Skip to content

webdsl-ac.stx

pdmosses/webdsl-statix/webdslstatix/trans/static-semantics/webdsl-ac.stx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286

module 

imports
  static-semantics/actions/functions

  static-semantics/entities/annotations

  static-semantics/types/built-ins

  static-semantics/ui/template-calls

  static-semantics/webdsl-actions
  static-semantics/webdsl-built-ins
  static-semantics/webdsl-entities
  static-semantics/webdsl-types
  static-semantics/webdsl

rules // built-ins

   : scope * scope
  declareACBuiltIns(, ) :- {    }
    bool == bool(s_resolve),
    entity == entity(s_resolve),

    new s_securityContext,
    declareEntityAnnotation(s_securityContext, SESSIONENTITY()),
    declareExtendScope(s_decl, "securityContext", s_securityContext), // declare s_type to be linked to type name
    extendScopes(resolveExtendScope(s_decl, "securityContext"), s_securityContext),
    declareType(s_decl, "securityContext", ENTITY("securityContext", s_securityContext)),
    declareVar(s_decl, "securityContext", ENTITY("securityContext", s_securityContext)),

    declareBuiltInFunction(s_decl, "loggedIn", [], bool),
    declareBuiltInFunction(s_decl, "logout", [], entity),
    declareBuiltInFunction(s_decl, "principalAsEntity", [], entity),

    declareTemplate(s_decl, "login", []),
    declareTemplate(s_decl, "logout", []),
    declareTemplate(s_decl, "authentication", []).

  typeOfFunctionCall(s, "loggedIn", []) = bool(s) :- principalDefined(s).
  typeOfFunctionCall(s, "logout", []) = VOID() :- principalDefined(s).
  typeOfFunctionCall(s, "principalAsEntity", []) = entity(s) :- principalDefined(s).
  typeOfFunctionCall(, "authenticate", argExps) = bool(s) :- {   }
    principalDefined(s),
    argTypes == typesOfExps(s, argExps),
    credentialTypes == credentialTypes(s),
    typesCompatible(argTypes, credentialTypes) == TRUE() | error $[Argument types [argTypes] not compatible with credential types [credentialTypes]].

  templateCallMatchesSig(s, "login", [], _) :- principalDefined(s).
  templateCallMatchesSig(s, "logout", [], _) :- principalDefined(s).
  templateCallMatchesSig(s, "authenticate", [], _) :- principalDefined(s).

rules

  sectionOk(s, AccessControlDefinition(_, defs)) :- acDefsOk(s, defs).

  acDefsOk maps acDefOk(*, list(*))
   : scope * AccessControlDefinition
  acDefOk(_,_) :- false | error $[This access control definition is not yet supported].

rules // securitycontext and principal

  defOk(s, AccessControlPrincipalDef(ent, properties)) :- principalDefOk(s, ent, properties).
  acDefOk(s, AccessControlPrincipalAcDef(ent, properties)) :- principalDefOk(s, ent, properties).

   : scope * string * list(string)
  principalDefOk(, , ) :- {  entityName   }
    // TO-DO: only give principal access to the credential properties instead of all
    definedTypeCustomError(s, ent) == t@ENTITY(entityName, s_ent) | error $[Entity [ent] does not exist, and cannot be used as principal for access control], // correct error message for tests
    principalPropertyTypes(s_ent, properties, ent) == credentialTypes,
    compatibleCredentialTypes(properties, credentialTypes),
    declSecurityContext(s, t, credentialTypes).

  compatibleCredentialTypes maps compatibleCredentialType(list(*), list(*))
   : string * TYPE
  compatibleCredentialType(x, s) :-
    isStringCompatibleType(s) | error $[Credential types should be compatible with String type] @x.

   : scope * TYPE * list(TYPE)
  declSecurityContext(, principalType, credentialTypes) :- {  }
    new s_extend_security_context,
    declProperty(s_extend_security_context, "securityContext", "principal", principalType),
    declProperty(s_extend_security_context, "securityContext", "loggedIn", bool(s)),
    declareCredentials(s_extend_security_context, credentialTypes),
    declareExtendScope(s, "securityContext", s_extend_security_context),
    extendScopes(resolveExtendScope(s, "securityContext"), s_extend_security_context).

   : scope * list(TYPE)
  declareCredentials(s, ts) :- !var["_credentials", withType(CREDENTIALS(ts))] in s.

rules // access control rules

  acDefOk(s, Rule(r)) :- acRuleOk(s, r).

