pep.pl -- SWISH PEP (Policy Enforcement Point)
This module implements the Policy Enforcement Point. It is called by modules that perform operations that may not be publically accessible. Examples are:
- Access to files (download, create, update, delete, list, search)
- Control of the sandboxing
- Access to users (profile management)
- authorized(+Action, +Options) is det
- Verify that Action is authorized. Options:
- indentity(+Identity)
- Indentity is the identity dict as collected by
autenticate.pl.
Actions defined:
- Gitty store actions
- gitty(download(Obj, Format))
- Attempt to download Obj, one of
file(File)orhash(Hash)in Format, see storage_get/4 from storage.pl - gitty(create(File, Named, Meta))
- Create file name File with the given meta-data. Named is one
of
namedorrandomand indicates whether the file is named by the user or the name is generated by the system. - gitty(update(File, PrevMeta, Meta))
- Update File and change meta-data from PrevMeta to Meta.
- gitty(delete(File, Meta))
- Delete File that has the given meta data.
- File actions
- file(update(File, Meta))
- Update (save) a physical file outside the versioned gitty store.
- Social options
- chat
- Open websocket chat channel
- approve(+Action, +Id)[multifile]
- deny(+Auth, +Id)[multifile]
- pengines:not_sandboxed(+User, +Application) is semidet[multifile]
- Called by Pengines to see whether User may call non-sandboxed operations in Application.