-
Notifications
You must be signed in to change notification settings - Fork 0
/
amelinium.http.middleware.roles.html
39 lines (39 loc) · 35.6 KB
/
amelinium.http.middleware.roles.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<!DOCTYPE html PUBLIC ""
"">
<html><head><meta charset="UTF-8" /><title>amelinium.http.middleware.roles documentation</title><link rel="stylesheet" type="text/css" href="css/default.css" /><link rel="stylesheet" type="text/css" href="css/highlight.css" /><script type="text/javascript" src="js/highlight.min.js"></script><script type="text/javascript" src="js/jquery.min.js"></script><script type="text/javascript" src="js/page_effects.js"></script><script>hljs.initHighlightingOnLoad();</script><link rel="stylesheet" type="text/css" href="css/randomseed.css" /></head><body><div id="header"><h2>Generated by <a href="https://github.com/weavejester/codox">Codox</a></h2><h1><a href="index.html"><span class="project-title"><span class="project-name">Amelinium</span> <span class="project-version">1.0.1</span></span></a></h1></div><div class="sidebar primary"><h3 class="no-link"><span class="inner">Project</span></h3><ul class="index-link"><li class="depth-1 "><a href="index.html"><div class="inner">Index</div></a></li></ul><h3 class="no-link"><span class="inner">Topics</span></h3><ul><li class="depth-1 "><a href="10_introduction.html"><div class="inner"><span>Introduction</span></div></a></li><li class="depth-1 "><a href="20_hypermedia.html"><div class="inner"><span>Hypermedia-driven</span></div></a></li></ul><h3 class="no-link"><span class="inner">Namespaces</span></h3><ul><li class="depth-1"><a href="amelinium.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>amelinium</span></div></a></li><li class="depth-2 branch"><a href="amelinium.admin.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>admin</span></div></a></li><li class="depth-2"><a href="amelinium.api.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>api</span></div></a></li><li class="depth-3"><a href="amelinium.api.controller.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>controller</span></div></a></li><li class="depth-4"><a href="amelinium.api.controller.user.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>user</span></div></a></li><li class="depth-3"><a href="amelinium.api.url.html"><div class="inner"><span class="tree" style="top: -52px;"><span class="top" style="height: 61px;"></span><span class="bottom"></span></span><span>url</span></div></a></li><li class="depth-2 branch"><a href="amelinium.app.html"><div class="inner"><span class="tree" style="top: -114px;"><span class="top" style="height: 123px;"></span><span class="bottom"></span></span><span>app</span></div></a></li><li class="depth-2"><a href="amelinium.auth.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>auth</span></div></a></li><li class="depth-3"><div class="no-link"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>algo</span></div></div></li><li class="depth-4 branch"><a href="amelinium.auth.algo.append.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>append</span></div></a></li><li class="depth-4 branch"><a href="amelinium.auth.algo.fail.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>fail</span></div></a></li><li class="depth-4 branch"><a href="amelinium.auth.algo.pbkdf2.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>pbkdf2</span></div></a></li><li class="depth-4"><a href="amelinium.auth.algo.scrypt.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>scrypt</span></div></a></li><li class="depth-3 branch"><a href="amelinium.auth.pwd.html"><div class="inner"><span class="tree" style="top: -145px;"><span class="top" style="height: 154px;"></span><span class="bottom"></span></span><span>pwd</span></div></a></li><li class="depth-3"><a href="amelinium.auth.specs.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>specs</span></div></a></li><li class="depth-2"><a href="amelinium.common.html"><div class="inner"><span class="tree" style="top: -238px;"><span class="top" style="height: 247px;"></span><span class="bottom"></span></span><span>common</span></div></a></li><li class="depth-3 branch"><a href="amelinium.common.controller.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>controller</span></div></a></li><li class="depth-3"><a href="amelinium.common.oplog.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>oplog</span></div></a></li><li class="depth-4"><a href="amelinium.common.oplog.auth.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>auth</span></div></a></li><li class="depth-3 branch"><a href="amelinium.common.populators.html"><div class="inner"><span class="tree" style="top: -52px;"><span class="top" style="height: 61px;"></span><span class="bottom"></span></span><span>populators</span></div></a></li><li class="depth-3"><a href="amelinium.common.swagger.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>swagger</span></div></a></li><li class="depth-2 branch"><a href="amelinium.core.html"><div class="inner"><span class="tree" style="top: -176px;"><span class="top" style="height: 185px;"></span><span class="bottom"></span></span><span>core</span></div></a></li><li class="depth-2"><a href="amelinium.db.