[Haskell-cafe] Re: Role based access control via monads or arrows
or... something
apfelmus
apfelmus at quantentunnel.de
Thu Apr 3 11:31:16 EDT 2008
David Roundy wrote:
> Luke Palmer wrote:
>> porrifolius wrote:
>>> (7) ideally required permissions would appear (and accumulate) in
>>> type signatures via inference so application code knows which are
>>> required and type checker can reject static/dynamic role constraint
>>> violations
>>
>> If you mean what I think you mean by "dynamic", that these are runtime
>> permissions, then you're not going to get the type checker to check
>> them... of course. What did you mean by dynamic?
>
>
> At the simplest (and stupidest) level, one could define
>
> data CanReadA
> data CanReadB
> -- etc
>
> data HavePermission perms where
> HaveAPerm :: HavePermission CanReadA
> HaveBPerm :: HavePermission CanReadB
>
> and if you then restricted access to the constructors of HavePermission,
> you could write code like
>
> data RestrictedData permrequired a = Data a
> -- constructor obviously not exported, or you'd lose any safety
>
> readRestrictedData :: HavePermission perm -> RestrictedData perm a -> a
>
> and now if you export readRestrictedData only, then only folks with the
> proper permissions could access the data (and this could be done at
> runtime).
At runtime, are you sure? I mean, if I want to use it like in
foo = ... readRestrictedData permission secret ...
I must know that the type of my permission matches the the type of
secret , either by knowing them in advance or by propagating this as
type variable into the type of foo. In any case, I may only write foo
if I know statically that permission is going to match the secret .
No runtime involved?
In other words, I fail to see how this GADT example is different from a
normal phantom type (modulo different naming)
data Permission p = Permitted -- not exported
low :: Permission Low -- same role as HaveAPerm
high :: Permission High -- a module which knows these constants has
-- corresponding permissions
data Restricted p a = Restricted a
readRestricted :: Permission p -> Restricted p a -> a
Regards,
apfelmus
More information about the Haskell-Cafe
mailing list