lib/permissions.nom


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

require "lib/metaprogramming.nom"
require "lib/control_flow.nom"
require "lib/operators.nom"
require "lib/collections.nom"

# Permission functions
rule [restrict %rules to within %elite-rules] =:
    say ".."|Restricting \%rules\ to within \%elite-rules\
    %rules =: keys in (nomsu "get_aliases" [%rules])
    %elite-rules =: keys in (nomsu "get_aliases" [%elite-rules])
    for all (flatten [%elite-rules, %rules]):
        assert ((nomsu's "defs") has key %it) ".."|Undefined function: \%it\
    for all %rules:
        assert (nomsu "check_permission" [%it]) ".."
            |You do not have permission to restrict permissions for function: \%it\
        %foo =: dict (..)
            [%it, yes] for %it in %elite-rules
        ((nomsu's "defs")'s %it)'s "whiteset" =: %foo

rule [allow %elite-rules to use %rules] =:
    say ".."|Allowing \%elite-rules\ to use \%rules\
    %rules =: keys in (nomsu "get_aliases" [%rules])
    %elite-rules =: keys in (nomsu "get_aliases" [%elite-rules])
    for all (flatten [%elite-rules, %rules]):
        assert ((nomsu's "defs") has key %it) ".."|Undefined function: \%it\
    for %fn in %rules:
        assert (nomsu "check_permission" [%fn]) ".."
            |You do not have permission to grant permissions for function: \%fn\
        %whiteset =: ((nomsu's "defs")'s %fn)'s "whiteset"
        if (not %whiteset): on to the next %fn
        for all %elite-rules: %whiteset's %it =: yes

rule [forbid %pleb-rules to use %rules] =:
    say ".."|Forbidding \%pleb-rules\ to use \%rules\
    %rules =: keys in (nomsu "get_aliases" [%rules])
    %pleb-rules =: keys in (nomsu "get_aliases" [%pleb-rules])
    for all (flatten [%pleb-rules, %used]):
        assert ((nomsu's "defs") has key %it) ".."|Undefined function: \%it\
    for all %rules:
        assert (nomsu "check_permission" [%it]) ".."
            |You do not have permission to grant permissions for function: \%it\
        %whiteset =: ((nomsu's "defs")'s %it)'s "whiteset"
        assert %whiteset ".."
            |Cannot individually restrict permissions for \%it\ because it is currently
            |available to everyone. Perhaps you meant to use "restrict % to within %" instead?
        for all %pleb-rules: %whiteset's %it =: nil