Public
Authored by Tamlyn Rhodes

Expression based authorisation

Edited
Readme.md 2.22 KB
  • Looks neat! Is the main idea here the DSL and the simplified reasoning it enables?

    The roles storage I think is functionally equivalent to teams, with their teamTypes and objectId.

    Does the DSL deal with property filtering as well? The definition/parsing of these expressions could be a very non-trivial effort.

    In general I think it would be better to drive the implementation a DSL from fully hashed out Authsome modes (let’s take Editoria and the xPubs as primary sources), as opposed to the other way around, developing a DSL and then trying to make it fit the requirements.

  • Is the main idea here the DSL and the simplified reasoning it enables?

    Yes.

    Does the DSL deal with property filtering as well?

    No. What's an example use case for that?

    The definition/parsing of these expressions could be a very non-trivial effort.

    Yes! I've been wanting to write a parser since I started writing a toy compile-to-JS language last year. A more pragmatic approach might be to use plain JS:

    // Role config
    
    export const Unauthenticated = {
      'read book': ({book}) => book.status === 'published', 
      signup: true,
    }
    
    export const Author = {
      ...Unauthenticated,
      'read book': true,
      'edit book': ({book}) => book.status !== 'published',
      'submit for approval': true,
    }
    

    Agree that we need a more complete example mode before we can design something that's likely to cover all bases.

Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment