practical RBAC
kwebapp(1) configuration
roles { }; struct company { field name text; field id int rowid; }; struct session { field company struct cid; field uid int rowid; field cid:company.id int; }; struct session { field user struct userid; field userid:user.uid int comment "Associated user."; field token int comment "Random cookie."; field mtime epoch; field id int rowid; iterate user.company.name,mtime: name foo comment "Search for company's logged-in users."; roles default { insert; delete id; } comment "Authenticated session."; };
/* * Authenticated session. */ struct session { struct user user; /* Associated user. */ int64_t userid; /* Random cookie. */ int64_t token; time_t mtime; int64_t id; }; /* * Insert a new row into the database. * Only native (and non-rowid) fields may be set. * v1: userid * v2: token * v3: mtime * Returns the new row's identifier on success * or <0 otherwise. */ int64_t db_session_insert(struct ksql *db, int64_t v1, int64_t v2, time_t v3);