diff options
| author | benj <benj@rse8.com> | 2023-04-24 13:24:45 -0700 |
|---|---|---|
| committer | benj <benj@rse8.com> | 2023-04-24 13:24:45 -0700 |
| commit | eb92f823c31a5e702af7005231f0d6915aad3342 (patch) | |
| tree | bb624786a47accb2dfcfe95d20c00c9624c28a9c /crates/secd/README.md | |
| parent | 176aae037400b43cb3971cd968afe59c73b3097a (diff) | |
| download | secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.tar secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.tar.gz secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.tar.bz2 secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.tar.lz secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.tar.xz secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.tar.zst secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.zip | |
email templates, sendgrid, creds, and some experimental things
Started playing with namespace configs and integrating with zanzibar impls. Still lot's of experimenting and dead code going on.
Diffstat (limited to '')
| -rw-r--r-- | crates/secd/README.md | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/crates/secd/README.md b/crates/secd/README.md index 5786d0c..17c333d 100644 --- a/crates/secd/README.md +++ b/crates/secd/README.md @@ -52,3 +52,60 @@ GET /oidc/provider?state=123444 -- state validated by client POST /api/auth/oidc { data ... } motif = start_motif(Oidc, access_token, data) session = complete_motif(motif.id) + +ref = secd.write(User(user, 1), (doc, 3), "editor"); +secd.attach_computed_property(ref, "property_name"); + +secd.check(User(user, 1), (doc, 3), "editor") +secd.compute\_check(User(user, 1), (doc, 3), "editor", ["property", args...], ["property", args...]) +e.g. +secd.compute\_check("User(user, 1), (doc, 3), "editor", ["readable_row", 2134], ["property2", args...]) + +.....NO: A computed property should just be a domain things, and if any data is needed, it can be attached to the auth store for that identity!!!!!!!!!!!!!!!! + +## Namespace stuff... + +use file/path/1 +use file/path/2 + +namespace user { } +namespace role { + relation member { + user | group#member + } + + computed_property (t: timestamp, s: timestamp) { + perform a computation here... + } + + computed_property (s: string) { + s.starts_with("b") + } +} + +namespace group { + relation member { + user | this.admin + } + relation admin { + user + } +} + +namespace doc { + relation owner { user } + relation editor { user | this.owner } + relation viewer { user | this.editor | this.parent#viewer | all(user) } + relation auditor { editor - this.owner } + relation parent { this.doc } +} + +so, basically it's just: + +namespace N { + relation R { + N#R | N#R & N#R - N#R + } +} + +These are `.iam` files. Any `.iam` file can be specified as the main file, and then each use statement will be followed. |