| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Model.Permission
Contents
- module Model.Permission.Types
- permissionPRIVATE :: Permission
- readPermission :: Release -> Permission
- readRelease :: Permission -> Maybe Release
- dataPermission4 :: (a -> EffectiveRelease) -> (a -> VolumeRolePolicy) -> a -> Permission
- canReadData2 :: (a -> EffectiveRelease) -> (a -> VolumeRolePolicy) -> a -> Bool
- accessJSON :: ToObject o => Access -> o
- checkPermission :: (a -> Permission) -> a -> Permission -> PermissionResponse a
- data PermissionResponse a
- requestAccess :: Permission -> Permissioned a -> Maybe a
- data Permissioned a
- mkPermissioned :: (a -> Permission) -> a -> Permissioned a
Documentation
module Model.Permission.Types
permissionPRIVATE :: Permission Source #
Level at which things become visible. ; TODO: use this somewhere? permissionVIEW :: Permission permissionVIEW = PermissionPUBLIC
Alias for READ. Grants full access to private data, bypassing consent permissions.
readPermission :: Release -> Permission Source #
The necessary permission level to read a data object with the given release. Equivalent to the SQL function read_permission.
readRelease :: Permission -> Maybe Release Source #
The most restrictive data release level that the current user may access under the given permission.
Equivalent to the SQL function read_release. Inverse of readPermission module meaning of Nothing.
dataPermission4 :: (a -> EffectiveRelease) -> (a -> VolumeRolePolicy) -> a -> Permission Source #
canReadData2 :: (a -> EffectiveRelease) -> (a -> VolumeRolePolicy) -> a -> Bool Source #
accessJSON :: ToObject o => Access -> o Source #
Checking permissioned objects
Arguments
| :: (a -> Permission) | Extract the object's permission rules |
| -> a | The object in question |
| -> Permission | The requested permission |
| -> PermissionResponse a | The object decorated with the permission response |
Decorate some permissioned object with a permission response TODO: Maybe replace with requestAccess
data PermissionResponse a Source #
Responses to checkPermission
Constructors
| PermissionGranted a | Whatever you wanted, you got it! |
| PermissionDenied | No. |
New
Arguments
| :: Permission | Requested permission |
| -> Permissioned a | object |
| -> Maybe a | Maybe the unwrapped object |
How to get access to a permissioned object. It's not a great design, but it makes a concrete concept out of an existing pattern in the codebase. A better design could perhaps couple the access request to the action that needs the access.
data Permissioned a Source #
Represents a permissioned object. The constructor is not exported: use
mkPermissioned and requestAccess instead.
mkPermissioned :: (a -> Permission) -> a -> Permissioned a Source #
Smart constructor for Permissioned.
As one can tell from the first argument, this assumes that objects already
have some way of being mapped to the permissions granted on them. This is
generally true because of how the existing code works. It might change in the
future, for example if database queries return a Permissioned value
directly, obsoleting this function.