case class Acl(roles: List[Role], user: Identity) extends AllowLike with Product with Serializable
Acl Component using roles and identities to check if a resource/privilege is allowed for the current defined identity.
Usage: new Acl(List[de.ceow.security.acl.Role](role1, role2), user) This identity and it's containing roles will be used for allowed checks
How it works: the roleRegistry is used to store all defined roles and to map the identity-roles to a role object. The identity itself will store only integer values as bits (1,2,4,8 ...) which maps to the role identifier.
Example: Role1.id=1, Role2.id=2 ... Role4.id=8 Identity:roles = 11 means List(Role1, Role2, Role8)
While adding a identity, the mapping will check if there is a role defined, generates a new unique GenericRole which inherits from all mapped Roles.
Resource: Resources have to be objects / case classes. It's more used like a type
Privilege: Privileges are also just types as resources are
Assert: An assert is a class with an apply method which receive "Option[AclObject]" as it's first parameter and the current acl object as it's second argument. The return value is always a boolean. This type or assertion can be used to decide on "AclObject" if the resource/privilege is allowed or not.
Example: Lets say you have a site which have a company profile and related employees (Identities). Companies and Employees are in relation and you want to allow some employees to change things on your company profile page. So some employees will have a flag (canEditCompany). Your assert can now receive the company entity and you can check if the user is related to the company and is allowed to edit.
Roles: A role defines the rule definition???? and the resources, privileges and asserts. You can reduce it to just resources when you want to allow every privilege in this resource (helpful for admins).
Mapping example: val rules = Map( Resource -> Map() <- allowed all privileges Resource2 -> Map( Privilege1 -> Seq(), <- no assertions Privilege2 -> Seq((value: Option[AclObject], acl: Acl) => true|false) ) )
Let's see some implementations
Examples: Acl.isAllowed(Resource, Privilege) Acl.isAllowed(Resource, Privilege, Some(Foo))
- Alphabetic
- By Inheritance
- Acl
- Serializable
- Serializable
- Product
- Equals
- AllowLike
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
def
allowed(role: Role, resource: Resource, privilege: Privilege, objectToCheck: Option[AclObject]): Boolean
internal, recursive check method.
internal, recursive check method. 1. check if a resource is allowed including all privileges 2. check if a resource is allowed for given privilege 3. check all inheritance roles by using recursion
- Attributes
- protected
-
def
allows(v: AclObject)(implicit acl: Acl): AllowObject
allows for acl object
allows for acl object
- v
AclObject
- acl
the acl instance
-
def
allows(p: Privilege)(implicit acl: Acl): AllowResource
allow like for privilege to check for
-
def
allows(r: Resource)(implicit acl: Acl): AllowPrivilege
allow like for acl instance to check for resource
-
def
applyRules(roles: List[Role]): Map[String, Seq[Assert]]
apply the rule definition from a role to a easy understandable format for the acl to check against
apply the rule definition from a role to a easy understandable format for the acl to check against
- Attributes
- protected
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
-
def
clone(): AnyRef
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
def
createHash(role: Role, r: Resource, p: Privilege): String
creates a hash value by give role, resource and privilege RoleName/ResourceName/PrivilegeName RoleName/ResourceName/\* for allowing all privileges in this resource
creates a hash value by give role, resource and privilege RoleName/ResourceName/PrivilegeName RoleName/ResourceName/\* for allowing all privileges in this resource
- Attributes
- protected
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
finalize(): Unit
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] )
-
def
generateGenericRole(user: Identity): Role
create the custom role for the current user
create the custom role for the current user
- Attributes
- protected
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
-
def
isAllowed(r: Resource, p: Privilege, o: Option[AclObject] = None): Boolean
check methods if a resource and a privilege is allowed by itself or with object
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
-
def
observerEntity: Identity
the observer (Identity)
-
lazy val
observerRole: Role
the role of the observer itself
-
lazy val
roleRegistry: List[Role]
available roles
- val roles: List[Role]
-
lazy val
rules: Map[String, Seq[Assert]]
rule definitions
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
- val user: Identity
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )