1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
-module(ataxia_security).
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% TYPES %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-type named_user() :: {'user', any()}.
-type user() :: (named_user() | 'admin' | 'any' | 'janitor').
-type permission() :: ordsets:ordset(user()).
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% EXPORTS %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-export_type([user/0, permission/0]).
-export([janitor/0, any/0, admin/0, user_from_id/1]).
-export
(
[
add_access/2,
remove_access/2,
allow_only/1,
allow/1,
allow_any/0,
allow_none/0
]
).
-export([can_access/2]).
-export
(
[
user_to_json/2,
permission_to_json/2,
user_from_json/2,
permission_from_json/2
]
).
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% LOCAL FUNCTIONS %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% EXPORTED FUNCTIONS %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-spec add_access (user(), permission()) -> permission().
add_access (User, Permission) ->
ordsets:add_element(User, Permission).
-spec remove_access (user(), permission()) -> permission().
remove_access (User, Permission) ->
ordsets:del_element(User, Permission).
-spec allow_only (user()) -> permission().
allow_only (User) ->
ordsets:add_element(User, ordsets:new()).
-spec allow (list(user())) -> permission().
allow (Users) -> ordsets:from_list(Users).
-spec allow_any () -> permission().
allow_any () ->
ordsets:add_element(any(), ordsets:new()).
-spec allow_none () -> permission().
allow_none () -> ordsets:new().
-spec user_from_id (any()) -> user().
user_from_id (ID) -> {user, ID}.
-spec janitor () -> user().
janitor () -> janitor.
-spec any () -> user().
any () -> any.
-spec admin () -> user().
admin () -> admin.
-spec can_access (user(), permission()) -> boolean().
can_access (User, Permission) ->
case User of
admin -> true;
janitor -> ordsets:is_element(User, Permission);
_ ->
(
ordsets:is_element(any, Permission)
or ordsets:is_element(User, Permission)
)
end.
-spec user_to_json (fun((user()) -> binary()), user()) -> any().
user_to_json (_UserEncoder, admin) -> <<"admin">>;
user_to_json (_UserEncoder, janitor) -> <<"janitor">>;
user_to_json (_UserEncoder, any) -> <<"any">>;
user_to_json (UserEncoder, {user, User}) ->
Prefix = <<"u_">>,
EncodedUser = UserEncoder(User),
<<Prefix/binary, EncodedUser/binary>>.
-spec permission_to_json (fun((user()) -> binary()), permission()) -> any().
permission_to_json (UserEncoder, Permission) ->
lists:map(fun (User) -> user_to_json(UserEncoder, User) end, Permission).
-spec user_from_json (fun((binary()) -> user()), binary()) -> user().
user_from_json (_UserDecoder, <<"admin">>) -> admin;
user_from_json (_UserDecoder, <<"janitor">>) -> janitor;
user_from_json (_UserDecoder, <<"any">>) -> any;
user_from_json (UserDecoder, EncodedUser) ->
PrefixSize = byte_size(<<"u_">>),
EncodedUserSize = byte_size(EncodedUser),
NoPrefixEncodedUser =
binary:part(EncodedUser, {PrefixSize, (EncodedUserSize - PrefixSize)}),
{user, UserDecoder(NoPrefixEncodedUser)}.
-spec permission_from_json
(
fun((user()) -> binary()),
permission()
)
-> permission().
permission_from_json (UserEncoder, Permission) ->
lists:map(fun (User) -> UserEncoder(User) end, Permission).
|
