docs/mbauer83.zio_http_authorization/AuthorizationPolicy

AuthorizationPolicy

mbauer83.zio_http_authorization.AuthorizationPolicy$

AuthorizationPolicies hold information about the type of User and Resource they authorize, and define an effect to authorize a user of the specified type to access a resource of the specified type.

Out of the box, this library provides a policy which always denies access, a policy which always grants access, and a policy which grants access if the user has the SUPER Role, or if the resource's tenant-id matches the user's tenant-id, or if the resource has no tenant-id.

Attributes

Graph
Supertypes: class Object

trait Matchable

class Any
Self type: AuthorizationPolicy.type

Members list

Type members

Classlikes

An AuthorizationPolicy that always authorizes access to a resource.

Attributes

Example

Create via companion object as in the following example

package mbauer83.zio_http_authorization
import zio.{ZIO, Console, ZIOAppDefault}
object AllPassAuthExample extends ZIOAppDefault:
 type ResourceType <: Resource[_]
 type UserType <: User
 def getUser: ZIO[Any, Nothing, UserType] = ???
 def getResource: ZIO[Any, Nothing, ResourceType] = ???
 override val run = for {
   user <- getUser
   resource <- getResource
   policy = AllowAllPolicy[UserType, ResourceType]
   authorizedResource <- policy.authorized(user)(resource)
   _ <-  Console.printLine(authorizedResource)
 } yield ()

Companion

object

Supertypes

trait AuthorizationPolicy[U, R]

class Object

trait Matchable

class Any

Create an AllowAllPolicy.

Attributes

Companion: class
Supertypes: class Object

trait Matchable

class Any
Self type: AllowAllPolicy.type

Defines a policy for authorizing a specific type U of User.User to access a specific type R of Resource.Resource.

Reflection using scala.reflect.ClassTag is used so that the policy can be registered with an EndpointPolicyProvider.EndpointPolicyProvider.

Attributes

Example

Example usage

package mbauer83.zio_http_authorization
import zio.{ZIO, Console, ZIOAppDefault}
object PolicyAuthorizationExample extends ZIOAppDefault:
 type ResourceType <: Resource[_]
 type UserType <: User[_, _]
 def getUser: ZIO[Any, Nothing, UserType] = ???
 def getResource: ZIO[Any, Nothing, ResourceType] = ???
 def getPolicy: ZIO[Any, Nothing, AuthorizationPolicy[UserType, ResourceType]] = ???
 override val run = for {
   user <- getUser
   resource <- getResource
   policy <- getPolicy
   authorizedResource <- policy.authorized(user)(resource)
   _ <-  Console.printLine(authorizedResource)
 } yield ()

Supertypes

class Object

trait Matchable

class Any

Known subtypes

class AllowAllPolicy[U, R]

class AuthorizeByTenantIdOrSuperRolePolicy[U, R]

class DenyAllPolicy[U, R]

class GenericAuthorizationPolicy

An AuthorizationPolicy that authorizes access if and only if either of the following conditions is met:

The user has the Role.SUPER role
The resource's Resource.ResourceDescriptor.tenantId matches the user's tenant-id
The resource's Resource.ResourceDescriptor.tenantId is empty

Attributes

Companion: object
Supertypes: trait AuthorizationPolicy[U, R]

class Object

trait Matchable

class Any

Create a AuthorizeByTenantIdOrSuperRolePolicy

Attributes

Companion: class
Supertypes: class Object

trait Matchable

class Any
Self type: AuthorizeByTenantIdOrSuperRolePolicy.type

An AuthorizationPolicy that always denies access.

Attributes

Companion: object
Supertypes: trait AuthorizationPolicy[U, R]

class Object

trait Matchable

class Any

Create a DenyAllPolicy

Attributes

Companion: class
Supertypes: class Object

trait Matchable

class Any
Self type: DenyAllPolicy.type

An AuthorizationPolicy that authorizes access if and only if the user has all of the required roles and all of the required permissions.

Attributes

Supertypes: trait AuthorizationPolicy[User[_, _], Resource[_]]

class Object

trait Matchable

class Any

Attributes

Supertypes: trait Product

trait Equals

class Exception

class Throwable

trait Serializable

class Object

trait Matchable

class Any
Show all

Value members

Concrete methods

Secures a parameterized effect with a GenericAuthorizationPolicy.

Takes a function from Request, specific type of User, and specific type of Resource to a ZIO effect as well as a set of roles and a set of permissions to produce a new function from a request, the given type of user, and the given type of resource to new ZIO effect whose failure-type is the union of the original failure-type and UserNotAuthorizedForResourceException.

Attributes

Example

Example usage in a ZIO-http app

import zio.http._
class SecuredExampleUsage extends ZIOAppDefault:
 val pathEffect: Request => GenericUser[String, Nothing] => Resource[StringResourceDescriptor] => ZIO[Any, Nothing, String] =
   (r: Request) => (u: GenericUser[String, Nothing]) => (res: Resource[StringResourceDescriptor]) => ???
 val app: App[Any] =
   Http.collectZIO[Request] {
     case req @ Method.GET -> Root / "test" => {
       val securedPathEffectFn = secured(pathEffect)(Set(Role.SUPER), Set("read"))
       val user: GenericUser[String, Nothing] = ???
       val resource: Resource[StringResourceDescriptor] = ???
       val securedEffect = securedPathEffectFn(req)(user)(resource).mapError(_ => Response(Status.Forbidden))
       for {
         okBodyText <- securedEffect
       } yield Response.text(okBodyText)
     }
   }
 override val run =
   Server.serve(app).provide(Server.default)

In this article

Generated with