lgwillmore / warden Goto Github PK

Let an enforcment point filter a collection of resources

Allow for nested complex map rule querying? Maybe? Or should properties just be flattened into the top level?

• xpaths into nexted property maps
• check rule for all members of a collection property

• Several features not documented
• Current feature syntax has changed

Move to simpler and code checked documentation.

Example: https://github.com/Kotlin/kotlinx.serialization/tree/master/docs

Uses Knit to check code examples: https://github.com/Kotlin/kotlinx-knit/

Is it the NGAC used? Execute only the properties in the policy point, rather than reading the property values of users and objects from the database to make judgments, so that there are no performance issues.

A t least give some guidance on how to test, and possibly some testing tools.

The code in the core library isn't JVM specific and could be turned into multiplatform.

In order to do that you should update the kotlin version (1.9.21) and then change the build.gradle of the core to:

kotlin {
    targetHierarchy.default()

    jvm()
    ios()
    iosSimulatorArm64()

    sourceSets {
...

The targetHierarchy.default() allows the commonMain code to be builded separatedely.

The only problem is in the commonTest. It has two JVM specific libraries as dependencies: assertk and mockk. The first is easy to remove, we can use the set of assert functions provided by kotlin.test. Mockk is trickier. We could move the tests into the sourceSet jvmTest or we could replace mockk with a multiplatform mock library, such as mockative.

At the moment the second operand accessors for expressions is like 'subjectVal("Blah")'. It would be better as just subject("Blah"). I think kotlin DSL scoping tools can fix this.

Or if it is not possible to have the same keyword in both contexts in the scope, then when a policy is built they are all validated to check that the mistake has not been made.

On the springboot, when a user accesses /books/list, I need to filter books data according to the data_scope range data of the currently logged in user and the category value of books. Please ask how to do this. Please give some collective examples. Thank you very much!

USER：

user | dept | data_scope
admin | 1 | [,]
Tom | 1 | [1,2,3]
Sim | 2 | [1,2]
Kat | 3 | null

BOOKS：

id | name | category
1 | book1 | 1
2 | book2 | 1
3 | Book3 | 2
4 | book4 | 3
5 | book5 | 4
6 | book6 | 5

when user admin to access the api /books/list, can visible all data，return the data:

id | name | category
1 | book1 | 1
2 | book2 | 1
3 | Book3 | 2
4 | book4 | 3
5 | book5 | 4
6 | book6 | 5

when user Tom to access the api /books/list, books.category in user.data_scope, return the data:
id | name | category
1 | book1 | 1
2 | book2 | 1
3 | Book3 | 2
4 | book4 | 3

when user Sim to access the api /books/list, books.category in user.data_scope, return the data:
id | name | category
1 | book1 | 1
2 | book2 | 1
3 | Book3 | 2

when user Kat to access the api /books/list, user.data_scope is null, return the exception:
“access denied，missing permissions”

How to implement the above requirements in MVC and oauth2 environment? Please give some practical examples. Thank you very much!

I'm following the docs, but I can't see how to make a new instance of AttributeType, because it's an enum

https://warden-kotlin.netlify.app/attributes/#hasattributes-and-attributetype

val USER_TYPE = AttributeType(
    type = "USER",
    typeKeyword = "authType"
)

I get an error when compiling with 'policies' defined as a static variable

This might be related to kapt?

I'm using Kotlin/JVM 1.7.0 and Warden 0.1.0

This code causes the error:

import codes.laurence.warden.policy.boolean.allOf

val policies = listOf(
    // Any User can read any Article
    allOf {
        resource("type") equalTo "Article"
        action("type") equalTo "READ"
    },
)

fun main() {
}

This is the generated code. It thinks that 'boolean' is an identifier.

import java.lang.System;
@kotlin.Metadata(mv = {1, 7, 1}, k = 2, d1 = {"\u0000\u0014\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0000\u001a\u0006\u0010\u0005\u001a\u00020\u0006\"\u0017\u0010\u0000\u001a\b\u0012\u0004\u0012\u00020\u00020\u0001\u00a2\u0006\b\n\u0000\u001a\u0004\b\u0003\u0010\u0004\u00a8\u0006\u0007"}, d2 = {"policies", "", "Lcodes/laurence/warden/policy/boolean/AllOf;", "getPolicies", "()Ljava/util/List;", "main", "", "application-core"})
public final class MainKt {
    @org.jetbrains.annotations.NotNull()
    private static final java.util.List<codes.laurence.warden.policy.boolean.AllOf> policies = null;
    
    @org.jetbrains.annotations.NotNull()
    public static final java.util.List<codes.laurence.warden.policy.boolean.AllOf> getPolicies() {
        return null;
    }
    
    public static final void main() {
    }
}

.../service/application-core/build/tmp/kapt3/stubs/main/MainKt.java:7: error: <identifier> expected
    private static final java.util.List<codes.laurence.warden.policy.boolean.AllOf> policies = null;
                                                                     ^

See also

• I made an issue for kapt: https://youtrack.jetbrains.com/issue/KT-53200

Give some example projects

Write a guide for contributions and pull requests

Good starting article on how to configure -> https://blog.jetbrains.com/kotlin/2021/11/gradle-jvm-toolchain-support-in-the-kotlin-plugin/

Provide an InformationPoint of InformationPoints.

Should take a collection of InformationPoints in the constructor and apply all of them to a given access request.

Allow provision of expected Data Classes to define structure of properties.

This will be used to validate policies, and for submitting Objects for decision points.

Thanks！

When we have another exception or status code, ktor plugin should not forbid

Hi, would you be interested in publishing this library on Maven Central?

I've recently published a Kotlin Multiplatform library so I would be able to help as there are a few 'gotchas'

Enrich the base query first, then enrich resource specific queries.