Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
A Erlang based RBAC server.
Erlang Shell Other

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
apps/snarl/src
old
rel
.gitignore
.travis.yml
LICENSE
Makefile
README.md
dialyzer.mittigate
rebar
rebar.config

README.md

Snarl

Build status (master): Build Status

Build status (dev): Build Status

Snarl is a right management server build on top of riak_core. The permission architecture is as following:

Each permission consists of a list of values, where the values '…' and '_' (both Erlang atoms) have a special meaning.

  • '...' matches one, more or no values.
  • '_' matches exactly one value.
  • everything else just matches itself.

Examples

[some, cool, permission] matches:

  • [some, cool, permission]
  • [some, '_', permission]
  • ['_', '_', permission]
  • ['...', permission]
  • [some, '...', permission]
  • [some, '...']

Interface

Snarl publishes it's servers via mDNS as

_snarl._zmq._tcp.<domain>

The txt record of the announcements contains:

  • server: ip of the server
  • port: port of ZMQ

Message

Each message is passed as a BERT encoded Erlang terms.

User Functions

  • {user, list} -> [Name::binary()]
  • {user, get, User|Token} -> {ok, {user, Name::binary(), Password::binary(), Permissions, Groups}} | not_found
  • {user, add, User} -> ok | duplicate
  • {user, delete, User} -> ok | not_found
  • {user, grant, User, Permission} -> ok | not_found
  • {user, revoke, User, Permission} -> ok | not_found
  • {user, passwd, User, Pass} -> ok | not_found
  • {user, join, User, Group} -> ok | not_found
  • {user, leave, User, Group} -> ok | not_found
  • {user, auth, User, Pass} -> {ok, Token} | false
  • {user, allowed, User|Token, Permission} -> true | false

  • {user, set_resource, User, Resource, Value} -> ok | not_found

  • {user, get_resource, User, Resource} -> not_found | {ok, {resource, {Name :: binary(), Granted :: number(), claims :: [{resource_claim, ID :: binary(), Ammount :: number()}], reservations :: [{{resource_claim, ID :: binary(), Ammount :: number()}, Timeout :: integer()}]}
  • {user, claim_resource, User, Resource, Ammount} -> ID | not_found | limit_reached
  • {user, free_resource, User, Resource, ID} -> ok
  • {user, resource_stat, User} -> [{Name :: binary(), Granted :: integer(), Claimed :: integer(), Reserved :: integer()}]

Group Functions

  • {group, list} -> [Name::binary()]
  • {group, get, Group} -> {ok, {group, Name::binary(), Permissions}} | not_found
  • {group, add, Group} -> ok | duplicate
  • {group, delete, Group} -> ok | not_found
  • {group, grant, Group, Permission} -> ok | not_found
  • {group, revoke, Group, Permission} -> ok | not_found

Credits

If you want to learn something about riak_core I can recommend rzezeski's working blog the implementation is heavily build on top of the content provided there.

Something went wrong with that request. Please try again.