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>db</span></div></a></li><li class="depth-3"><a href="amelinium.db.sql.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>sql</span></div></a></li><li class="depth-2 branch"><a href="amelinium.errors.html"><div class="inner"><span class="tree" style="top: -52px;"><span class="top" style="height: 61px;"></span><span class="bottom"></span></span><span>errors</span></div></a></li><li class="depth-2"><a href="amelinium.http.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>http</span></div></a></li><li class="depth-3"><div class="no-link"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>client</span></div></div></li><li class="depth-4"><a href="amelinium.http.client.twilio.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>twilio</span></div></a></li><li class="depth-3 branch"><a href="amelinium.http.handler.html"><div class="inner"><span class="tree" style="top: -52px;"><span class="top" style="height: 61px;"></span><span class="bottom"></span></span><span>handler</span></div></a></li><li class="depth-3"><a href="amelinium.http.middleware.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>middleware</span></div></a></li><li class="depth-4 branch"><a href="amelinium.http.middleware.coercion.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>coercion</span></div></a></li><li class="depth-4 branch"><a href="amelinium.http.middleware.content.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>content</span></div></a></li><li class="depth-4 branch"><a href="amelinium.http.middleware.db.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>db</span></div></a></li><li class="depth-4 branch"><a href="amelinium.http.middleware.debug.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>debug</span></div></a></li><li class="depth-4 branch"><a href="amelinium.http.middleware.format.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>format</span></div></a></li><li class="depth-4 branch"><a href="amelinium.http.middleware.headers.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>headers</span></div></a></li><li class="depth-4 branch"><a href="amelinium.http.middleware.language.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>language</span></div></a></li><li class="depth-4 branch"><a href="amelinium.http.middleware.lazy-req.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>lazy-req</span></div></a></li><li class="depth-4 branch"><a href="amelinium.http.middleware.populators.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>populators</span></div></a></li><li class="depth-4 branch"><a href="amelinium.http.middleware.remote-ip.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>remote-ip</span></div></a></li><li class="depth-4 branch current"><a href="amelinium.http.middleware.roles.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>roles</span></div></a></li><li class="depth-4 branch"><a href="amelinium.http.middleware.session.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>session</span></div></a></li><li class="depth-4"><a href="amelinium.http.middleware.validators.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>validators</span></div></a></li><li class="depth-3 branch"><a href="amelinium.http.router.html"><div class="inner"><span class="tree" style="top: -424px;"><span class="top" style="height: 433px;"></span><span class="bottom"></span></span><span>router</span></div></a></li><li class="depth-3"><a href="amelinium.http.server.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>server</span></div></a></li><li class="depth-4 branch"><a href="amelinium.http.server.jetty.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>jetty</span></div></a></li><li class="depth-4"><a href="amelinium.http.server.undertow.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>undertow</span></div></a></li><li class="depth-2"><a href="amelinium.i18n.html"><div class="inner"><span class="tree" style="top: -672px;"><span class="top" style="height: 681px;"></span><span class="bottom"></span></span><span>i18n</span></div></a></li><li class="depth-3"><a href="amelinium.i18n.pluralizers.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>pluralizers</span></div></a></li><li class="depth-2 branch"><a href="amelinium.identity.html"><div class="inner"><span class="tree" style="top: -52px;"><span class="top" style="height: 61px;"></span><span class="bottom"></span></span><span>identity</span></div></a></li><li class="depth-2 branch"><a href="amelinium.locale.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>locale</span></div></a></li><li class="depth-2 branch"><a href="amelinium.logging.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>logging</span></div></a></li><li class="depth-2"><div class="no-link"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>model</span></div></div></li><li class="depth-3 branch"><a href="amelinium.model.confirmation.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>confirmation</span></div></a></li><li class="depth-3"><a href="amelinium.model.user.