Show we allow changes to be made to permissions belonging to the Admin group? By default this is disabled to
prevent accidental tragedy, but you can enable it here when creating the default entry for Admin
.
Show we allow changes to be made to permissions belonging to the Admin group? By default this is disabled to prevent accidental tragedy, but you can enable it here when creating the default entry for `Admin`.
Show we allow permissions entries like /
? By default, this is disallowed, but you can temporarily disable it here
when creating the default entry for Admin
.
Show we allow permissions entries like `/`? By default, this is disallowed, but you can temporarily disable it here when creating the default entry for `Admin`.
(adhoc-native-query-path database-or-id)
Inputs: [database-or-id :- MapOrID] Returns: ObjectPath
Return the native query read/write permissions path for a database. This grants you permissions to run arbitary native queries.
Inputs: [database-or-id :- MapOrID] Returns: ObjectPath Return the native query read/write permissions path for a database. This grants you permissions to run arbitary native queries.
(all-schemas-path database-or-id)
Inputs: [database-or-id :- MapOrID] Returns: ObjectPath
Return the permissions path for a database that grants full access to all schemas.
Inputs: [database-or-id :- MapOrID] Returns: ObjectPath Return the permissions path for a database that grants full access to all schemas.
(check-revision-numbers old-graph new-graph)
Check that the revision number coming in as part of NEW-GRAPH matches the one from OLD-GRAPH. This way we can make sure people don't submit a new graph based on something out of date, which would otherwise stomp over changes made in the interim. Return a 409 (Conflict) if the numbers don't match up.
Check that the revision number coming in as part of NEW-GRAPH matches the one from OLD-GRAPH. This way we can make sure people don't submit a new graph based on something out of date, which would otherwise stomp over changes made in the interim. Return a 409 (Conflict) if the numbers don't match up.
(collection-read-path collection-or-id)
Inputs: [collection-or-id :- MapOrID] Returns: ObjectPath
Return the permissions path for read access for a collection-or-id
.
Inputs: [collection-or-id :- MapOrID] Returns: ObjectPath Return the permissions path for *read* access for a `collection-or-id`.
(collection-readwrite-path collection-or-id)
Inputs: [collection-or-id :- MapOrID] Returns: ObjectPath
Return the permissions path for readwrite access for a collection-or-id
.
Inputs: [collection-or-id :- MapOrID] Returns: ObjectPath Return the permissions path for *readwrite* access for a `collection-or-id`.
(grant-collection-read-permissions! group-or-id collection-or-id)
Grant read access to a Collection, which means a user can view all Cards in the Collection.
Grant read access to a Collection, which means a user can view all Cards in the Collection.
(grant-collection-readwrite-permissions! group-or-id collection-or-id)
Grant full access to a Collection, which means a user can view all Cards in the Collection and add/remove Cards.
Grant full access to a Collection, which means a user can view all Cards in the Collection and add/remove Cards.
(grant-full-db-permissions! group-or-id database-or-id)
Grant full access to the database, including all schemas and readwrite native access.
Grant full access to the database, including all schemas and readwrite native access.
(grant-native-readwrite-permissions! group-or-id database-or-id)
Grant full readwrite permissions for group-or-id
to database with database-id
.
Grant full readwrite permissions for `group-or-id` to database with `database-id`.
(grant-permissions! group-or-id path)
(grant-permissions! group-or-id db-id schema & more)
Grant permissions to group-or-id
to an object.
Grant permissions to `group-or-id` to an object.
(grant-permissions-for-all-schemas! group-or-id database-or-id)
Grant full permissions for all schemas belonging to this database.
This does not grant native permissions; use grant-native-readwrite-permissions!
to do that.
Grant full permissions for all schemas belonging to this database. This does *not* grant native permissions; use `grant-native-readwrite-permissions!` to do that.
(graph)
Inputs: [] Returns: PermissionsGraph
Fetch a graph representing the current permissions status for every Group and all permissioned databases.
Inputs: [] Returns: PermissionsGraph Fetch a graph representing the current permissions status for every Group and all permissioned databases.
