head

Object::Permission - Experimental method (and public attribute accessor,) level authorisation


code

=begin code

    use Object::Permission;

    class Foo {
        has $.baz is authorised-by('baz');

        method bar() is authorised-by('barbar') {
            ...
        }
    }

    # Object::Permission::User is a role, just use type pun
    $*AUTH-USER = Object::Permission::User.new(permissions => <barbar zub>);

    my $foo = Foo.new;

    $foo.bar();   # Executes okay
    say $foo.baz; # Throws X::NotAuthorised

=end code


This is an experimental module to provide a rudimentary authorisation
mechanism for classes whereby selected methods or public attribute
accessors can require a named permission to execute, the permissions
associated with the dynamic variable C<$*AUTH-USER> being checked
at invocation and an exception being thrown if the User object does not
have the required permission.


The intent is that C<$*AUTH-USER> is initialised with an object
of some class that does the role L<Object::Permission::User> which
populates the permissions as per the application logic.



module Object::Permission:ver<0.0.5>:auth<github:jonathanstowe>:api<1.0> {

    role User {
        has @.permissions is rw;
    }

    class X::NotAuthorised is Exception {
        has Method $.method;
        has Str $.permission;
        method message(--> Str) {
            "method '{ $!method.name }' requires permission '{ $.permission }'"
        }
    }

    role PermissionedThing {
        has Str $.permission is rw;
    }
    role PermissionedMethod does PermissionedThing {

    }

    multi sub trait_mod:<is> (Method:D $meth, Str :$authorised-by!) is export {

        if $authorised-by.defined {
            $meth does PermissionedMethod;
            $meth.permission = $authorised-by;
            my $rw = so $meth.rw;
            my $wrapper = $rw ?? method (|c) is rw {
                if !?$*AUTH-USER.permissions.grep($meth.permission) {
                    X::NotAuthorised.new(method => $meth, permission => $meth.permission).throw;
                }
                callsame;
            }
            !!
            method (|c) {
                if !?$*AUTH-USER.permissions.grep($meth.permission) {
                    X::NotAuthorised.new(method => $meth, permission => $meth.permission).throw;
                }
                nextsame;
            };

            $meth.wrap($wrapper);
        }
    }

    role PermissionedAttribute does PermissionedThing {

        # A bit icky but better than over-riding compose altogether
        method compose(Mu $package) {
            # not sure if the return matters
            my $r = callsame;
            if self.has_accessor {
                my $meth_name = self.name.substr(2);
                if $package.^can($meth_name)[0] -> $meth {
                    trait_mod:<is>($meth, authorised-by => $.permission);
                }
            }
            $r;
        }
    }


    multi sub trait_mod:<is> (Attribute:D $attr, :$authorised-by!) is export {

        if $authorised-by.defined {
            $attr does PermissionedAttribute;
            $attr.permission = $authorised-by;
        }
    }

    # This is by the way of a hack to type constrain the
    # global dynamic variable
    my User $user;
    PROCESS::<$AUTH-USER> := Proxy.new(
                                    FETCH => sub ($) {
                                        $user;
                                    },
                                    STORE => sub ($, User $val) {
                                        $user = $val;
                                    }
                                );
}

# vim: ft=raku


root

README

React

=begin React :component<HeaderCol> :id<menu> 
=para L<Documentation|/doc/introduction>
=para L<Modules| /mods>
=para L<Examples| file:../examples/index.podlite>
=para L<Download |file:../download/index.podlite>
=para L<About|file:../about/index.podlite>
=para 🔍 K<⌘K>/K<ctrl-K>
=end React


=begin React :component<HeaderCol> :id<footer>  
=begin nested :!nested
=item1 B<Language>
    =item2 L<Get started|file:../getting-started/getting-started.podlite>
    =item2 L<Why Raku?|/doc/language/faq#Why-should-I-learn-Raku-What's-so-great-about-it>
    =item2 L<Try Raku|https://glot.io/new/raku>
    =item2 L<Raku cheat sheet|https://github.com/Raku/mu/blob/master/docs/Perl6/Cheatsheet/cheatsheet.txt>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<Raku on Exercism|https://exercism.org/tracks/raku>
    =item2 L<Wikipedia|https://en.wikipedia.org/wiki/Raku_(programming_language)>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>

=end nested
=begin nested :!nested

=item1 B<L<Documentation|/doc>>
    =item2 L<Getting started, Migration guides from other languages, & Tutorials | file:../doc/introduction.podlite>
    =item2 L<Language References|file:../doc/reference.podlite>
    =item2 L<Type Reference| file:../doc/types.podlite>
    =item2 L<Miscellaneous| file:../doc/miscellaneous.podlite>
    =item2 L<FAQs (Frequently Asked Questions)|/doc/language/faq>
    =item2 L<Community|/doc/language/community>
    =item2 L<The list of all documents|file:../doc/index.podlite>

=item1 B<Resources>
    =item2 L<The Raku Guide|https://raku.guide/>
    =item2 L<Books |https://perl6book.com/>
    =item2 L<Rosetta Code | https://www.raku.org/community/rosettacode>

=end nested
=begin nested :!nested

=item1 B<Resoures>
    =item2 L<Download | file:../download/index.podlite>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>

=item1 B<Learning>
    =item2 L<The Raku Guide|https://raku.guide/>
    =item2 L<Wikibook |https://en.wikibooks.org/wiki/Raku_Programming>
    =item2 L<Books |https://perl6book.com/>
    =item2 L<Rosetta Code | https://www.raku.org/community/rosettacode>
    =item2 L<Learn Raku in Y minutes|https://learnxinyminutes.com/docs/raku/>
    =item2 L<Golfing |https://github.com/AlexDaniel/raku-golf-cheatsheet>
=end nested
=begin nested :!nested

=item1 B<Explore>
    =item2 L<Raku Blog Aggregator|https://planet.raku.org/>
    =item2 L<Rakudo Weekly|https://rakudoweekly.blog/>
    =item2 L<The Weekly Challenge |https://perlweeklychallenge.org/>
    =item2 L<Raku Advent Calendar|https://raku-advent.blog/>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>

=end nested
=end React


=begin React :component<CookieConsent> :id<CookieConsent> :buttonCaption("Got it!")
=para
This website uses cookies for analytics.
=end React


Permission

NAME

SYNOPSIS

DESCRIPTION

Object::Permission v0.0.6

Authors

License

Dependencies

Test Dependencies

Provides

Documentation