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>user</span></div></a></li><li class="depth-2"><div class="no-link"><div class="inner"><span class="tree" style="top: -83px;"><span class="top" style="height: 92px;"></span><span class="bottom"></span></span><span>proto</span></div></div></li><li class="depth-3 branch"><a href="amelinium.proto.auth.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>auth</span></div></a></li><li class="depth-3 branch"><a href="amelinium.proto.errors.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>errors</span></div></a></li><li class="depth-3 branch"><a href="amelinium.proto.identity.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>identity</span></div></a></li><li class="depth-3 branch"><a href="amelinium.proto.session.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>session</span></div></a></li><li class="depth-3"><a href="amelinium.proto.twilio.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>twilio</span></div></a></li><li class="depth-2 branch"><a href="amelinium.schemas.html"><div class="inner"><span class="tree" style="top: -176px;"><span class="top" style="height: 185px;"></span><span class="bottom"></span></span><span>schemas</span></div></a></li><li class="depth-2"><div class="no-link"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>server</span></div></div></li><li class="depth-3"><a href="amelinium.server.ssl.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>ssl</span></div></a></li><li class="depth-2 branch"><a href="amelinium.system.html"><div class="inner"><span class="tree" style="top: -52px;"><span class="top" style="height: 61px;"></span><span class="bottom"></span></span><span>system</span></div></a></li><li class="depth-2"><div class="no-link"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>types</span></div></div></li><li class="depth-3 branch"><a href="amelinium.types.auth.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>auth</span></div></a></li><li class="depth-3 branch"><a href="amelinium.types.db.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>db</span></div></a></li><li class="depth-3 branch"><a href="amelinium.types.errors.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>errors</span></div></a></li><li class="depth-3 branch"><a href="amelinium.types.identity.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>identity</span></div></a></li><li class="depth-3 branch"><a href="amelinium.types.session.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>session</span></div></a></li><li class="depth-3"><a href="amelinium.types.twilio.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>twilio</span></div></a></li><li class="depth-2 branch"><a href="amelinium.utils.html"><div class="inner"><span class="tree" style="top: -207px;"><span class="top" style="height: 216px;"></span><span class="bottom"></span></span><span>utils</span></div></a></li><li class="depth-2"><a href="amelinium.web.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>web</span></div></a></li><li class="depth-3"><a href="amelinium.web.controller.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>controller</span></div></a></li><li class="depth-4 branch"><a href="amelinium.web.controller.admin.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>admin</span></div></a></li><li class="depth-4"><a href="amelinium.web.controller.user.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>user</span></div></a></li><li class="depth-3 branch"><a href="amelinium.web.js.html"><div class="inner"><span class="tree" style="top: -83px;"><span class="top" style="height: 92px;"></span><span class="bottom"></span></span><span>js</span></div></a></li><li class="depth-3 branch"><a href="amelinium.web.taggers.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>taggers</span></div></a></li><li class="depth-3"><a href="amelinium.web.url.html"><div class="inner"><span class="tree"><span class="top"></span><span class="bottom"></span></span><span>url</span></div></a></li></ul></div><div class="sidebar secondary"><h3><a href="#top"><span class="inner">Public Vars</span></a></h3><ul><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-description"><div class="inner"><span>description</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-filter-in-context"><div class="inner"><span>filter-in-context</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-force-context"><div class="inner"><span>force-context</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-get-req-context"><div class="inner"><span>get-req-context</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-get-req-self"><div class="inner"><span>get-req-self</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-get-roles-for-user-id"><div class="inner"><span>get-roles-for-user-id</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-get-roles-from-session"><div class="inner"><span>get-roles-from-session</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-handler"><div class="inner"><span>handler</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-inject-roles"><div class="inner"><span>inject-roles</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-invalidate-cache.21"><div class="inner"><span>invalidate-cache!