lgwillmore / warden Goto Github PK
View Code? Open in Web Editor NEWKotlin Attribute Based Access Control
License: MIT License
Kotlin Attribute Based Access Control
License: MIT License
Let an enforcment point filter a collection of resources
Allow for nested complex map rule querying? Maybe? Or should properties just be flattened into the top level?
Move to simpler and code checked documentation.
Example: https://github.com/Kotlin/kotlinx.serialization/tree/master/docs
Uses Knit to check code examples: https://github.com/Kotlin/kotlinx-knit/
Is it the NGAC used? Execute only the properties in the policy point, rather than reading the property values of users and objects from the database to make judgments, so that there are no performance issues.
A t least give some guidance on how to test, and possibly some testing tools.
The code in the core library isn't JVM specific and could be turned into multiplatform.
In order to do that you should update the kotlin version (1.9.21) and then change the build.gradle of the core to:
kotlin {
targetHierarchy.default()
jvm()
ios()
iosSimulatorArm64()
sourceSets {
...
The targetHierarchy.default()
allows the commonMain code to be builded separatedely.
The only problem is in the commonTest. It has two JVM specific libraries as dependencies: assertk and mockk. The first is easy to remove, we can use the set of assert functions provided by kotlin.test. Mockk is trickier. We could move the tests into the sourceSet jvmTest or we could replace mockk with a multiplatform mock library, such as mockative.
At the moment the second operand accessors for expressions is like 'subjectVal("Blah")'. It would be better as just subject("Blah"). I think kotlin DSL scoping tools can fix this.
Or if it is not possible to have the same keyword in both contexts in the scope, then when a policy is built they are all validated to check that the mistake has not been made.
On the springboot, when a user accesses /books/list, I need to filter books data according to the data_scope range data of the currently logged in user and the category value of books. Please ask how to do this. Please give some collective examples. Thank you very much!
USER:
user | dept | data_scope
admin | 1 | [,]
Tom | 1 | [1,2,3]
Sim | 2 | [1,2]
Kat | 3 | null
BOOKS:
id | name | category
1 | book1 | 1
2 | book2 | 1
3 | Book3 | 2
4 | book4 | 3
5 | book5 | 4
6 | book6 | 5
when user admin to access the api /books/list, can visible all data,return the data:
id | name | category
1 | book1 | 1
2 | book2 | 1
3 | Book3 | 2
4 | book4 | 3
5 | book5 | 4
6 | book6 | 5
when user Tom to access the api /books/list, books.category in user.data_scope, return the data:
id | name | category
1 | book1 | 1
2 | book2 | 1
3 | Book3 | 2
4 | book4 | 3
when user Sim to access the api /books/list, books.category in user.data_scope, return the data:
id | name | category
1 | book1 | 1
2 | book2 | 1
3 | Book3 | 2
when user Kat to access the api /books/list, user.data_scope is null, return the exception:
“access denied,missing permissions”
How to implement the above requirements in MVC and oauth2 environment? Please give some practical examples. Thank you very much!
I'm following the docs, but I can't see how to make a new instance of AttributeType
, because it's an enum
https://warden-kotlin.netlify.app/attributes/#hasattributes-and-attributetype
val USER_TYPE = AttributeType(
type = "USER",
typeKeyword = "authType"
)
I get an error when compiling with 'policies' defined as a static variable
This might be related to kapt?
I'm using Kotlin/JVM 1.7.0 and Warden 0.1.0
This code causes the error:
import codes.laurence.warden.policy.boolean.allOf
val policies = listOf(
// Any User can read any Article
allOf {
resource("type") equalTo "Article"
action("type") equalTo "READ"
},
)
fun main() {
}
This is the generated code. It thinks that 'boolean' is an identifier.
import java.lang.System;
@kotlin.Metadata(mv = {1, 7, 1}, k = 2, d1 = {"\u0000\u0014\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0000\u001a\u0006\u0010\u0005\u001a\u00020\u0006\"\u0017\u0010\u0000\u001a\b\u0012\u0004\u0012\u00020\u00020\u0001\u00a2\u0006\b\n\u0000\u001a\u0004\b\u0003\u0010\u0004\u00a8\u0006\u0007"}, d2 = {"policies", "", "Lcodes/laurence/warden/policy/boolean/AllOf;", "getPolicies", "()Ljava/util/List;", "main", "", "application-core"})
public final class MainKt {
@org.jetbrains.annotations.NotNull()
private static final java.util.List<codes.laurence.warden.policy.boolean.AllOf> policies = null;
@org.jetbrains.annotations.NotNull()
public static final java.util.List<codes.laurence.warden.policy.boolean.AllOf> getPolicies() {
return null;
}
public static final void main() {
}
}
.../service/application-core/build/tmp/kapt3/stubs/main/MainKt.java:7: error: <identifier> expected
private static final java.util.List<codes.laurence.warden.policy.boolean.AllOf> policies = null;
^
Give some example projects
Write a guide for contributions and pull requests
Good starting article on how to configure -> https://blog.jetbrains.com/kotlin/2021/11/gradle-jvm-toolchain-support-in-the-kotlin-plugin/
Provide an InformationPoint of InformationPoints.
Should take a collection of InformationPoints in the constructor and apply all of them to a given access request.
Allow provision of expected Data Classes to define structure of properties.
This will be used to validate policies, and for submitting Objects for decision points.
Thanks!
When we have another exception or status code, ktor plugin should not forbid
Hi, would you be interested in publishing this library on Maven Central?
I've recently published a Kotlin Multiplatform library so I would be able to help as there are a few 'gotchas'
Enrich the base query first, then enrich resource specific queries.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.