Implementation of IObjectPermissions
for objects that have a collection_id
, and thus, a parent Collection.
Using this will mean the current User is allowed to read or write these objects if they are allowed to read or
write their parent Collection.
Implementation of `IObjectPermissions` for objects that have a `collection_id`, and thus, a parent Collection. Using this will mean the current User is allowed to read or write these objects if they are allowed to read or write their parent Collection.
(is-partial-permissions-for-object? permissions-path object-path)
Does PERMISSIONS-PATH grant access full access for OBJECT-PATH or for a descendant of OBJECT-PATH?
Does PERMISSIONS-PATH grant access full access for OBJECT-PATH *or* for a descendant of OBJECT-PATH?
(is-permissions-for-object? permissions-path object-path)
Does PERMISSIONS-PATH grant full access for OBJECT-PATH?
Does PERMISSIONS-PATH grant *full* access for OBJECT-PATH?
(is-permissions-set? permissions-set)
Is PERMISSIONS-SET a valid set of permissions object paths?
Is PERMISSIONS-SET a valid set of permissions object paths?
(log-permissions-changes old new)
Log changes to the permissions graph.
Log changes to the permissions graph.
(object-path database-or-id)
(object-path database-or-id schema-name)
(object-path database-or-id schema-name table-or-id)
Inputs: ([database-or-id :- MapOrID] [database-or-id :- MapOrID schema-name :- (s/maybe s/Str)] [database-or-id :- MapOrID schema-name :- (s/maybe s/Str) table-or-id :- MapOrID]) Returns: ObjectPath
Return the [readwrite] permissions path for a Database, schema, or Table. (At the time of this writing, DBs and
schemas don't have separate read/
and write permissions; you either have 'data access' permissions for them, or
you don't. Tables, however, have separate read and write perms.)
Inputs: ([database-or-id :- MapOrID] [database-or-id :- MapOrID schema-name :- (s/maybe s/Str)] [database-or-id :- MapOrID schema-name :- (s/maybe s/Str) table-or-id :- MapOrID]) Returns: ObjectPath Return the [readwrite] permissions path for a Database, schema, or Table. (At the time of this writing, DBs and schemas don't have separate `read/` and write permissions; you either have 'data access' permissions for them, or you don't. Tables, however, have separate read and write perms.)
Schema for a valid permissions path to an object.
Schema for a valid permissions path to an object.
(Permissions)
(Permissions id)
(Permissions & kvs)
Entity for 'permissions' table; instance of PermissionsInstance.
Entity for 'permissions' table; instance of PermissionsInstance.
(perms-objects-set-for-parent-collection this read-or-write)
Inputs: [this :- {:collection_id (s/maybe su/IntGreaterThanZero), s/Keyword s/Any} read-or-write :- (s/enum :read :write)] Returns: #{ObjectPath}
Implementation of IModel
perms-objects-set
for models with a collection_id
, such as Card, Dashboard, or Pulse.
This simply returns the perms-objects-set
of the parent Collection (based on collection_id
), or for the Root
Collection if collection_id
is nil
.
Inputs: [this :- {:collection_id (s/maybe su/IntGreaterThanZero), s/Keyword s/Any} read-or-write :- (s/enum :read :write)] Returns: #{ObjectPath} Implementation of `IModel` `perms-objects-set` for models with a `collection_id`, such as Card, Dashboard, or Pulse. This simply returns the `perms-objects-set` of the parent Collection (based on `collection_id`), or for the Root Collection if `collection_id` is `nil`.
(revoke-collection-permissions! group-or-id collection-or-id)
Revoke all access for group-or-id
to a Collection.
Revoke all access for `group-or-id` to a Collection.
(revoke-db-schema-permissions! group-or-id database-or-id)
Remove all permissions entires for a DB and any child objects.
This does not revoke native permissions; use revoke-native-permssions!
to do that.
Remove all permissions entires for a DB and *any* child objects. This does *not* revoke native permissions; use `revoke-native-permssions!` to do that.