</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-known.3F"><div class="inner"><span>known?</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-parse-roles"><div class="inner"><span>parse-roles</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-prep-config"><div class="inner"><span>prep-config</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-query-roles"><div class="inner"><span>query-roles</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-refresh"><div class="inner"><span>refresh</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-unauthorized"><div class="inner"><span>unauthorized</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-unknown.3F"><div class="inner"><span>unknown?</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-user-authenticated.3F"><div class="inner"><span>user-authenticated?</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-user-authorized.3F"><div class="inner"><span>user-authorized?</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-user-known.3F"><div class="inner"><span>user-known?</span></div></a></li><li class="depth-1"><a href="amelinium.http.middleware.roles.html#var-wrap-roles"><div class="inner"><span>wrap-roles</span></div></a></li></ul></div><div class="namespace-docs" id="content"><h1 class="anchor" id="top">amelinium.http.middleware.roles</h1><h4 class="added">added in 1.0.0</h4><div class="doc"><div class="markdown"><p>amelinium service, role-based access control middleware.</p>
</div></div><div class="public anchor" id="var-description"><h3>description</h3><div class="usage"><code>(description config role)</code></div><div class="doc"><div class="markdown"></div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L43">view source</a></div></div><div class="public anchor" id="var-filter-in-context"><h3>filter-in-context</h3><div class="usage"><code>(filter-in-context req)</code><code>(filter-in-context context roles config)</code></div><div class="doc"><div class="markdown"><p>Filters roles map by the given context, merging-in global roles when needed. Returns a set of roles matching the context or nil.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L47">view source</a></div></div><div class="public anchor" id="var-force-context"><h3>force-context</h3><div class="usage"><code>(force-context req context)</code><code>(force-context req context self-role?)</code></div><div class="doc"><div class="markdown"><p>Forces different context by setting <code>:roles/context</code> and recalculating <code>:roles/in-context</code> in the given request map <code>req</code>.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L296">view source</a></div></div><div class="public anchor" id="var-get-req-context"><h3>get-req-context</h3><div class="usage"><code>(get-req-context req)</code><code>(get-req-context req config)</code><code>(get-req-context req config req-context-path)</code></div><div class="doc"><div class="markdown"><p>Gets context from a request using a key path.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L265">view source</a></div></div><div class="public anchor" id="var-get-req-self"><h3>get-req-self</h3><div class="usage"><code>(get-req-self req)</code><code>(get-req-self req config)</code><code>(get-req-self req config self-role self-path self-check-path)</code></div><div class="doc"><div class="markdown"><p>Gets a value from the given request map (<code>req</code>) located under a (possibly nested) key(s) specified by a sequential collection <code>self-path</code> and compares it with a value obtained from the same <code>req</code> map identified by <code>self-check-path</code>. If the values are equal, it returns <code>self-role</code>. Otherwise it returns <code>nil</code>. If the first obtained value is truthy (not <code>nil</code> and not <code>false</code>) but the second path (<code>self-check-path</code>) is not specified (is <code>nil</code> or <code>false</code>), then the value of <code>self-role</code> is also returned.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L274">view source</a></div></div><div class="public anchor" id="var-get-roles-for-user-id"><h3>get-roles-for-user-id</h3><div class="usage"><code>(get-roles-for-user-id config user-id)</code><code>(get-roles-for-user-id config user-id handler-fn)</code><code>(get-roles-for-user-id config user-id handler-fn global-context anonymous-role)</code></div><div class="doc"><div class="markdown"><p>Retrieves all roles for the given user ID and returns them as a map where keys are contexts (expressed as keywords) and values are sets of roles assigned to those contexts.</p>
<p>If the user ID is <code>nil</code> or <code>false</code>, it returns a map with a global context and just one, anonymous role assigned to it within a set. If there is no anonymous role passed as an argument, returns <code>nil</code>.</p>
