blob: 28caa7c36401c25e8fab72eee428909631b47921 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
Lua Access Control Engine - Lace
================================
Lace is a simple access control engine modelled on Squid's acl syntax.
It provides a parser of rulesets and an engine to execute the parsed
rulesets. It relies on the calling application to provide access
control types and then Lace runs the boolean logic and returns an
allow/deny result along with the location of the decision and any
description provided by it. Lace also handles errors in the control
callbacks to always return gracefully in the form:
local result, reason = engine:run(context)
if result == nil then
report_error(reason)
elseif result == false then
handle_deny(reason)
else
handle_allow(reason)
end
Lace is designed to allow a ruleset loaded into an engine to be run
multiple times with different contexts, each time unaffected by the
last. Of course, this relies on various idempotency requirements
being placed on the control type callbacks, but that is covered in the
usage documentation.
For some examples of using Lace, please see the examples/ tree.
Thanks
======
Thanks go to Codethink Limited for sponsoring development by means of tea,
biscuits and long lunch hours.
|
