{
:authorization
{:authorize (fn [ctx authentication _]
…)
:custom/data 123}
}
Authorization is the act of allowing a user access to a resource.
This may require knowledge about the user only (for example, in Role-based access control) or may (additionally) depend on properties of the resource identified by the HTTP request’s URI (as part of an Attribute-based access control authorization scheme). In either case, we assume that the user has already been authenticated, and we are confident that their credentials are genuine.
In yada, the resource’s properties are determined prior to the authorization step, since it may be necessary to use these properties in the authorization decision.
Authorization can be declared on a resource using an :authorization
entry:
{
:authorization
{:authorize (fn [ctx authentication _]
…)
:custom/data 123}
}
:authorize
functionThe :authorize
function takes 3 arguments:
the yada context.
the :authentication
entry of the yada context — this can be established by an :authenticate
function or other means.
the authorization entry, which might contain extra declared data on a per-resource basis which may be used in determining the authorization.
The :authorize
function MUST return one of the following:
A truthy value, indicating successful authorization, which will be bound to the yada context as the :authorization
entry.
Nil, indicating access will not be granted to the resource. No :authorization
entry is bound to the yada context.
The yada context, augmented as appropriate with a :authorization
entry.
If no :authorize
function is specified then, by default, the following rules are applied:
If there are no authentication schemes declared on the resource, access is granted.
If there is at least one authentication scheme, and no credentials have been supplied, then access is denied.
If no extra data beyond the :authorize
function needs to be declared, then as a shorthand, the :authorize
function can be specifed at the top-level:
{
:authorize (fn [ctx creds] …)
}
Since there is no extra authorization data in this case, the function only takes two arguments, since the third argument is not needed.
Can you improve this documentation?Edit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close