[Haskell-cafe] Role based access control via monads or arrows
or... something
David Roundy
droundy at darcs.net
Thu Apr 3 09:18:13 EDT 2008
On Thu, Apr 03, 2008 at 12:45:49AM +0000, Luke Palmer wrote:
> 2008/4/2 porrifolius <porrifolius at gmail.com>:
> > (7) ideally required permissions would appear (and accumulate) in
> > type signatures via inference so application code knows which are
> > required and type checker can reject static/dynamic role constraint
> > violations
>
> If you mean what I think you mean by "dynamic", that these are runtime
> permissions, then you're not going to get the type checker to check
> them... of course. What did you mean by dynamic?
With GADTs you can certainly get pretty easy compile-time type checking of
dynamic constraints. The catch is that GADTs aren't properly integrated
with type classes, and this sort of permissions problem may not be
expressible without class constraints, in which case the system may require
olegish code complexity.
At the simplest (and stupidest) level, one could define
data CanReadA
data CanReadB
-- etc
data HavePermission perms where
HaveAPerm :: HavePermission CanReadA
HaveBPerm :: HavePermission CanReadB
and if you then restricted access to the constructors of HavePermission,
you could write code like
data RestrictedData permrequired a = Data a
-- constructor obviously not exported, or you'd lose any safety
readRestrictedData :: HavePermission perm -> RestrictedData perm a -> a
and now if you export readRestrictedData only, then only folks with the
proper permissions could access the data (and this could be done at
runtime).
But this is far from an elegant or satisfactory (or complete) solution.
--
David Roundy
Department of Physics
Oregon State University
More information about the Haskell-Cafe
mailing list