playacl

Type Members

1. case class Acl(roles: List[Role], user: Identity) extends AllowLike with Product with Serializable

   

   Acl Component using roles and identities to check if a resource/privilege is allowed for the current defined identity.

   Acl Component using roles and identities to check if a resource/privilege is allowed for the current defined identity.

   Usage: Acl ++ com.github.scyks.playacl.Role - to add a role and the right definition to the acl component Acl ++ com.github.scyks.playacl.Role1 ++ com.github.scyks.playacl.Role2

   Acl += com.github.scyks.playacl.Identity - to add the current identity to the acl This identity and it's containing roles will be used for allowed checks

   How it works: the roleRegistry is used to store all defined roles and to map the identity-roles to a role object. The identity itself will store only integer values as bits (1,2,4,8 ...) which maps to the role identifier.

   Example: Role1.id=1, Role2.id=2 ... Role4.id=8 Identity:roles = 11 means List(Role1, Role2, Role8)

   While adding a identity, the mapping will check if there is a role defined, generates a new unique GenericRole which inherits from all mapped Roles.

   Resource: Resources have to be objects / case classes. It's more used like a type

   Privilege: Privileges are also just types as resources are

   Assert: An assert is a function which receive "Option[AclObject]" as it's first parameter and return always a boolean. This type or assertion can be used to decide on "AclObject" if the resource/privilege is allowed or not.

   Example: Lets say you have a site which have a company profile and related employees (Identities). Companies and Employees are in relation and you want to allow some employees to change things on your company profile page. So some employees will have a flag (canEditCompany). Your assert can now receive the company entity and you can check if the user is related to the company and is allowed to edit.

   Roles: A role defines the rule definition???? and the resources, privileges and asserts. You can reduce it to just resources when you want to allow every privilege in this resource (helpful for admins).

   Mapping example: val rules = scala.collection.mutable.Map( Resource -> scala.collection.mutable.Map() <- allowed all privileges Resource2 -> scala.collection.mutable.Map( Privilege1 -> Seq(), <- no assertions Privilege2 -> Seq((value: Option[AclObject]) => true|false) ) )

   Let's see some implementations

   Examples: Acl.isAllowed(Resource, Privilege) Acl.isAllowed(Resource, Privilege, Some(Foo))

2. trait AclObject extends AnyRef

   

3. trait AllowLike extends AnyRef

   

   Allow like trait

4. case class GenericIdentity(name: String, givenRoles: Long = 0L) extends Identity with Product with Serializable

   

   This is a generic implementation of Identity trait and a fake Identity itself

5. case class GenericRole(name: String, inheritedRoles: List[Role]) extends Role with Product with Serializable

   

6. trait Identity extends AnyRef

   

   Identity Trait

7. abstract case class Privilege(name: String) extends Product with Serializable

   

   abstract Case class privilege

8. abstract case class Resource(name: String) extends Product with Serializable

   

   Abstract Resource object

9. abstract class Role extends AnyRef

   

   this is the abstract role