Liking cljdoc? Tell your friends :D

trident.datomic-cloud.txauth

Functions for authorizing arbitrary transactions

Functions for authorizing arbitrary transactions
raw docstring

authorizeclj

(authorize db authorizers uid tx)

Authorizes a transaction tx ran by the user uid.

Returns transaction data if successful, throws an exception otherwise. authorizers is the fully-qualified symbol of a var containing your authorization model, e.g. 'your.namespace/authorizers:

(ns your.namespace)

(clojure.spec.alpha/def ::message
  (trident.util.datomic/ent-keys [:message/text :message/sender]))

(def authorizers
  {[nil ::message]
   (fn [{:keys [uid eid datoms db-before db-after before after]}]
     (not-empty
       (datomic.client.api/q
         '[:find ?e :in $ ?e ?user :where [?e :message/sender ?user]]
         db-after eid [:user/uid uid])))})

This value of authorizers will allow a user to create a message entity as long as they are listed as the sender of that message.

authorizers is a map from entity "signatures" to authorizer functions. The authorizer function takes information about a single entity that was changed in the transaction, returning true if the change should be allowed. A transaction will be authorized only if each entity changed by the transaction is authorized by at least one authorizor function.

The entity must also match the authorizor function's signature. A signature is a pair of specs that are matched by a particular entity before and after the transaction, respectively. nil means that the entity does not exist. So in the example, [nil ::message] means that the entity is being created (i.e. it didn't exist before the transaction) and that it has exactly two keys: :message/text and :message/sender (see trident.util.datomic/ent-keys).

The authorizer function takes the following parameters:

  • uid: same as the uid passed to authorize. It should be the ID of the user making the transaction, or nil if the user is unauthenticated.

  • eid: the ID of the entity being authorized.

  • datoms: the datoms in :tx-data from the transaction result that belong to this entity.

  • db-before and db-after: same as in the transaction result.

  • before and after: the results of pulling the entity before and after the transaction, respectively; or nil if the entity doesn't exist.

Authorizes a transaction `tx` ran by the user `uid`.

Returns transaction data if successful, throws an exception otherwise.
`authorizers` is the fully-qualified symbol of a var containing your
authorization model, e.g. `'your.namespace/authorizers`:
```
(ns your.namespace)

(clojure.spec.alpha/def ::message
  (trident.util.datomic/ent-keys [:message/text :message/sender]))

(def authorizers
  {[nil ::message]
   (fn [{:keys [uid eid datoms db-before db-after before after]}]
     (not-empty
       (datomic.client.api/q
         '[:find ?e :in $ ?e ?user :where [?e :message/sender ?user]]
         db-after eid [:user/uid uid])))})
```
This value of `authorizers` will allow a user to create a message entity as
long as they are listed as the sender of that message.

`authorizers` is a map from entity "signatures" to authorizer functions. The
authorizer function takes information about a single entity that was changed
in the transaction, returning true if the change should be allowed. A
transaction will be authorized only if each entity changed by the transaction
is authorized by at least one authorizor function.

The entity must also match the authorizor function's signature. A signature is
a pair of specs that are matched by a particular entity before and after the
transaction, respectively. `nil` means that the entity does not exist. So in
the example, `[nil ::message]` means that the entity is being created (i.e.
it didn't exist before the transaction) and that it has exactly two keys:
`:message/text` and `:message/sender` (see [[trident.util.datomic/ent-keys]]).

The authorizer function takes the following parameters:

 - `uid`: same as the `uid` passed to `authorize`. It should be the ID of the
   user making the transaction, or `nil` if the user is unauthenticated.

 - `eid`: the ID of the entity being authorized.

 - `datoms`: the datoms in `:tx-data` from the transaction result that belong
   to this entity.

 - `db-before` and `db-after`: same as in the transaction result.

 - `before` and `after`: the results of `pull`ing the entity before and after
   the transaction, respectively; or `nil` if the entity doesn't exist.
sourceraw docstring

ent-valid?clj

(ent-valid? db spec ent)

Returns true if ent matches spec. Entities referenced by ent must also match their respective keys' specs.

Returns true if `ent` matches `spec`.
Entities referenced by `ent` must also match their respective keys' specs.
sourceraw docstring

handlerclj

(handler {:keys [allowed conn authorizers uid]
          {tx :tx} :params
          :or {allowed #{}}
          :as req})

A ring handler for authorizing and running transactions.

To use handler, you must include :allow [trident.datomic-cloud.txauth/authorize ...] in your ion-config.edn file.

Parameters:

  • conn: a Datomic connection
  • tx: a Datomic transaction
  • uid and authorizers: see authorize.
  • allowed: set of fully-qualified symbols, denoting transaction functions that the user is allowed to include in their transaction.

If authorized, returns a ring response with the value of :tempids from the transaction result in the body (as EDN). Returns a 403 response otherwise.

Datomic EIDs in the response are wrapped in a tagged literal, e.g. 123 becomes #trident/eid "123". See trident.datascript/transact!. handler assumes that any EIDs in tx are normal longs, not tagged literals. To this end, you may want to include {trident/eid trident.util/parse-int} in your data_readers.clj file.

A ring handler for authorizing and running transactions.

To use `handler`, you must include `:allow [trident.datomic-cloud.txauth/authorize
...]` in your `ion-config.edn` file.

Parameters:
- `conn`: a Datomic connection
- `tx`: a Datomic transaction
- `uid` and `authorizers`: see [[authorize]].
- `allowed`: set of fully-qualified symbols, denoting transaction functions
  that the user is allowed to include in their transaction.

If authorized, returns a ring response with the value of `:tempids` from the
transaction result in the body (as EDN). Returns a 403 response otherwise.

Datomic EIDs in the response are wrapped in a tagged literal, e.g. `123`
becomes `#trident/eid "123"`. See [[trident.datascript/transact!]].
`handler` assumes that any EIDs in `tx` are normal `long`s, not tagged
literals. To this end, you may want to include `{trident/eid
trident.util/parse-int}` in your `data_readers.clj` file.
sourceraw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close