diff options
| author | Bruce Hill <bitbucket@bruce-hill.com> | 2017-09-21 00:10:26 -0700 |
|---|---|---|
| committer | Bruce Hill <bitbucket@bruce-hill.com> | 2017-09-21 00:10:26 -0700 |
| commit | 371548150618d5b3501f388972077b5d035f7d8a (patch) | |
| tree | 8a1cdf99dc25536e21a5a571e5d54607a50848f4 /lib/permissions.nom | |
| parent | 0750d642624b2262afdb4dd17b275a16e96971b5 (diff) | |
Another overhaul, this time pulling all the chunks of the core lib into
their own files.
Diffstat (limited to 'lib/permissions.nom')
| -rw-r--r-- | lib/permissions.nom | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/lib/permissions.nom b/lib/permissions.nom new file mode 100644 index 0000000..4b6c428 --- /dev/null +++ b/lib/permissions.nom @@ -0,0 +1,42 @@ +require "lib/metaprogramming.nom" +require "lib/control_flow.nom" +require "lib/operators.nom" +require "lib/collections.nom" + +# Permission functions +rule [restrict %rules to within %elite-rules] =: + %rules =: compiler "get_invocations" [%rules] + %elite-rules =: compiler "get_invocations" [%elite-rules] + for all (flatten [%elite-rules, %rules]): + assert ((compiler's "defs") has %it) ".."|Undefined function: \%it\ + for all %rules: + assert (not (compiler "check_permission" [%it])) ".." + |You do not have permission to restrict permissions for function: \%it\ + ((compiler's "defs")'s %it)'s "whiteset" =: dict (..) + [%it, (yes)] for %it in %elite-rules + +rule [allow %elite-rules to use %rules] =: + %rules =: compiler "get_invocations" [%rules] + %elite-rules =: compiler "get_invocations" [%elite-rules] + for all (flatten [%elite-rules, %rules]): + assert ((compiler's "defs") has %it) ".."|Undefined function: \%it\ + for %fn in %rules: + assert (not (compiler "check_permission" [%fn])) ".." + |You do not have permission to grant permissions for function: \%fn\ + %whiteset =: ((compiler's "defs")'s %fn)'s "whiteset" + if (not %whiteset): on to the next %fn + for all %elite-rules: %whiteset's %it =: yes + +rule [forbid %pleb-rules to use %rules] =: + %rules =: compiler "get_invocations" [%rules] + %pleb-rules =: compiler "get_invocations" [%pleb-rules] + for all (flatten [%pleb-rules, %used]): + assert ((compiler's "defs") has %it) ".."|Undefined function: \%it\ + for all %rules: + assert (not (compiler "check_permission" [%it])) ".." + |You do not have permission to grant permissions for function: \%it\ + %whiteset =: ((compiler's "defs")'s %it)'s "whiteset" + assert %whiteset ".." + |Cannot individually restrict permissions for \%it\ because it is currently + |available to everyone. Perhaps you meant to use "restrict % to within %" instead? + for all %pleb-rules: %whiteset's %it =: nil |