mlibrary / checkpoint / 54
100%
main: 100%

LAST BUILD BRANCH: dependabot/github_actions/coverallsapp/github-action-2.1.2
DEFAULT BRANCH: main
Ran
Jobs 1
Files 48
Run time 2s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
54

push

travis-ci

botimer 
CP-37 - Add permit/revoke to Permits repository

This adds two methods, permit! and revoke! to the Permits repository.
The permit! method is for a single permit, and revoke! can operate on
multiple.

The way revocation works is nontrivial because of the Cartesian
matching, but it mirrors selection (as implemented in the for method).
Typically, one agent, credential, and resource combination would be
supplied, where the operation is obvious. Multiple operation is complex
enough to deserve an example:

If an agent were granted some permission to two resources, these could
both be revoked at the same time by supplying the one agent, one
credential, and both resources as an array.

If two agents were granted that permission on the same two resources,
there would be four permits. All of these could be revoked by supplying
the two agents as an array, the permission, and both resources as an
array.

If those same two agents were each granted a different, additional
permission on one additional resource, there would be a total of six
permits as follows:

A1, C1, R1
A1, C1, R2
A1, C2, R3
A2, C1, R1
A2, C1, R2
A2, C2, R3

All of these permits could be revoked by supplying:

[A1, A2], [C1, C2], [R1, R2, R3]

This follows the any-any-any, Cartesian matching pattern for selection,
but care must be taken that agents or resources are not expanded by a
resolver beforehand, or broader grants than are intended could be
revoked. For example, a resource would typically resolve to a specific
token, a type-wide wildcard, and an all-resource wildcard for inherited
matching semantics.

For access checks, this expansion is intuitive (a broad grant matches a
narrow inquiry). For deletion, this could mean that an attempt to revoke
narrow access would revoke at the type or global level. This could be
particularly troublesome if the agent and resource are expanded to match
things like "any logged in user" and "all documents", when attempting to
revoke a grant for a specific user ... (continued)

1511 of 1511 relevant lines covered (100.0%)

3.21 hits per line

Jobs
ID Job ID Ran Files Coverage
1 54.1 (2.4.2) 0
100.0
 Travis Job 54.1
Source Files on build 54
Detailed source file information is not available for this build.