module Model.Access
( accessSlot
, accessVolume
, AccessResult (..)
) where
import Model.Container.Types
import Model.Id.Types
import Model.Identity.Types
import Model.Permission
import Model.Slot
import Model.Volume
import Service.DB
data AccessResult a
= LookupFailed
| AccessDenied
| AccessResult a
accessSlot
:: (MonadDB c m, MonadHasIdentity c m)
=> Permission
-> Id Slot
-> m (AccessResult Slot)
accessSlot requestedPerm = accessPermissionedObject
lookupSlot
(extractPermissionIgnorePolicy
. volumeRolePolicy
. containerVolume
. slotContainer
)
requestedPerm
accessVolume
:: (MonadDB c m, MonadHasIdentity c m)
=> Permission
-> Id Volume
-> m (AccessResult Volume)
accessVolume requestedPerm = accessPermissionedObject
lookupVolume
(extractPermissionIgnorePolicy . volumeRolePolicy)
requestedPerm
accessPermissionedObject
:: MonadDB c m
=> (Id a -> m (Maybe a))
-> (a -> Permission)
-> Permission
-> Id a
-> m (AccessResult a)
accessPermissionedObject lookupObj getPermission requestedPerm =
fmap (maybe LookupFailed mkRequest) . lookupObjP
where
mkRequest =
maybe AccessDenied AccessResult . requestAccess requestedPerm
lookupObjP = fmap (fmap (mkPermissioned getPermission)) . lookupObj