pep.pl -- SWISH PEP (Policy Enforcement Point)

This module implements the Policy Enforcement Point. It is called by modules that perform operations that may not be publically accessible. Examples are:

• Access to files (download, create, update, delete, list, search)
• Control of the sandboxing
• Access to users (profile management)

 authorized(+Action, +Options) is det

Verify that Action is authorized. Options:

indentity(+Identity)

Indentity is the identity dict as collected by autenticate.pl.

Actions defined:

• Gitty store actions

  gitty(download(Obj,Format))

  Attempt to download Obj, one of file(File) or hash(Hash) in Format, see storage_get/4 from storage.pl

  gitty(create(File,Named,Meta))

  Create file name File with the given meta-data. Named is one of named or random and indicates whether the file is named by the user or the name is generated by the system.

  gitty(update(File,PrevMeta,Meta))

  Update File and change meta-data from PrevMeta to Meta.

  gitty(delete(File,Meta))

  Delete File that has the given meta data.

• File actions

  file(update(File,Meta))

  Update (save) a physical file outside the versioned gitty store.

• Social options

  chat(open)

  Open websocket chat channel

  chat(post(Message,About))

  Post a chat message about a specific topic

throws

- http_reply(forbidden(URL)) if the action is not allowed. Can we generate a JSON error object?

 ws_authorized(+Action, +WSUser) is semidet

True when WSUser is allowed to perform action. WSUser is a dict containing the user info as provided by chat_add_user_id/3. It notably has a key profile_id if the user is logged on.

To be done

- Generalise. Notably, how do we get the identity as authenticate/2 returns?

 approve(+Action, +Id)[multifile]

 deny(+Action, +Id)[multifile]

 swish_config:approve(+Action, +Identity, -Approve) is semidet[multifile]

This hook is called by approve/2 and deny/2 before the default rules. If this hook succeeds it must unify Approve with true or false. Action is approved if Approve is true.

 pengines:not_sandboxed(+User, +Application) is semidet[multifile]

Called by Pengines to see whether User may call non-sandboxed operations in Application.