avers-server- Server implementation of the Avers API

Safe HaskellNone




credentialsObjId :: Handle -> Credentials -> Handler ObjId Source #

Convert the Credentials into an ObjId to which the ceredentials refer. That's the object the client is authenticated as.

data Authorizations Source #

Defines all the authorization points which are used in the server. For each you can supply your own logic. The default is to allow everything.

type Authz = [Avers AuthzR] Source #

Authorization logic is implemented as a list of Avers actions, each of which we call a module and returns a result (AuthzR), which determines what happens next.

data AuthzR Source #

The result of a single module is either ContinueR, which means we continue executing following modules, AllowR which means that the action is allowed and any following modules are skipped, or RejcetR which means that the action is rejected and following modules are skipped as well.



runAuthorization :: Handle -> Authz -> Handler () Source #

Run the authorization logic inside of the Servant monad.

trace :: Avers () -> Avers AuthzR Source #

This doesn't change the result, but allows you to run arbitrary Avers actions. This is useful for debugging.

sufficient :: Avers Bool -> Avers AuthzR Source #

If the given Avers action returns True, it is sufficient to pass the authorization check.

requisite :: Avers Bool -> Avers AuthzR Source #

The given Avers action must return True for this authorization check to pass.

sessionCreatedObject :: Session -> ObjId -> Avers Bool Source #

True if the session created the given object.

sessionIsObject :: Session -> ObjId -> Avers Bool Source #

True if the session is the given object. In most cases, a session has full access to the object against which it was created.