{"id":13772828,"url":"https://github.com/radekbusa/Teapot-ACL","last_synced_at":"2025-05-11T05:33:39.912Z","repository":{"id":215834950,"uuid":"315032313","full_name":"radekbusa/Teapot-ACL","owner":"radekbusa","description":"A minimalistic role-based ACL implementation for Teapot Smalltalk HTTP microframework.","archived":false,"fork":false,"pushed_at":"2020-11-22T15:23:55.000Z","size":12,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-11-17T08:44:08.137Z","etag":null,"topics":["access-control","access-control-list","acl","api","authorization","pharo","rest-api","smalltalk","teapot"],"latest_commit_sha":null,"homepage":"","language":"Smalltalk","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/radekbusa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-11-22T12:28:54.000Z","updated_at":"2022-03-03T20:59:32.000Z","dependencies_parsed_at":"2024-01-06T21:52:34.146Z","dependency_job_id":"ce2592e9-67f9-4519-bd0d-ce461fc68b9b","html_url":"https://github.com/radekbusa/Teapot-ACL","commit_stats":null,"previous_names":["radekbusa/teapot-acl"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radekbusa%2FTeapot-ACL","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radekbusa%2FTeapot-ACL/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radekbusa%2FTeapot-ACL/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radekbusa%2FTeapot-ACL/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/radekbusa","download_url":"https://codeload.github.com/radekbusa/Teapot-ACL/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253523689,"owners_count":21921815,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","access-control-list","acl","api","authorization","pharo","rest-api","smalltalk","teapot"],"created_at":"2024-08-03T17:01:08.269Z","updated_at":"2025-05-11T05:33:39.636Z","avatar_url":"https://github.com/radekbusa.png","language":"Smalltalk","funding_links":["https://www.paypal.com/donate?hosted_button_id=Z5NNZTU7VASJQ"],"categories":["Web"],"sub_categories":[],"readme":"# 📜 Teapot-ACL\nA minimalistic role-based ACL implementation for Teapot Smalltalk HTTP microframework.\n\n## 🪄 Usage in a nutshell\n```smalltalk\nacl := TeaACL new\n    addRole: #admin;\n    addRole: #superadmin;\n    addResource: '/documents';\n    \"it supports good ol' Teapot route globs\"\n    addResource: '/documents/\u003cid\u003e';\n    \"privileges could pretty much be anything suiting your needs - it's definitely not limited to HTTP verbs\"\n    allowRole: #admin toAccess: '/documents' withPrivileges: #(POST GET);\n    allowRole: #admin toAccess: '/documents/\u003cid\u003e' withPrivileges: #(GET PUT DELETE);\n    \"it supports a shortcut to allow everything for a given role\"\n    allowRole: #superadmin toAccess: '*' withPrivileges: #(GET).\n\n...\n\n\"returns true\"\nacl checkRole: #admin toAccess: '/documents?foo=bar\u0026bar=baz' withPrivilege: #GET.\n\"superadmin is the god here. returns true\"\nacl checkRole: #superadmin toAccess: '/foo/bar' withPrivilege: #GET.\n\"nobody is allowed to access a route not matching to any glob. returns false\"\nacl checkRole: #admin toAccess: '/xxx' withPrivilege: #GET.\n\"a user with undeclared role is not allowed to access this. returns false\"\nacl checkRole: #outsider toAccess: '/documents' withPrivilege: #GET.\n```\n\n## 🎁 Installation\n```smalltalk\nMetacello new\n    baseline: 'TeapotACL';\n    repository: 'github://radekbusa/Teapot-ACL';\n    load.\n```\n\n## 🔌 Integration example\n1. Add this to application bootstrap by leveraging Teapot filters:\n```smalltalk\nteapot before: '*' -\u003e [ :req | middleware checkAuthorization: req ];\n```\n2. Middleware\u003e\u003echeckAuthorization: aRequest\n```smalltalk\n| token userRole requestUri |\n\t\ntoken := self getToken: aRequest.\nuserRole := token payload at: #role. \"To be modified. User role is stored in a JSON Web Token in this scenario.\"\nrequestUri := aRequest uri asString.\n\n\"Config\u003e\u003eACL contains a preconfigured TeaACL instance.\"\n(config ACL checkRole: userRole toAccess: requestUri withPrivilege: aRequest method) ifFalse: [\n\taRequest abort: (TeaResponse code: 403).\n].\n```\n\n## 🧩 Compatibility\nTested in Pharo 7, 8 and 9.\n\n## 👨‍💻 Author\nRadek Busa is the author and maintainer of this project.\n* Tech blog: [www.medium.com/@radekbusa](http://www.medium.com/@radekbusa)\n* Hire me for your next Smalltalk project: [www.radekbusa.eu](http://www.radekbusa.eu)\n\n\u003e \"I love building enterprise-grade software products in no time and Pharo greatly contributes to that with its amazing debugger, test-driven environment and other great stuff, such as refactoring tools. *My vision is to build libraries for ultra-productive enterprise microservice development with minimalistic and easy-to-grasp APIs for Smalltalk in 2020s.*\"\n\nIf you endorse my vision and/or this project helped you, please don't hesitate to donate. Your donations will be welcome!\n\n[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/donate?hosted_button_id=Z5NNZTU7VASJQ)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fradekbusa%2FTeapot-ACL","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fradekbusa%2FTeapot-ACL","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fradekbusa%2FTeapot-ACL/lists"}