Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 1fe063add2 | |||
| 642bfb875e |
52
README.md
52
README.md
@@ -1,8 +1,48 @@
|
|||||||
# access-control
|
# Access Kontrol
|
||||||
Helpers to create Access Control
|
Helpers to create a simple Access Control in kotlin
|
||||||
|
|
||||||
[](https://github.com/flecomte/access-control/actions/workflows/tests.yml)
|
[](https://github.com/flecomte/access-kontrol/actions/workflows/tests.yml)
|
||||||
[](https://sonarcloud.io/dashboard?id=flecomte_access-control)
|
[](https://sonarcloud.io/dashboard?id=flecomte_access-kontrol)
|
||||||
|
|
||||||
[](https://sonarcloud.io/dashboard?id=flecomte_access-control)
|
[](https://sonarcloud.io/dashboard?id=flecomte_access-kontrol)
|
||||||
[](https://sonarcloud.io/dashboard?id=flecomte_access-control)
|
[](https://sonarcloud.io/dashboard?id=flecomte_access-kontrol)
|
||||||
|
|
||||||
|
|
||||||
|
## Example
|
||||||
|
|
||||||
|
Define AC
|
||||||
|
```kotlin
|
||||||
|
class AccessControlSample : AccessKontrol() {
|
||||||
|
/** The user can view the object if it is connected and if it is the creator */
|
||||||
|
fun canView(myObject: MyObject, user: User?): AccessResponse {
|
||||||
|
return if (user != null && myObject.createdBy == user) {
|
||||||
|
granted(message = "OK") // the message if optional on granted
|
||||||
|
} else {
|
||||||
|
denied(message = "You must be the creator", code = "creator.ko")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fun canView(myObjects: List<MyObject>, user: User?): AccessResponses {
|
||||||
|
return canAll(myObjects) { canView(it, user) }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Usage
|
||||||
|
```kotlin
|
||||||
|
AccessControlSample().canView(MyObject(), User()).let { response ->
|
||||||
|
response.message // "OK"
|
||||||
|
response.decision == AccessDecision.GRANTED // true
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
try {
|
||||||
|
AccessControlSample().canView(MyObject(), User()).assert() // throw exception if no access
|
||||||
|
} catch (e: AccessDeniedException) {
|
||||||
|
e.getFirstMessage() // the access denied message: "You must be the creator"
|
||||||
|
e.first.code // the access denied code: "creator.ko"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
AccessControlSample().canView(MyObject(), User()).toBoolean() // return true if access is granted
|
||||||
|
```
|
||||||
@@ -44,8 +44,8 @@ val sourcesJar by tasks.registering(Jar::class) {
|
|||||||
publishing {
|
publishing {
|
||||||
repositories {
|
repositories {
|
||||||
maven {
|
maven {
|
||||||
name = "access-control"
|
name = "access-kontrol"
|
||||||
url = uri("https://maven.pkg.github.com/flecomte/access-control")
|
url = uri("https://maven.pkg.github.com/flecomte/access-kontrol")
|
||||||
credentials {
|
credentials {
|
||||||
username = System.getenv("GITHUB_ACTOR")
|
username = System.getenv("GITHUB_ACTOR")
|
||||||
password = System.getenv("GITHUB_TOKEN")
|
password = System.getenv("GITHUB_TOKEN")
|
||||||
@@ -54,7 +54,7 @@ publishing {
|
|||||||
}
|
}
|
||||||
|
|
||||||
publications {
|
publications {
|
||||||
create<MavenPublication>("access-control") {
|
create<MavenPublication>("access-kontrol") {
|
||||||
from(components["java"])
|
from(components["java"])
|
||||||
artifact(sourcesJar)
|
artifact(sourcesJar)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
kotlin.code.style=official
|
kotlin.code.style=official
|
||||||
systemProp.sonar.host.url=https://sonarcloud.io
|
systemProp.sonar.host.url=https://sonarcloud.io
|
||||||
systemProp.sonar.projectKey=flecomte_access-control
|
systemProp.sonar.projectKey=flecomte_access-kontrol
|
||||||
systemProp.sonar.projectName=AccessControl
|
systemProp.sonar.projectName=AccessKontrol
|
||||||
systemProp.sonar.organization=flecomte
|
systemProp.sonar.organization=flecomte
|
||||||
systemProp.sonar.java.coveragePlugin=jacoco
|
