| 123456789101112131415161718192021222324252627282930313233343536373839404142434445 |
- -module(kvs_acl).
- %%-copyright('Synrc Research Center s.r.o.').
- -include_lib("kvs/include/kvs.hrl").
- -include_lib("kvs/include/metainfo.hrl").
- -include_lib("kvs/include/acl.hrl").
- -include_lib("kvs/include/user.hrl").
- -export([
- metainfo/0,
- define_access/3,
- check/1,
- check_access/2
- ]).
- metainfo() ->
- #schema{name=kvs,tables=[
- #table{name=acl,container=true,fields=record_info(fields,acl),keys=[id,accessor]},
- #table{name=access,container=acl,fields=record_info(fields,access)}
- ]}.
- define_access(Accessor, Resource, Action) ->
- Entry = #access{ id={Accessor, Resource}, accessor=Accessor, action=Action},
- case kvs:add(Entry) of
- {error, exist} -> kvs:put(Entry#access{action=Action});
- {error, no_container} -> skip;
- {ok, E} -> E end.
- check(Keys) ->
- Acls = [Acl || {ok, Acl = #access{}} <- [kvs:get(access, Key) || Key <- Keys]],
- case Acls of
- [] -> none;
- [#access{action = Action} | _] -> Action end.
- check_access(#user{id = Id}, Feature) ->
- Query = [ {{user,Id},Feature} ],
- check(Query);
- check_access(Id, Feature) ->
- case kvs:get(user, Id) of
- {ok, User} -> check_access(User, Feature);
- E -> E end.
|
