whatever their type.

getSingleVariableValue :: (Ord t, FromValue t) => Set Bindings -> Text -> Maybe t Source #

Extract exactly one value from a matched variable. If the variable has 0 matches or more than one match, Nothing will be returned