PublicShow -- SWISH PEP (Policy Enforcement Point)

This module implements the Policy Enforcement Point. It is called by modules that perform operations that may not be publically accessible. Examples are:

Source authorized(+Action, +Options) is det
Verify that Action is authorized. Options:
Indentity is the identity dict as collected by

Actions defined:

  • Gitty store actions
    Attempt to download Obj, one of file(File) or hash(Hash) in Format, see storage_get/4 from
    Create file name File with the given meta-data. Named is one of named or random and indicates whether the file is named by the user or the name is generated by the system.
    Update File and change meta-data from PrevMeta to Meta.
    Delete File that has the given meta data.
  • File actions
    Update (save) a physical file outside the versioned gitty store.
  • Social options
    Open websocket chat channel
    Post a chat message about a specific topic
- http_reply(forbidden(URL)) if the action is not allowed. Can we generate a JSON error object?
Source ws_authorized(+Action, +WSUser) is semidet
True when WSUser is allowed to perform action. WSUser is a dict containing the user info as provided by chat_add_user_id/3. It notably has a key profile_id if the user is logged on.
To be done
- Generalise. Notably, how do we get the identity as authenticate/2 returns?
Source approve(+Action, +Id)[multifile]
Source deny(+Action, +Id)[multifile]
 swish_config:approve(+Action, +Identity, -Approve) is semidet[multifile]
This hook is called by approve/2 and deny/2 before the default rules. If this hook succeeds it must unify Approve with true or false. Action is approved if Approve is true.
Source pengines:not_sandboxed(+User, +Application) is semidet[multifile]
Called by Pengines to see whether User may call non-sandboxed operations in Application.