1/*  Part of SWISH
    2
    3    Author:        Jan Wielemaker
    4    E-mail:        J.Wielemaker@cs.vu.nl
    5    WWW:           http://www.swi-prolog.org
    6    Copyright (C): 2017, VU University Amsterdam
    7			 CWI Amsterdam
    8    All rights reserved.
    9
   10    Redistribution and use in source and binary forms, with or without
   11    modification, are permitted provided that the following conditions
   12    are met:
   13
   14    1. Redistributions of source code must retain the above copyright
   15       notice, this list of conditions and the following disclaimer.
   16
   17    2. Redistributions in binary form must reproduce the above copyright
   18       notice, this list of conditions and the following disclaimer in
   19       the documentation and/or other materials provided with the
   20       distribution.
   21
   22    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
   23    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
   24    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
   25    FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
   26    COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
   27    INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
   28    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   29    LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
   30    CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   31    LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
   32    ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   33    POSSIBILITY OF SUCH DAMAGE.
   34*/
   35
   36:- module(swish_pep,
   37          [ authorized/2                               % +Request, +Action
   38          ]).   39:- use_module(library(debug)).   40:- use_module(library(option)).   41:- use_module(library(error)).   42:- use_module(library(http/http_wrapper)).   43
   44:- use_module(authenticate).   45:- use_module(storage).   46:- use_module(config).   47
   48/** <module> SWISH PEP (Policy Enforcement Point)
   49
   50This module implements the _Policy Enforcement   Point_. It is called by
   51modules that perform operations that may   not be publically accessible.
   52Examples are:
   53
   54  - Access to files (download, create, update, delete, list, search)
   55  - Control of the sandboxing
   56  - Access to users (profile management)
   57*/
   58
   59:- multifile
   60    swish_config:approve/2,
   61    swish_config:deny/2.   62
   63%!  authorized(+Action, +Options) is det.
   64%
   65%   Verify that Action is authorized.  Options:
   66%
   67%     - indentity(+Identity)
   68%       Indentity is the identity dict as collected by autenticate.pl.
   69%
   70%   Actions defined:
   71%
   72%     * Gitty store actions
   73%       - gitty(download(Obj, Format))
   74%         Attempt to download Obj, one of file(File) or hash(Hash) in
   75%         Format, see storage_get/4 from storage.pl
   76%       - gitty(create(File,Named,Meta))
   77%         Create file name File with the given meta-data.  Named is one
   78%         of `named` or `random` and indicates whether the file is named
   79%         by the user or the name is generated by the system.
   80%       - gitty(update(File,PrevMeta,Meta))
   81%         Update File and change meta-data from PrevMeta to Meta.
   82%       - gitty(delete(File,Meta))
   83%         Delete File that has the given meta data.
   84%     * File actions
   85%       - file(update(File,Meta))
   86%         Update (save) a physical file outside the versioned gitty
   87%         store.
   88%     * Social options
   89%       - chat
   90%         Open websocket chat channel
   91%
   92%   @throws http_reply(forbidden(URL)) if the action is not allowed. Can
   93%   we generate a JSON error object?
   94
   95authorized(Action, _Options) :-
   96    var(Action),
   97    !,
   98    instantiation_error(Action).
   99authorized(Action, Options) :-
  100    option(identity(Id), Options),
  101    (   authorize(Action, Id)
  102    ->  debug(pep, 'Approved gitty action ~p to ~p', [Action, Id])
  103    ;   debug(pep, 'Denied action ~p to ~p', [Action, Id]),
  104        http_current_request(Request),
  105        option(path(Path), Request),
  106        throw(http_reply(forbidden(Path)))
  107    ).
  108
  109:- multifile
  110    approve/2,
  111    deny/2.  112
  113authorize(Action, Id) :-
  114    approve(Action, Id), !,
  115    \+ deny(Action, Id).
  116
  117%!  approve(+Action, +Id)
  118
  119approve(gitty(update(_File,PrevMeta,_Meta)), Auth) :- !,
  120    storage_meta_property(PrevMeta, modify(Modify)),
  121    (   memberchk(any, Modify)
  122    ->  true
  123    ;   memberchk(login, Modify)
  124    ->  user_property(Auth, login(_))
  125    ;   storage_meta_property(PrevMeta, identity(Id)),
  126        user_property(Auth, identity(Id))
  127    ).
  128approve(gitty(_), _).
  129approve(file(update(_File, _Meta)), Auth) :-
  130    user_property(Auth, login(local)).
  131approve(run(any, _), Auth) :-
  132    user_property(Auth, login(local)).
  133approve(chat, _).
  134
  135%!  deny(+Auth, +Id)
  136
  137
  138
  139
  140		 /*******************************
  141		 *           PENGINES		*
  142		 *******************************/
  143
  144%!  pengines:not_sandboxed(+User, +Application) is semidet.
  145%
  146%   Called by Pengines to  see  whether   User  may  call  non-sandboxed
  147%   operations in Application.
  148
  149:- multifile pengines:not_sandboxed/2.  150
  151pengines:not_sandboxed(User, Application) :-
  152    authorized(run(any, Application), [identity(User)])