lib/permissions.nom


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

require "lib/metaprogramming.nom"
require "lib/control_flow.nom"
require "lib/operators.nom"
require "lib/collections.nom"

# Permission functions
rule [standardize rules %rules] =:
    if (=lua "type(vars.rules) == 'string'"): %rules = [%rules]
    (nomsu "get_stub" [%]) for all %rules
    %set = []
    for %rule in %rules:
        %stub = (nomsu "get_stub" [%rule])
        %aliases = (((nomsu's "defs")->%stub)->"aliases")
        for all %aliases: %set -> % = (yes)
    keys in %set


rule [restrict %rules to within %elite_rules] =:
    %rules = (standardize rules %rules)
    %elite_rules = (standardize rules %elite_rules)
    for all (flatten [%elite_rules, %rules]):
        assert ((nomsu's "defs") has key %) "Undefined function: \(%)"
    for %rule in %rules:
        assert (nomsu "check_permission" [%]) ".."
            |You do not have permission to restrict permissions for function: \(%)
        ((nomsu) ->* ["defs",%rule,"whiteset"]) = (..)
            dict ([%, yes] for all %elite_rules)

rule [allow %elite_rules to use %rules] =:
    %rules = (standardize rules %rules)
    %elite_rules = (standardize rules %elite_rules)
    for all (flatten [%elite_rules, %rules]):
        assert ((nomsu's "defs") has key %) "Undefined function: \(%)"
    for %rule in %rules:
        assert (nomsu "check_permission" [%rule]) ".."
            |You do not have permission to grant permissions for function: \(%rule)
        %whiteset = ((nomsu) ->* ["defs",%rule,"whiteset"])
        if (not %whiteset): go to next %rule
        for all %elite_rules: %whiteset -> % = (yes)

rule [forbid %pleb_rules to use %rules] =:
    %rules = (standardize rules %rules)
    %pleb_rules = (standardize rules %pleb_rules)
    for all (flatten [%pleb_rules, %used]):
        assert ((nomsu's "defs") has key %) "Undefined function: \(%)"
    for all %rules:
        assert (nomsu "check_permission" [%]) ".."
            |You do not have permission to grant permissions for function: \(%)
        %whiteset = ((nomsu) ->* ["defs",%,"whiteset"])
        assert %whiteset ".."
            |Cannot individually restrict permissions for \(%) because it is currently
            |available to everyone. Perhaps you meant to use "restrict % to within %" instead?
        for all %pleb_rules: %whiteset's % = (nil)