<p>Self-role is not included, even if it is configured, since it’s highly conditioned and may depend on data from the request or an external data source.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L213">view source</a></div></div><div class="public anchor" id="var-get-roles-from-session"><h3>get-roles-from-session</h3><div class="usage"><code>(get-roles-from-session config session)</code><code>(get-roles-from-session config session handler-fn)</code><code>(get-roles-from-session config session handler-fn global-context anonymous-role known-user-role)</code></div><div class="doc"><div class="markdown"><p>Uses the given session map <code>session</code> to obtain current user’s ID and then calls <code>handler-fn</code> with that user ID to obtain user’s roles.</p>
<p>If the ID cannot be obtained from a session, anonymous role is added (if it is configured).</p>
<p>If the ID can be obtained from a session but the session is marked as invalid, a special known-user role is added (if it is configured) so it is possible to identify users with expired or broken sessions visiting the service.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L237">view source</a></div></div><div class="public anchor" id="var-handler"><h3>handler</h3><div class="usage"><code>(handler user-id config)</code><code>(handler user-id config query-roles-fn known-roles login-role global-context context-column keep-unknown?)</code></div><div class="doc"><div class="markdown"><p>Processes RBAC information by taking <code>user-id</code> and configuration options.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L192">view source</a></div></div><div class="public anchor" id="var-inject-roles"><h3>inject-roles</h3><div class="usage"><code>(inject-roles req)</code><code>(inject-roles req {:keys [config processor req-context-fn req-self-role-fn anonymous-role known-user-role self-role global-context authorize-default? session-key], :or {authorize-default? true}, :as config})</code><code>(inject-roles req config processor rcfn srfn anonymous-role known-user-role self-role global-context authorize-default? session-key)</code><code>(inject-roles req config processor rcfn srfn anonymous-role known-user-role self-role global-context authorize-default? session-key roles-forbidden roles-any roles-all)</code></div><div class="doc"><div class="markdown"><p>Main handler for roles. Takes a request map and updates it with role information. Returns updated map which may be a response if redirects for unauthorized access are enabled.</p>
<p>Internally it uses the <code>process</code> function, passing it a processor as the first argument. The <code>processor</code> should be a function which takes a configuration of roles as a map and the current user identifier. The default one is called <code>handler</code> but its memoized variant is used in the middleware wrapper.</p>
<p>This function is wrapped and exposed in a configuration map (<code>:roles/config</code>) under the key <code>:handler</code>. It takes a single argument (a request map) and performs injection using enclosed configuration and a default, memoized processor.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L315">view source</a></div></div><div class="public anchor" id="var-invalidate-cache.21"><h3>invalidate-cache!</h3><div class="usage"><code>(invalidate-cache! req-or-config user-id)</code></div><div class="doc"><div class="markdown"></div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L187">view source</a></div></div><div class="public anchor" id="var-known.3F"><h3>known?</h3><div class="usage"><code>(known? config role)</code></div><div class="doc"><div class="markdown"></div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L35">view source</a></div></div><div class="public anchor" id="var-parse-roles"><h3>parse-roles</h3><div class="usage"><code>(parse-roles roles user-id config)</code><code>(parse-roles roles user-id config known-roles global-context context-column keep-unknown?)</code></div><div class="doc"><div class="markdown"><p>Parses a sequence of maps expressing roles and generates a single map with roles grouped by context.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L154">view source</a></div></div><div class="public anchor" id="var-prep-config"><h3>prep-config</h3><div class="usage"><code>(prep-config config)</code></div><div class="doc"><div class="markdown"></div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L453">view source</a></div></div><div class="public anchor" id="var-query-roles"><h3>query-roles</h3><div class="usage"><code>(query-roles user-id config db)</code><code>(query-roles db user-id)</code></div><div class="doc"><div class="markdown"><p>Gets roles for the given user ID from a database. Returns a map of roles as a sequence of maps.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L145">view source</a></div></div><div class="public anchor" id="var-refresh"><h3>refresh</h3><div class="usage"><code>(refresh req)</code></div><div class="doc"><div class="markdown"><p>Recalculates roles by calling configured handler on a request map.