package acl
- Alphabetic
- Public
- All
Type Members
-
case class
Acl
(roles: List[Role], user: Identity) extends AllowLike with Product with Serializable
Acl Component using roles and identities to check if a resource/privilege is allowed for the current defined identity.
Acl Component using roles and identities to check if a resource/privilege is allowed for the current defined identity.
Usage: new Acl(List[de.ceow.security.acl.Role](role1, role2), user) This identity and it's containing roles will be used for allowed checks
How it works: the roleRegistry is used to store all defined roles and to map the identity-roles to a role object. The identity itself will store only integer values as bits (1,2,4,8 ...) which maps to the role identifier.
Example: Role1.id=1, Role2.id=2 ... Role4.id=8 Identity:roles = 11 means List(Role1, Role2, Role8)
While adding a identity, the mapping will check if there is a role defined, generates a new unique GenericRole which inherits from all mapped Roles.
Resource: Resources have to be objects / case classes. It's more used like a type
Privilege: Privileges are also just types as resources are
Assert: An assert is a class with an apply method which receive "Option[AclObject]" as it's first parameter and the current acl object as it's second argument. The return value is always a boolean. This type or assertion can be used to decide on "AclObject" if the resource/privilege is allowed or not.
Example: Lets say you have a site which have a company profile and related employees (Identities). Companies and Employees are in relation and you want to allow some employees to change things on your company profile page. So some employees will have a flag (canEditCompany). Your assert can now receive the company entity and you can check if the user is related to the company and is allowed to edit.
Roles: A role defines the rule definition???? and the resources, privileges and asserts. You can reduce it to just resources when you want to allow every privilege in this resource (helpful for admins).
Mapping example: val rules = Map( Resource -> Map() <- allowed all privileges Resource2 -> Map( Privilege1 -> Seq(), <- no assertions Privilege2 -> Seq((value: Option[AclObject], acl: Acl) => true|false) ) )
Let's see some implementations
Examples: Acl.isAllowed(Resource, Privilege) Acl.isAllowed(Resource, Privilege, Some(Foo))
- trait AclObject extends AnyRef
-
trait
AllowLike
extends AnyRef
Allow like trait
-
abstract
class
Assert
extends AnyRef
This is a abstract class to writer assertions for some rights.
This is a abstract class to writer assertions for some rights.
class myAssert extends Assert { def apply(obj: Option[AclObject], acl: Acl): Boolean = { obj.match { case Some(item) => true case None => false } } }
- case class DeniedPrivilege (deniedName: String) extends Privilege with Product with Serializable
-
case class
GenericIdentity
(name: String, givenRoles: Long = 0L) extends Identity with Product with Serializable
This is a generic implementation of Identity trait and a fake Identity itself
- case class GenericRole (name: String, inheritedRoles: List[Role]) extends Role with Product with Serializable
-
trait
Identity
extends AnyRef
Identity Trait
-
abstract
class
Privilege
extends AnyRef
abstract Case class privilege
-
abstract
case class
Resource
(name: String) extends Product with Serializable
Abstract Resource object
-
abstract
class
Role
extends AnyRef
this is the abstract role
Value Members
- object AllowLikeHelper