Acl Component using roles and identities to check if a resource/privilege is allowed for the current defined identity.
Allow like trait
This is a generic implementation of Identity trait and a fake Identity itself
Identity Trait
abstract Case class privilege
Abstract Resource object
this is the abstract role
Acl Component using roles and identities to check if a resource/privilege is allowed for the current defined identity.
Usage: Acl ++ com.github.scyks.playacl.Role - to add a role and the right definition to the acl component Acl ++ com.github.scyks.playacl.Role1 ++ com.github.scyks.playacl.Role2
Acl += com.github.scyks.playacl.Identity - to add the current identity to the acl This identity and it's containing roles will be used for allowed checks
How it works: the roleRegistry is used to store all defined roles and to map the identity-roles to a role object. The identity itself will store only integer values as bits (1,2,4,8 ...) which maps to the role identifier.
Example: Role1.id=1, Role2.id=2 ... Role4.id=8 Identity:roles = 11 means List(Role1, Role2, Role8)
While adding a identity, the mapping will check if there is a role defined, generates a new unique GenericRole which inherits from all mapped Roles.
Resource: Resources have to be objects / case classes. It's more used like a type
Privilege: Privileges are also just types as resources are
Assert: An assert is a function which receive "Option[AclObject]" as it's first parameter and return always a boolean. This type or assertion can be used to decide on "AclObject" if the resource/privilege is allowed or not.
Example: Lets say you have a site which have a company profile and related employees (Identities). Companies and Employees are in relation and you want to allow some employees to change things on your company profile page. So some employees will have a flag (canEditCompany). Your assert can now receive the company entity and you can check if the user is related to the company and is allowed to edit.
Roles: A role defines the rule definition???? and the resources, privileges and asserts. You can reduce it to just resources when you want to allow every privilege in this resource (helpful for admins).
Mapping example: val rules = scala.collection.mutable.Map( Resource -> scala.collection.mutable.Map() <- allowed all privileges Resource2 -> scala.collection.mutable.Map( Privilege1 -> Seq(), <- no assertions Privilege2 -> Seq((value: Option[AclObject]) => true|false) ) )
Let's see some implementations
Examples: Acl.isAllowed(Resource, Privilege) Acl.isAllowed(Resource, Privilege, Some(Foo))