acl

Type Members

1. case class Acl(roles: List[Role], user: Identity) extends AllowLike with Product with Serializable

   

   Acl Component using roles and identities to check if a resource/privilege is allowed for the current defined identity.

   Acl Component using roles and identities to check if a resource/privilege is allowed for the current defined identity.

   Usage: new Acl(List[de.ceow.security.acl.Role](role1, role2), user) This identity and it's containing roles will be used for allowed checks

   How it works: the roleRegistry is used to store all defined roles and to map the identity-roles to a role object. The identity itself will store only integer values as bits (1,2,4,8 ...) which maps to the role identifier.

   Example: Role1.id=1, Role2.id=2 ... Role4.id=8 Identity:roles = 11 means List(Role1, Role2, Role8)

   While adding a identity, the mapping will check if there is a role defined, generates a new unique GenericRole which inherits from all mapped Roles.

   Resource: Resources have to be objects / case classes. It's more used like a type

   Privilege: Privileges are also just types as resources are

   Assert: An assert is a class with an apply method which receive "Option[AclObject]" as it's first parameter and the current acl object as it's second argument. The return value is always a boolean. This type or assertion can be used to decide on "AclObject" if the resource/privilege is allowed or not.

   Example: Lets say you have a site which have a company profile and related employees (Identities). Companies and Employees are in relation and you want to allow some employees to change things on your company profile page. So some employees will have a flag (canEditCompany). Your assert can now receive the company entity and you can check if the user is related to the company and is allowed to edit.

   Roles: A role defines the rule definition???? and the resources, privileges and asserts. You can reduce it to just resources when you want to allow every privilege in this resource (helpful for admins).

   Mapping example: val rules = Map( Resource -> Map() <- allowed all privileges Resource2 -> Map( Privilege1 -> Seq(), <- no assertions Privilege2 -> Seq((value: Option[AclObject], acl: Acl) => true|false) ) )

   Let's see some implementations

   Examples: Acl.isAllowed(Resource, Privilege) Acl.isAllowed(Resource, Privilege, Some(Foo))

2. trait AclObject extends AnyRef

   

3. trait AllowLike extends AnyRef

   

   Allow like trait

4. abstract class Assert extends AnyRef

   

   This is a abstract class to writer assertions for some rights.

   This is a abstract class to writer assertions for some rights.

   class myAssert extends Assert {
     def apply(obj: Option[AclObject], acl: Acl): Boolean = {
       obj.match {
         case Some(item) => true
         case None => false
       }
     }
   }

5. case class DeniedPrivilege(deniedName: String) extends Privilege with Product with Serializable

   

6. case class GenericIdentity(name: String, givenRoles: Long = 0L) extends Identity with Product with Serializable

   

   This is a generic implementation of Identity trait and a fake Identity itself

7. case class GenericRole(name: String, inheritedRoles: List[Role]) extends Role with Product with Serializable

   

8. trait Identity extends AnyRef

   

   Identity Trait

9. abstract class Privilege extends AnyRef

   

   abstract Case class privilege

10. abstract case class Resource(name: String) extends Product with Serializable

    

    Abstract Resource object

11. abstract class Role extends AnyRef

    

    this is the abstract role