Safe Haskell	Trustworthy

Hails.PolicyModule.Groups

Description

This module exports a class Groups that policy modules must define an instance of to define groups, or mappings between a group Principaland the principals in the group.

An app may then relabel a labeled value by using labelRewrite.

Synopsis

Documentation

class PolicyModule pm => Groups pm whereSource

Methods

groups Source

Arguments

:: pm	Unused type-enforcing param
-> DCPriv	Policy module privs
-> Principal	Group
-> DBAction [Principal]	(Policy module, group members) \| Endorse the implementation of this instance. Note that this is reduced to WHNF to catch invalid instances that use `undefined`. Example implementation: groupsInstanceEndorse _ = MyPolicyModuleTCB {- Leave other values undefined -}

Typically, the action should expand a principal such as #group to list of group members [alice, bob].

groupsInstanceEndorse :: pmSource

labelRewrite Source

Arguments

:: forall unused_pm a . Groups unused_pm
=> unused_pm	Policy module
-> DCLabeled a	Label
-> DBAction (DCLabeled a)

Given the policy module (which is used to invoke the right groups function) and labeled value, relabel the value according to the Groups of the policy module. Note that the first argument may be bottom since it is solely used for typing purposes.