Hey Michael,
Here's a solution using core.logic.
;; We can define a "permission" relation with "defrel".
(defrel permission roles ops state)
;; and a helper function to add each combination of permissions
(defn add-permision [roles ops states]
(for [r roles
o ops
s states]
(fact permission r o s)))
;; Here is your first example
(add-permision #{:admin :operator} #{:reject :accept} #{:applied})
;; Now lets ask what are the permissions for the :admin role
logic-introduction.perm=> (run* [q]
(fresh [ops states]
(permission :admin ops states)
(== q [ops states])))
([:reject :applied] [:accept :applied])
;; Ask what permissions either a :admin or :operator role has
logic-introduction.perm=> (run* [q]
(fresh [role ops states]
(conde
((== role :admin))
((== role :operator)))
(== q [ops states])
(permission role ops states)))
([:reject :applied] [:accept :applied] [:reject :applied] [:accept
:applied])
Thanks,
Ambrose
On Sun, Nov 6, 2011 at 12:51 AM, Michael Jaaka <[email protected]
> wrote:
> Hi,
>
> I would like to use logic programing to describe permissions. The
> definition is
>
> We have set of triples which looks like:
> Set of roles; set of operations; set of states
>
> Triples are defined in scope of some entity with states, wildcard is
> defined with _
>
> All I need is to answer on some operation invocation if given user
> with his role is able to execute that operation for particular entity
> which is in one of its states
>
> Example:
> Roles: admin, operator, auditor
> Entity: data form with states dirty, applied, rejected, executed
> Operations on data form: reject, acept, list, enter
> Triples of permissions:
> admin, operator; reject, accept; applied
> auditor, operator; list; _
> operator; enter; dirty
>
> The additional question beside checking permission is:
> What are operations avaiable for given role and given state of entity
>
>
> Any thoughts? Maybe core.logic? It seems that I know its purpose but
> don't know how to use it.
> Thanks in advance.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To post to this group, send email to [email protected]
> Note that posts from new members are moderated - please be patient with
> your first post.
> To unsubscribe from this group, send email to
> [email protected]
> For more options, visit this group at
> http://groups.google.com/group/clojure?hl=en
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to [email protected]
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
