Functions that provide all aspects of access control of specomatic.db: Permissions, access predicates and associated SQL views.
Functions that provide all aspects of access control of specomatic.db: Permissions, access predicates and associated SQL views.
(allowed-all? user verb etype)
Checks if the user can do what the verb describes with all entities of this type
Checks if the user can do what the verb describes with all entities of this type
(allowed-condition? schema condition permissions)
Checks if the condition is allowed.
Checks if the condition is allowed.
(allowed-some? user verb etype)
Checks if the user can do what the verb describes with some entities of this type
Checks if the user can do what the verb describes with some entities of this type
(allowed? user verb etype entity)
Checks if the user can do what the verb describes with this entity of this type
Checks if the user can do what the verb describes with this entity of this type
(check-query-arguments env fields conditions)
Returns true if arguments to specomation.core/query
are allowed, throws exceptions if not.
Returns true if arguments to `specomation.core/query` are allowed, throws exceptions if not.
(concatenate-extra-conditions env fields conditions)
Appends extra conditions to conditions
restricting read access according to access control permissions.
Appends extra conditions to `conditions` restricting read access according to access control permissions.
(conditions-snippet schema etypes permissions verb user-info)
Returns a snippet / sqlvec suitable for composing with a HugSQL statement
Returns a snippet / sqlvec suitable for composing with a HugSQL statement
(ensure-views-exist! db config)
Ensures an access control view exists in the database for every entity in the entity-schema and every predicate in predicates
Ensures an access control view exists in the database for every entity in the entity-schema and every predicate in predicates
(etypes-extra-conditions schema
etypes
permissions
verb
{:keys [user-id user-etype]})
Returns a vector of extra HoneySQL conditions that need to be applied when retrieving the etypes
for the user with user-id
and permissions
.
Returns a vector of extra HoneySQL conditions that need to be applied when retrieving the `etypes` for the user with `user-id` and `permissions`.
(fields-allowed? schema fields permissions)
Checks if the permissions
give read access to all fields
.
Checks if the `permissions` give read access to all `fields`.
(fields-extra-read-conditions schema fields permissions user-id user-etype)
Returns a sequence of extra HoneySQL conditions that need to be applied when retrieving the fields
for the user with user-id
and permissions
.
Returns a sequence of extra HoneySQL conditions that need to be applied when retrieving the `fields` for the user with `user-id` and `permissions`.
(fields-forbidden-entities schema fields permissions)
Returns the seql entities that occur in fields
and are forbidden to read given the permissions
.
Returns the seql entities that occur in `fields` and are forbidden to read given the `permissions`.
(forbidden-conditions schema conditions permissions)
Returns a sequence of forbidden conditions in the HoneySQL conditions vector conditions
(recursive), nil if none are forbidden.
Returns a sequence of forbidden conditions in the HoneySQL conditions vector `conditions` (recursive), nil if none are forbidden.
(may-read-some? etype permissions)
Checks if the given permissions allow read access to some entities of this type
Checks if the given permissions allow read access to some entities of this type
(root? user)
Checks if user
is a root user.
Checks if `user` is a root user.
(sufficient-predicates etype verb permissions)
Returns a set of predicates where if any one is true for an entity of this type then it may be verb
ed given the permissions
Returns a set of predicates where if any one is true for an entity of this type then it may be `verb`ed given the permissions
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close