   : scope * AccessControlRule
  acRuleOk(_, _) :- try { false } | warning $[This access control rule is not yet implemented].
  acRuleOk(, AccessControlRule(t, , mas@MatchArgs(, _), , nested)) :- {     }
    acRuleSignatureOk(s, t, x, mas),
    bool == bool(s),
    new s_rule, s_rule -F-> s,
    argTypes == typesOfArgs(s, args),
    declareParameters(s_rule, zipArgTypes(args, argTypes)),
    principalType == principalType(s) | error $[Cannot have access control rules without a principal declaration] @x, // correct error message for tests
    declareVar(s_rule, "principal", principalType),
    declareVar(s_rule, "loggedIn", bool),
    nestedAcRulesOk(s_rule, nested),
    equalType(typeOfExp(s_rule, exp), bool) | error $[Rule should contain a Bool expression] @exp. // correct error message for tests

  acRuleOk(, SpecialAccessControlRule()) :- {    }
    bool == bool(s),
    new s_rule, s_rule -F-> s,
    principalType == principalType(s) | error $[Cannot have access control rules without a principal declaration], // correct error message for tests
    declareVar(s_rule, "principal", principalType),
    declareVar(s_rule, "loggedIn", bool),
    equalType(typeOfExp(s_rule, exp), bool) | error $[Rule should contain a Bool expression] @exp. // correct error message for tests

   maps nestedAcRuleOk(*, list(*))
   : scope * AccessControlRule
  nestedAcRuleOk(_, _) :- false | error $[Nested rule type unknown, nested rules must be of type "action"]. // correct error message for tests
  nestedAcRuleOk(_, AccessControlRule(t, _, _, _, _)) :- false | error $[Nested rule type unknown, nested rules must be of type "action"] @t. // correct error message for tests
  nestedAcRuleOk(, AccessControlRule(ACTypeAction(), x, MatchArgs(, _), , nested)) :- {   }
    new s_rule, s_rule -P-> s, // P label here instead of F to correctly resolve and error on variable usage
    argTypes == typesOfArgs(s, args),
    declareParameters(s_rule, zipArgTypes(args, argTypes)),
    nestedAcRulesOk(s_rule, nested),
    equalType(typeOfExp(s_rule, exp), bool(s)) | error $[Rule should contain a Bool expression] @exp. // correct error message for tests

  nestedAcRuleOk(, SpecialAccessControlRule()) :- {  }
    new s_rule, s_rule -P-> s,
    equalType(typeOfExp(s_rule, exp), bool(s)) | error $[Rule should contain a Bool expression] @exp. // correct error message for tests

   : scope * AccessControlType * MatchName * OptMatchArgs
  acRuleSignatureOk(_, _, m, _) :- try { false } | warning $[This access control signature is not checked yet] @m.

  // a wildcard in the name is always ok
  acRuleSignatureOk(_, _, MatchNameWildCard(), _).
  acRuleSignatureOk(_, _, MatchName(_, WildCardArg()), _).

  acRuleSignatureOk(s, ACTypePage(), MatchName(, OptWildCardArgNone()), MatchArgs(_, WildCardArg())) :-
    pageType(s, p) == PAGE(_, _) | error $[Page rule refers to non-existing page [p]] @p. // correct error message for tests

  acRuleSignatureOk(, ACTypePage(), MatchName(, OptWildCardArgNone()), MatchArgs(, OptWildCardArgNone())) :- {   }
    pageType(s, p) == PAGE(_, sigTypes) | error $[Page rule refers to non-existing page [p]] @p, // correct error message for tests
    typesOfArgs(s, args) == argTypes,
    argTypes == sigTypes | error $[Argument types [argTypes] are not equal to the page signature types [sigTypes]] @args.

  acRuleSignatureOk(_, ACTypeAction(), _, _).

  acRuleSignatureOk(s, ACTypeTemplate(), MatchName(, OptWildCardArgNone()), MatchArgs(_, WildCardArg())) :-
    resolveTemplateNoAjax(s, t) == [_ | _] | error $[Template rule refers to non-existing template [t]. For ajax templates, use 'rule ajaxtemplate'] @t. // correct error message for tests

  acRuleSignatureOk(, ACTypeTemplate(), MatchName(, OptWildCardArgNone()), MatchArgs(, OptWildCardArgNone())) :- {    }
    argTypes == typesOfArgs(s, args),
    queryResult@[_ | _] == resolveTemplateNoAjax(s, t) | error $[Template rule refers to non-existing template [t]. For ajax templates, use 'rule ajaxtemplate'] @t, // correct error message for tests
    ts == queryResultTypes(queryResult),
    acRuleSignatureArgsMatching(argTypes, ts) | error $[Template rule refers to non-existing template [t] with argument types [argTypes]] @args. // correct error message for tests

