Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/radekbusa/Teapot-ACL
A minimalistic role-based ACL implementation for Teapot Smalltalk HTTP microframework.
https://github.com/radekbusa/Teapot-ACL
access-control access-control-list acl api authorization pharo rest-api smalltalk teapot
Last synced: about 1 month ago
JSON representation
A minimalistic role-based ACL implementation for Teapot Smalltalk HTTP microframework.
- Host: GitHub
- URL: https://github.com/radekbusa/Teapot-ACL
- Owner: radekbusa
- License: mit
- Created: 2020-11-22T12:28:54.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2020-11-22T15:23:55.000Z (about 4 years ago)
- Last Synced: 2024-08-03T17:10:25.147Z (5 months ago)
- Topics: access-control, access-control-list, acl, api, authorization, pharo, rest-api, smalltalk, teapot
- Language: Smalltalk
- Homepage:
- Size: 11.7 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-pharo - Teapot-ACL - A minimalistic role-based access control list for Teapot authorization. (Web)
README
# 📜 Teapot-ACL
A minimalistic role-based ACL implementation for Teapot Smalltalk HTTP microframework.## 🪄 Usage in a nutshell
```smalltalk
acl := TeaACL new
addRole: #admin;
addRole: #superadmin;
addResource: '/documents';
"it supports good ol' Teapot route globs"
addResource: '/documents/';
"privileges could pretty much be anything suiting your needs - it's definitely not limited to HTTP verbs"
allowRole: #admin toAccess: '/documents' withPrivileges: #(POST GET);
allowRole: #admin toAccess: '/documents/' withPrivileges: #(GET PUT DELETE);
"it supports a shortcut to allow everything for a given role"
allowRole: #superadmin toAccess: '*' withPrivileges: #(GET)....
"returns true"
acl checkRole: #admin toAccess: '/documents?foo=bar&bar=baz' withPrivilege: #GET.
"superadmin is the god here. returns true"
acl checkRole: #superadmin toAccess: '/foo/bar' withPrivilege: #GET.
"nobody is allowed to access a route not matching to any glob. returns false"
acl checkRole: #admin toAccess: '/xxx' withPrivilege: #GET.
"a user with undeclared role is not allowed to access this. returns false"
acl checkRole: #outsider toAccess: '/documents' withPrivilege: #GET.
```## 🎁 Installation
```smalltalk
Metacello new
baseline: 'TeapotACL';
repository: 'github://radekbusa/Teapot-ACL';
load.
```## 🔌 Integration example
1. Add this to application bootstrap by leveraging Teapot filters:
```smalltalk
teapot before: '*' -> [ :req | middleware checkAuthorization: req ];
```
2. Middleware>>checkAuthorization: aRequest
```smalltalk
| token userRole requestUri |
token := self getToken: aRequest.
userRole := token payload at: #role. "To be modified. User role is stored in a JSON Web Token in this scenario."
requestUri := aRequest uri asString."Config>>ACL contains a preconfigured TeaACL instance."
(config ACL checkRole: userRole toAccess: requestUri withPrivilege: aRequest method) ifFalse: [
aRequest abort: (TeaResponse code: 403).
].
```## 🧩 Compatibility
Tested in Pharo 7, 8 and 9.## 👨💻 Author
Radek Busa is the author and maintainer of this project.
* Tech blog: [www.medium.com/@radekbusa](http://www.medium.com/@radekbusa)
* Hire me for your next Smalltalk project: [www.radekbusa.eu](http://www.radekbusa.eu)> "I love building enterprise-grade software products in no time and Pharo greatly contributes to that with its amazing debugger, test-driven environment and other great stuff, such as refactoring tools. *My vision is to build libraries for ultra-productive enterprise microservice development with minimalistic and easy-to-grasp APIs for Smalltalk in 2020s.*"
If you endorse my vision and/or this project helped you, please don't hesitate to donate. Your donations will be welcome!
[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/donate?hosted_button_id=Z5NNZTU7VASJQ)