Conversation
zonotope
approved these changes
Sep 13, 2024
| #?(:clj (set! *warn-on-reflection* true)) | ||
|
|
||
| (defprotocol Restrictable | ||
| (wrap-policy [db policy-rules values-map]) |
Contributor
There was a problem hiding this comment.
Nice simplification of this protocol
| {:status 400 | ||
| :error :db/invalid-values-map})))) | ||
|
|
||
| (defn expanded? |
Contributor
There was a problem hiding this comment.
This is fine for now, but I would prefer more robust code paths where we only call this function with data we already know is expanded. That has its own benefits, and this method introduces a dependency on the proprietary :idx key and limits our flexibility with respect to expansion going forward. Making the code paths more robust is probably a much larger refactor, so I'm ok with this for now.
Contributor
Author
There was a problem hiding this comment.
Good point. I ran into this issue when using with fluree/server so added a quick fix.
I just fixed it up property and removed this.
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds two features needed for Nexus (and generally useful)
wrap-class-policyAPI to the existingwrap-policyandwrap-identity-policyfor enforcing policy on a db. This addition allows you to pass one or more class IRIs to enforce policy, which will query the db for policies of those class(es) and apply them. This feature provides a similar capability to v2's 'roles' option.query-connectionAPI which Nexus primarily uses. In the 'opts' for a query, you can now include the following keys:a)
policyClass- which performs the feature as described in (1) above.b)
policy- which allows you to pass in any json-ld policy definitions and will callwrap-policyon your behalfc)
policyValues- which allows you to pass in a values map that policy enforcement will inject into the policy queries (via the policy query'svalueskey).*note - in the case of
policyandpolicyClass, json-ld/expand will be called on them utilizing the query's@context. In the process added the expansion to the existingdidoption which previously was never attempted to expand.