Safe Haskell | None |
---|---|
Language | Haskell2010 |
Synopsis
- type BlockWithRevocationId = (Block, ByteString)
- runAuthorizer :: BlockWithRevocationId -> [BlockWithRevocationId] -> Authorizer -> IO (Either ExecutionError AuthorizationSuccess)
- runAuthorizerWithLimits :: Limits -> BlockWithRevocationId -> [BlockWithRevocationId] -> Authorizer -> IO (Either ExecutionError AuthorizationSuccess)
- runAuthorizerNoTimeout :: Limits -> BlockWithRevocationId -> [BlockWithRevocationId] -> Authorizer -> Either ExecutionError AuthorizationSuccess
- runFactGeneration :: Limits -> Map Natural (Set Rule) -> FactGroup -> Either PureExecError FactGroup
- data PureExecError
- = Facts
- | Iterations
- | BadRule
- data AuthorizationSuccess = AuthorizationSuccess {}
- getBindings :: AuthorizationSuccess -> Set Bindings
- queryAuthorizerFacts :: AuthorizationSuccess -> Query -> Set Bindings
- getVariableValues :: (Ord t, FromValue t) => Set Bindings -> Text -> Set t
- getSingleVariableValue :: (Ord t, FromValue t) => Set Bindings -> Text -> Maybe t
- newtype FactGroup = FactGroup {}
Documentation
type BlockWithRevocationId = (Block, ByteString) Source #
:: BlockWithRevocationId | The authority block |
-> [BlockWithRevocationId] | The extra blocks |
-> Authorizer | A authorizer |
-> IO (Either ExecutionError AuthorizationSuccess) |
Given a series of blocks and an authorizer, ensure that all the checks and policies match
runAuthorizerWithLimits Source #
:: Limits | custom limits |
-> BlockWithRevocationId | The authority block |
-> [BlockWithRevocationId] | The extra blocks |
-> Authorizer | A authorizer |
-> IO (Either ExecutionError AuthorizationSuccess) |
Given a series of blocks and an authorizer, ensure that all the checks and policies match, with provided execution constraints
runAuthorizerNoTimeout :: Limits -> BlockWithRevocationId -> [BlockWithRevocationId] -> Authorizer -> Either ExecutionError AuthorizationSuccess Source #
runFactGeneration :: Limits -> Map Natural (Set Rule) -> FactGroup -> Either PureExecError FactGroup Source #
Small helper used in tests to directly provide rules and facts without creating a biscuit token
data PureExecError Source #
A subset of ExecutionError
that can only happen during fact generation
Instances
Eq PureExecError Source # | |
Defined in Auth.Biscuit.Datalog.ScopedExecutor (==) :: PureExecError -> PureExecError -> Bool # (/=) :: PureExecError -> PureExecError -> Bool # | |
Show PureExecError Source # | |
Defined in Auth.Biscuit.Datalog.ScopedExecutor showsPrec :: Int -> PureExecError -> ShowS # show :: PureExecError -> String # showList :: [PureExecError] -> ShowS # |
data AuthorizationSuccess Source #
Proof that a biscuit was authorized successfully. In addition to the matched
allow query
, the generated facts are kept around for further querying.
Since only authority facts can be trusted, they are kept separate.
AuthorizationSuccess | |
|
Instances
Eq AuthorizationSuccess Source # | |
Defined in Auth.Biscuit.Datalog.ScopedExecutor (==) :: AuthorizationSuccess -> AuthorizationSuccess -> Bool # (/=) :: AuthorizationSuccess -> AuthorizationSuccess -> Bool # | |
Show AuthorizationSuccess Source # | |
Defined in Auth.Biscuit.Datalog.ScopedExecutor showsPrec :: Int -> AuthorizationSuccess -> ShowS # show :: AuthorizationSuccess -> String # showList :: [AuthorizationSuccess] -> ShowS # |
getBindings :: AuthorizationSuccess -> Set Bindings Source #
Get the matched variables from the allow
query used to authorize the biscuit.
This can be used in conjuction with getVariableValues
or getSingleVariableValue
to extract the actual values
queryAuthorizerFacts :: AuthorizationSuccess -> Query -> Set Bindings Source #
Query the facts generated by the authority and authorizer blocks
during authorization. This can be used in conjuction with getVariableValues
and getSingleVariableValue
to retrieve actual values.
⚠ Only the facts generated by the authority and authorizer blocks are queried. Block facts are not queried (since they can't be trusted).
💁 If the facts you want to query are part of an allow query in the authorizer,
you can directly get values from AuthorizationSuccess
.
getVariableValues :: (Ord t, FromValue t) => Set Bindings -> Text -> Set t Source #
Extract a set of values from a matched variable for a specific type.
Returning Set Value
allows to get all values, whatever their type.
getSingleVariableValue :: (Ord t, FromValue t) => Set Bindings -> Text -> Maybe t Source #
Extract exactly one value from a matched variable. If the variable has 0
matches or more than one match, Nothing
will be returned