Skip to content

Instantly share code, notes, and snippets.

@jebberjeb

jebberjeb/access-logic.clj

Last active August 29, 2015 14:10
Show Gist options
  • Save jebberjeb/7a14d83344e4147f8f09 to your computer and use it in GitHub Desktop.
Save jebberjeb/7a14d83344e4147f8f09 to your computer and use it in GitHub Desktop.
Download ZIP
[TAKE 3] Rough cut at using core.logic to figure out user->roles->privileges access concerns.
Raw
access-logic.clj
(ns access.core
(:refer-clojure :exclude [==])
(:require [clojure.core.logic :refer :all]))
(def all-priv [:smart-controls :view-all-reports :admin :foo :bar])
(def all-roles [{:name :admin :privs priv}
{:name :reporting :privs [:view-all-reports]}
{:name :store :privs [:smart-controls :view-all-reports]}
{:name :foo-role :privs [:foo :bar]}])
(def all-users [{:login "admin" :roles [:admin]}
{:login "jeb" :roles [:reporting :foo-role]}
{:login "eric" :roles [:store]}])
;; 1. Who has access to _ ?
;; 2. Does _ have access to _ ?
;; 3. What does _ have access to ?
;; TODO should all-users and all-roles be params?
(defn accesso [priv login]
"(from the users) login has priv"
(fresh [?user ?role-names ?role-name ?privs ?role]
(== {:login login :roles ?role-names} ?user)
(membero ?user all-users)
(membero ?role-name ?role-names)
(== {:name ?role-name :privs ?privs} ?role)
(membero ?role all-roles)
(membero priv ?privs)))
;; Get logins that have access to :foo (1)
(run* [q] (accesso :foo q)) ;=> ("admin" "jeb")
;; Does _ have access to :foo? (2)
(run* [q] (accesso :foo "eric")) ;=> ()
(run* [q] (accesso :foo "jeb")) ;=> (_0)
;; What does eric have access to? (3)
(run* [q] (accesso q "eric")) ;=> (:smart-controls :view-all-reports)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment