avers-server-0.0.19.0: Server implementation of the Avers API

Safe HaskellNone
LanguageHaskell2010

Avers.Server

Synopsis

Documentation

serveAversAPI :: Handle -> Authorizations -> Server AversAPI #

credentialsObjId :: Handle -> Credentials -> Handler ObjId #

Convert the Credentials into an ObjId to which the ceredentials refer. That's the object the client is authenticated as.

data Authorizations #

Defines all the authorization points which are used in the server. For each you can supply your own logic. The default is to allow everything.

Constructors

Authorizations 

Fields

type Authz = [Avers AuthzR] #

Authorization logic is implemented as a list of Avers actions, each of which we call a module and returns a result (AuthzR), which determines what happens next.

data AuthzR #

The result of a single module is either ContinueR, which means we continue executing following modules, AllowR which means that the action is allowed and any following modules are skipped, or RejcetR which means that the action is rejected and following modules are skipped as well.

Constructors

ContinueR 
AllowR 
RejectR 

defaultAuthorizations :: Authorizations #

runAuthorization :: Handle -> Authz -> Handler () #

Run the authorization logic inside of the Servant monad.

trace :: Avers () -> Avers AuthzR #

This doesn't change the result, but allows you to run arbitrary Avers actions. This is useful for debugging.

sufficient :: Avers Bool -> Avers AuthzR #

If the given Avers action returns True, it is sufficient to pass the authorization check.

requisite :: Avers Bool -> Avers AuthzR #

The given Avers action must return True for this authorization check to pass.

sessionCreatedObject :: Session -> ObjId -> Avers Bool #

True if the session created the given object.

sessionIsObject :: Session -> ObjId -> Avers Bool #

True if the session is the given object. In most cases, a session has full access to the object against which it was created.