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L384">view source</a></div></div><div class="public anchor" id="var-unauthorized"><h3>unauthorized</h3><div class="usage"><code>(unauthorized config)</code></div><div class="doc"><div class="markdown"><p>Generates unauthorized redirect.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L182">view source</a></div></div><div class="public anchor" id="var-unknown.3F"><h3>unknown?</h3><div class="usage"><code>(unknown? config role)</code></div><div class="doc"><div class="markdown"></div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L39">view source</a></div></div><div class="public anchor" id="var-user-authenticated.3F"><h3>user-authenticated?</h3><div class="usage"><code>(user-authenticated? session)</code></div><div class="doc"><div class="markdown"><p>Returns <code>true</code> if user is authenticated, false otherwise.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L60">view source</a></div></div><div class="public anchor" id="var-user-authorized.3F"><h3>user-authorized?</h3><div class="usage"><code>(user-authorized? req)</code><code>(user-authorized? req in-context)</code><code>(user-authorized? req in-context config)</code><code>(user-authorized? req in-context data auth-default?)</code><code>(user-authorized? req in-context auth-default? roles-forbidden roles-any roles-all)</code></div><div class="doc"><div class="markdown"><p>Checks if user is authorized in the specified context. Takes a request map and a set of roles which are tested to be true in the detected context. Uses <code>:data</code> entry of the current route to get local configuration in which it looks for keys (in order):</p>
<ul>
<li><code>:roles/forbidden</code>,</li>
<li><code>:roles/any</code>,</li>
<li><code>:roles/all</code>.</li>
</ul>
<p>The <code>:roles/forbidden</code> should contain a set of roles which make access unauthorized if at least one of the current roles is matching.</p>
<p>The <code>:roles/any</code> authorizes operation if at least one of the current roles is matching.</p>
<p>The <code>:roles/all</code>, if present, matches if all the specified roles are effectively present.</p>
<p>The default strategy (when there are no rules specified or just the <code>:roles/forbidden</code>) is to allow but it can be changed in the middleware configuration, under the key <code>:authorize-default?</code>.</p>
<p>Returns <code>nil</code> if the access is forbidden, <code>true</code> if granted, <code>false</code> if there were rules but none matched.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L77">view source</a></div></div><div class="public anchor" id="var-user-known.3F"><h3>user-known?</h3><div class="usage"><code>(user-known? session)</code></div><div class="doc"><div class="markdown"><p>Returns <code>true</code> if user ID can be obtained from the given session <code>session</code>, even if the session expired or has errors; <code>false</code> otherwise.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L69">view source</a></div></div><div class="public anchor" id="var-wrap-roles"><h3>wrap-roles</h3><div class="usage"><code>(wrap-roles {:keys [db req-context-path req-self-path req-self-check-path req-self-role-fn req-context-fn query-roles-fn global-context context-column self-role logged-in-role anonymous-role known-user-role roles authorize-default? keep-unknown?], :as config})</code></div><div class="doc"><div class="markdown"><p>Role-based access maintaining middleware. Uses the function associated with <code>:handler</code> configuration key (<code>handler</code> by default) to process roles information. This handler is wrapped in memoizer function to cache the results and passed as a first argument to <code>inject-roles</code> responsible for putting role information into request map.</p>
<p>So the workflow is: - For each request <code>inject-roles</code> is called. - <code>inject-roles</code> extracts session object from the request and calls <code>get-roles-from-session</code>. - <code>get-roles-from-session</code> calls handler on user ID (obtained from the session). - <code>get-roles-from-session</code> adds anonymous role if the user ID could not be obtained. - If there is user ID the handler is called from within <code>get-roles-from-session</code>. - Handler gets user ID and calls a function under configuration key <code>:query-roles-fn</code>. - The result of querying the database is a sequence of maps. - The maps are parsed with <code>parse-roles</code>. - The result of <code>parse-roles</code> is a map with (context -> sets of roles). - The result is returned to <code>inject-roles</code> and injected into a request map.</p>
<p>Additionally, configuration option <code>:req-context-fn</code> can specify an alternative function which will be called within <code>inject-roles</code> to get context from the request.</p>
<p>One can also use <code>:req-self-role-fn</code> to provide a function used to get an identifier of a self-role (only when user is authenticated) on a basis of the request map.</p>
</div></div><div class="src-link"><a href="https://github.com/randomseed-io/amelinium/tree/1.0.1/src/amelinium/http/middleware/roles.clj#L477">view source</a></div></div></div></body></html>