PacketFlow.Capability.Dynamic (packetflow v0.1.0)
Dynamic capability management and validation for PacketFlow.
This module provides runtime capability creation, dynamic capability validation, capability composition patterns, capability delegation, and capability revocation.
Summary
Functions
Composes multiple capabilities into a single capability set.
Creates multiple capabilities at runtime.
Creates a new capability at runtime with the given name and parameters.
Creates a capability inheritance hierarchy.
Creates a capability with temporal constraints.
Delegates multiple capabilities from one entity to another.
Delegates a capability from one entity to another.
Filters capabilities based on a predicate function.
Gets all capabilities that are implied by a given capability.
Checks if one capability implies another capability.
Checks if a capability inherits from another capability.
Merges multiple capability sets into a single set.
Revokes multiple capabilities from an entity.
Revokes a capability from an entity.
Validates multiple capabilities against a set of available capabilities.
Validates a capability against a set of available capabilities.
Validates a capability in a specific context.
Validates a capability delegation.
Validates a temporal capability at a specific time.
Types
@type capability() :: any()
@type capability_context() :: map()
@type capability_rule() :: {capability(), [capability()]}
@type capability_set() :: MapSet.t(capability())
Functions
@spec compose_capabilities([capability()]) :: capability_set()
Composes multiple capabilities into a single capability set.
Examples
iex> compose_capabilities([{:read, "/file"}, {:write, "/file"}])
#MapSet<[{:read, "/file"}, {:write, "/file"}]>@spec create_capabilities([atom()], any()) :: [capability()]
Creates multiple capabilities at runtime.
Examples
iex> create_capabilities([:read, :write], "/path/to/file")
[{:read, "/path/to/file"}, {:write, "/path/to/file"}]@spec create_capability(atom(), any()) :: capability()
Creates a new capability at runtime with the given name and parameters.
Examples
iex> create_capability(:read, "/path/to/file")
{:read, "/path/to/file"}
iex> create_capability(:admin, "user123")
{:admin, "user123"}@spec create_inheritance_hierarchy([capability()]) :: map()
Creates a capability inheritance hierarchy.
Examples
iex> create_inheritance_hierarchy([{:admin, "/file"}, {:read, "/file"}, {:write, "/file"}])
%{
{:admin, "/file"} => [{:read, "/file"}, {:write, "/file"}],
{:write, "/file"} => [{:read, "/file"}]
}@spec create_temporal_capability(capability(), DateTime.t(), DateTime.t()) :: {:temporal, capability(), DateTime.t(), DateTime.t()}
Creates a capability with temporal constraints.
Examples
iex> create_temporal_capability({:read, "/file"}, ~U[2023-01-01 12:00:00Z], ~U[2023-01-02 12:00:00Z])
{:temporal, {:read, "/file"}, ~U[2023-01-01 12:00:00Z], ~U[2023-01-02 12:00:00Z]}@spec delegate_capabilities([capability()], any(), any()) :: [ {:delegated, capability(), any(), any()} ]
Delegates multiple capabilities from one entity to another.
Examples
iex> delegate_capabilities([{:read, "/file"}, {:write, "/file"}], "user1", "user2")
[{:delegated, {:read, "/file"}, "user1", "user2"}, {:delegated, {:write, "/file"}, "user1", "user2"}]@spec delegate_capability(capability(), any(), any()) :: {:delegated, capability(), any(), any()}
Delegates a capability from one entity to another.
Examples
iex> delegate_capability({:read, "/file"}, "user1", "user2")
{:delegated, {:read, "/file"}, "user1", "user2"}@spec filter_capabilities([capability()], (capability() -> boolean())) :: [ capability() ]
Filters capabilities based on a predicate function.
Examples
iex> filter_capabilities([{:read, "/file"}, {:write, "/file"}], fn {op, _} -> op == :read end)
[{:read, "/file"}]@spec get_implied_capabilities(capability()) :: [capability()]
Gets all capabilities that are implied by a given capability.
Examples
iex> get_implied_capabilities({:admin, "/file"})
[{:read, "/file"}, {:write, "/file"}, {:delete, "/file"}]@spec implies?(capability(), capability()) :: boolean()
Checks if one capability implies another capability.
Examples
iex> implies?({:admin, "/file"}, {:read, "/file"})
true
iex> implies?({:read, "/file"}, {:admin, "/file"})
false@spec inherits_from?(capability(), capability(), map()) :: boolean()
Checks if a capability inherits from another capability.
Examples
iex> inherits_from?({:admin, "/file"}, {:read, "/file"}, %{{:admin, "/file"} => [{:read, "/file"}]})
true@spec merge_capability_sets([capability_set()]) :: capability_set()
Merges multiple capability sets into a single set.
Examples
iex> merge_capability_sets([MapSet.new([{:read, "/file"}]), MapSet.new([{:write, "/file"}])])
#MapSet<[{:read, "/file"}, {:write, "/file"}]>@spec revoke_capabilities([capability()], any()) :: [{:revoked, capability(), any()}]
Revokes multiple capabilities from an entity.
Examples
iex> revoke_capabilities([{:read, "/file"}, {:write, "/file"}], "user1")
[{:revoked, {:read, "/file"}, "user1"}, {:revoked, {:write, "/file"}, "user1"}]@spec revoke_capability(capability(), any()) :: {:revoked, capability(), any()}
Revokes a capability from an entity.
Examples
iex> revoke_capability({:read, "/file"}, "user1")
{:revoked, {:read, "/file"}, "user1"}@spec validate_capabilities([capability()], [capability()]) :: boolean()
Validates multiple capabilities against a set of available capabilities.
Examples
iex> validate_capabilities([{:read, "/file"}, {:write, "/file"}], [{:admin, "/file"}])
true@spec validate_capability(capability(), [capability()]) :: boolean()
Validates a capability against a set of available capabilities.
Examples
iex> validate_capability({:read, "/file"}, [{:read, "/file"}])
true
iex> validate_capability({:admin, "user"}, [{:read, "/file"}])
false@spec validate_capability_in_context(capability(), capability_context()) :: boolean()
Validates a capability in a specific context.
Examples
iex> validate_capability_in_context({:read, "/file"}, %{user: "user1", time: ~U[2023-01-01 12:00:00Z]})
true@spec validate_delegation({:delegated, capability(), any(), any()}, [capability()]) :: boolean()
Validates a capability delegation.
Examples
iex> validate_delegation({:delegated, {:read, "/file"}, "user1", "user2"}, [{:admin, "/file"}])
true@spec validate_temporal_capability( {:temporal, capability(), DateTime.t(), DateTime.t()}, DateTime.t() ) :: boolean()
Validates a temporal capability at a specific time.
Examples
iex> validate_temporal_capability({:temporal, {:read, "/file"}, ~U[2023-01-01 12:00:00Z], ~U[2023-01-02 12:00:00Z]}, ~U[2023-01-01 15:00:00Z])
true