avers-server-0.0.5: Server implementation of the Avers API

Safe HaskellNone
LanguageHaskell2010

Avers.Server

Synopsis

Documentation

serveAversCoreAPI :: Handle -> Authorizations -> Server AversCoreAPI Source

serveAversSessionAPI :: Handle -> Server AversSessionAPI Source

credentialsObjId :: Handle -> Credentials -> ExceptT ServantErr IO ObjId Source

Convert the Credentials into an ObjId to which the ceredentials refer. That's the object the client is authenticated as.

data Authorizations Source

Defines all the authorization points which are used in the server. For each you can supply your own logic. The default is to allow everything.

Constructors

Authorizations 

Fields

createObjectAuthz :: Credentials -> Text -> Authz
 
lookupObjectAuthz :: Credentials -> ObjId -> Authz
 

type Authz = [Avers AuthzR] Source

Authorization logic is implemented as a list of Avers actions, each of which we call a module and returns a result (AuthzR), which determines what happens next.

data AuthzR Source

The result of a single module is either ContinueR, which means we continue executing following modules, AllowR which means that the action is allowed and any following modules are skipped, or RejcetR which means that the action is rejected and following modules are skipped as well.

Constructors

ContinueR 
AllowR 
RejectR 

defaultAuthorizations :: Authorizations Source

runAuthorization :: Handle -> Authz -> ExceptT ServantErr IO () Source

Run the authorization logic inside of the Servant monad.

trace :: Avers () -> Avers AuthzR Source

This doesn't change the result, but allows you to run arbitrary Avers actions. This is useful for debugging.

sufficient :: Avers Bool -> Avers AuthzR Source

If the given Avers action returns True, it is sufficient to pass the authorization check.

requisite :: Avers Bool -> Avers AuthzR Source

The given Avers action must return True for this authorization check to pass.