(revoke-native-permissions! group-or-id database-or-id)
Revoke all native query permissions for group-or-id
to database with database-id
.
Revoke all native query permissions for `group-or-id` to database with `database-id`.
(revoke-permissions! group-id database-or-id)
(revoke-permissions! group-id database-or-id schema-name)
(revoke-permissions! group-id database-or-id schema-name table-or-id)
Revoke all permissions for group-or-id
to object with path-components
, including related permissions (i.e,
permissions that grant full or partial access to the object in question).
(revoke-permissions! my-group my-db)
Revoke all permissions for `group-or-id` to object with `path-components`, *including* related permissions (i.e, permissions that grant full or partial access to the object in question). (revoke-permissions! my-group my-db)
(set-has-full-permissions-for-set? permissions-set object-paths-set)
Inputs: [permissions-set :- #{UserPath} object-paths-set :- #{ObjectPath}] Returns: s/Bool
Do the permissions paths in PERMISSIONS-SET grant full access to all the object paths in OBJECT-PATHS-SET?
Inputs: [permissions-set :- #{UserPath} object-paths-set :- #{ObjectPath}] Returns: s/Bool Do the permissions paths in PERMISSIONS-SET grant *full* access to all the object paths in OBJECT-PATHS-SET?
(set-has-full-permissions? permissions-set path)
Does PERMISSIONS-SET grant full access to object with PATH?
Does PERMISSIONS-SET grant *full* access to object with PATH?
(set-has-partial-permissions-for-set? permissions-set object-paths-set)
Inputs: [permissions-set :- #{UserPath} object-paths-set :- #{ObjectPath}] Returns: s/Bool
Do the permissions paths in PERMISSIONS-SET grant partial access to all the object paths in OBJECT-PATHS-SET? (PERMISSIONS-SET must grant partial access to every object in OBJECT-PATH-SETS set).
Inputs: [permissions-set :- #{UserPath} object-paths-set :- #{ObjectPath}] Returns: s/Bool Do the permissions paths in PERMISSIONS-SET grant *partial* access to all the object paths in OBJECT-PATHS-SET? (PERMISSIONS-SET must grant partial access to *every* object in OBJECT-PATH-SETS set).
(set-has-partial-permissions? permissions-set path)
Does PERMISSIONS-SET grant access full access to object with PATH or to a descendant of it?
Does PERMISSIONS-SET grant access full access to object with PATH *or* to a descendant of it?
(update-graph! new-graph)
(update-graph! ks new-value)
Inputs: ([new-graph :- StrictPermissionsGraph] [ks :- [s/Any] new-value])
Update the permissions graph, making any changes necessary to make it match NEW-GRAPH.
This should take in a graph that is exactly the same as the one obtained by graph
with any changes made as
needed. The graph is revisioned, so if it has been updated by a third party since you fetched it this function will
fail and return a 409 (Conflict) exception. If nothing needs to be done, this function returns nil
; otherwise it
returns the newly created PermissionsRevision
entry.
Inputs: ([new-graph :- StrictPermissionsGraph] [ks :- [s/Any] new-value]) Update the permissions graph, making any changes necessary to make it match NEW-GRAPH. This should take in a graph that is exactly the same as the one obtained by `graph` with any changes made as needed. The graph is revisioned, so if it has been updated by a third party since you fetched it this function will fail and return a 409 (Conflict) exception. If nothing needs to be done, this function returns `nil`; otherwise it returns the newly created `PermissionsRevision` entry.
Schema for a valid permissions path that a user might possess in their *current-user-permissions-set*
. This is the
same as what's allowed for ObjectPath
but also includes root permissions, which admins will have.
Schema for a valid permissions path that a user might possess in their `*current-user-permissions-set*`. This is the same as what's allowed for `ObjectPath` but also includes root permissions, which admins will have.
(valid-object-path? object-path)
Does OBJECT-PATH follow a known, allowed format to an object?
(The root path, "/", is not considered an object; this returns false
for it).
Does OBJECT-PATH follow a known, allowed format to an *object*? (The root path, "/", is not considered an object; this returns `false` for it).
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close