Prototype: StructuredAccessControl.anyOf
#63
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@saeta
I've been looking at
HeaderAccessControl
for a while, and I still find the testing method strange. As we chatted about before, it's forcing access controls to maintain some authenticator/authorizer separation, but letting the boundary be hidden.This seems bad because:
run
and theircheck
(like how they aggregate individual results inanyOf
, etc.).run
produces the authentication result so it seems natural (and it'd allow more convenient manipulation in our more complex internal access controls), but the internal-for-testing-onlycheck
makes this impossible. This makes the abstraction leaky.StructuredAccessControl
provides (by constraining what's possible and naming things nicely).This PR contains a prototype (not suitable for merging) of how the combinators could be defined on
StructuredAccessControl
s. The Scaladoc makes a claim about why this implementation is ok; I'm happy to discuss. If we can agree on this, I want to remove the genericHeaderAccessControl
entirely and move that name toStructuredAccessControl
, thus forcing all our access controls to have that nice structure.