systemProp.sonar.java.coveragePlugin=jacoco
|
||||||
systemProp.sonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml
|
systemProp.sonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml
|
||||||
@@ -1 +1 @@
|
|||||||
rootProject.name = "access-control"
|
rootProject.name = "access-kontrol"
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
package io.github.flecomte
|
package io.github.flecomte
|
||||||
|
|
||||||
/** Responses of AccessControl */
|
/** Responses of AccessKontrol */
|
||||||
enum class AccessDecision {
|
enum class AccessDecision {
|
||||||
GRANTED,
|
GRANTED,
|
||||||
DENIED;
|
DENIED;
|
||||||
@@ -14,7 +14,7 @@ enum class AccessDecision {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
abstract class AccessControl {
|
abstract class AccessKontrol {
|
||||||
/**
|
/**
|
||||||
* A Shortcut for return a GrantedResponse
|
* A Shortcut for return a GrantedResponse
|
||||||
*/
|
*/
|
||||||
@@ -39,9 +39,9 @@ abstract class AccessControl {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Throw an Exception if AccessControl return a DENIED response
|
* Throw an Exception if AccessKontrol return a DENIED response
|
||||||
*/
|
*/
|
||||||
fun <T : AccessControl> T.assert(action: T.() -> AccessResponse) {
|
fun <T : AccessKontrol> T.assert(action: T.() -> AccessResponse) {
|
||||||
action().assert()
|
action().assert()
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -109,13 +109,13 @@ class AccessDeniedException(val accessResponses: AccessResponses) : Throwable(ac
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The response that all AccessControl method return
|
* The response that all AccessKontrol method return
|
||||||
* @see GrantedResponse
|
* @see GrantedResponse
|
||||||
* @see DeniedResponse
|
* @see DeniedResponse
|
||||||
*/
|
*/
|
||||||
sealed class AccessResponse(
|
sealed class AccessResponse(
|
||||||
val decision: AccessDecision,
|
val decision: AccessDecision,
|
||||||
val accessControl: AccessControl,
|
val accessControl: AccessKontrol,
|
||||||
val message: String?,
|
val message: String?,
|
||||||
val code: String?
|
val code: String?
|
||||||
) {
|
) {
|
||||||
@@ -135,13 +135,13 @@ sealed class AccessResponse(
|
|||||||
}
|
}
|
||||||
|
|
||||||
open class GrantedResponse(
|
open class GrantedResponse(
|
||||||
accessControl: AccessControl,
|
accessControl: AccessKontrol,
|
||||||
message: String? = null,
|
message: String? = null,
|
||||||
code: String? = null
|
code: String? = null
|
||||||
) : AccessResponse(AccessDecision.GRANTED, accessControl, message, code)
|
) : AccessResponse(AccessDecision.GRANTED, accessControl, message, code)
|
||||||
|
|
||||||
open class DeniedResponse(
|
open class DeniedResponse(
|
||||||
accessControl: AccessControl,
|
accessControl: AccessKontrol,
|
||||||
message: String,
|
message: String,
|
||||||
code: String
|
code: String
|
||||||
) : AccessResponse(AccessDecision.DENIED, accessControl, message, code)
|
) : AccessResponse(AccessDecision.DENIED, accessControl, message, code)
|
||||||
@@ -13,7 +13,7 @@ data class MyObject(
|
|||||||
val title: String
|
val title: String
|
||||||
)
|
)
|
||||||
|
|
||||||
class AccessControlSample : AccessControl() {
|
class AccessControlSample : AccessKontrol() {
|
||||||
fun canView(myObject: MyObject, user: User?): AccessResponse {
|
fun canView(myObject: MyObject, user: User?): AccessResponse {
|
||||||
return if (myObject.title == "granted" && user != null) {
|
return if (myObject.title == "granted" && user != null) {
|
||||||
granted("ok")
|
granted("ok")
|
||||||
@@ -29,7 +29,7 @@ class AccessControlSample : AccessControl() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class AccessControlTest {
|
class AccessKontrolTest {
|
||||||
@Test
|
@Test
|
||||||
fun `test granted`() {
|
fun `test granted`() {
|
||||||
AccessControlSample().run {
|
AccessControlSample().run {
|
||||||
Reference in New Issue
Block a user