  acRuleSignatureOk(s, ACTypeAjaxTemplate(), MatchName(, OptWildCardArgNone()), MatchArgs(_, WildCardArg())) :-
    resolveAjaxTemplate(s, t) == [_ | _] | error $[Ajax template rule refers to non-existing template [t]. For non-ajax templates, use 'rule template'] @t. // correct error message for tests

  acRuleSignatureOk(, ACTypeAjaxTemplate(), MatchName(, OptWildCardArgNone()), MatchArgs(, OptWildCardArgNone())) :- {    }
    argTypes == typesOfArgs(s, args),
    queryResult@[_ | _] == resolveAjaxTemplate(s, t) | error $[Template rule refers to non-existing template [t]. For non-ajax templates, use 'rule template'] @t, // correct error message for tests
    ts == queryResultTypes(queryResult),
    acRuleSignatureArgsMatching(argTypes, ts) | error $[Template rule refers to non-existing template [t] with argument types [argTypes]] @args. // correct error message for tests

  acRuleSignatureOk(s, ACTypePointcut(), MatchName(, OptWildCardArgNone()), MatchArgs(_, WildCardArg())) :-
    resolvePointcut(s, p) == [_ | _] | error $[pointcut [p] does not exist] @p. // correct error message for tests

  acRuleSignatureOk(, ACTypePointcut(), MatchName(, OptWildCardArgNone()), MatchArgs(, OptWildCardArgNone())) :- {    }
    argTypes == typesOfArgs(s, args),
    queryResult@[_ | _] == resolvePointcut(s, p) | error $[pointcut [p] does not exist] @p, // correct error message for tests
    ts == queryResultTypes(queryResult),
    acRuleSignatureArgsMatching(argTypes, ts) | error $[Pointcut rule refers to non-existing pointcut [p] with argumnent types [argTypes]] @args. // correct error message for tests

   : list(TYPE) * list(TYPE)
  acRuleSignatureArgsMatching(_, []) :- false.
  acRuleSignatureArgsMatching(args, [TEMPLATE(_, args, _) | _]).
  acRuleSignatureArgsMatching(args, [POINTCUT(_, args) | _]).
  acRuleSignatureArgsMatching(args, [_ | ts]) :- acRuleSignatureArgsMatching(args, ts).

rules // predicates

  defOk(s, Predicate(p, args, exp)) :- predicateOk(s, p, args, exp, TRUE()).
  acDefOk(s, PredicateAc(p, args, exp)) :- predicateOk(s, p, args, exp, TRUE()).
  declEntityBodyDeclaration(s, _, PredicateInEntity(p, args, exp)) :- predicateOk(s, p, args, exp, FALSE()).

  // last bool denotes if predicate is declared in global scope
   : scope * string * OptFormalArgs * Exp * BOOL
  predicateOk(, , FormalArgs(), , global) :- {     }
    bool == bool(s),
    new s_predicate, s_predicate -F-> s,
    argTypes == typesOfArgs(s, args),
    declareParameters(s_predicate, zipArgTypes(args, argTypes)),
    principalType == principalType(s) | error $[Cannot have access control rules without a principal declaration] @p, // correct error message for tests
    declareVar(s_predicate, "principal", principalType),
    declareVar(s_predicate, "loggedIn", bool),
    equalType(typeOfExp(s_predicate, exp), bool) | error $[Predicate should contain a Bool expression] @exp, // correct error message for tests
    declPredicate(s, p, FUNCTION_ORIGIN(args), argTypes, bool, global).

  // last bool arg denotes if the scope is global
   : scope * string * ORIGIN * list(TYPE) * TYPE * BOOL
  declPredicate(s, p, origin, argTypes, return, TRUE()) :- declFunctionGlobal(s, p, origin, argTypes, return).
  declPredicate(s, p, origin, argTypes, return, FALSE()) :- declFunctionEntity(s, p, origin, argTypes, return, FALSE()).

rules // pointcuts

  acDefOk(, AccessControlPointcut(p, , elems)) :- {   }
    ts == typesOfArgs(s, fargs),
    declarePointcut(s, p, ts),
    new s_pointcut,
    declareParameters(s_pointcut, zipArgTypes(fargs, ts)),
    acPointcutElemsOk(s, s_pointcut, argNames(fargs), ts, elems).

  acPointcutElemsOk maps acPointcutElemOk(*, *, *, *, list(*))
   : scope * scope * list(string) * list(TYPE) * AccessControlPointcutElement
  acPointcutElemOk(s, s_pointcut, pointcutArgNames, ts, @AccessControlPointcutElement(_, _, args, _)) :-
    acPointcutElementDefined(s, s_pointcut, elem),
    pointcutArgsUsed(pointcutArgNames, args, elem).
//    sameElements(pointcutArgNames, args) | error $[Pointcut element must use all pointcut arguments: [pointcutArgNames]] @elem.

   : scope * scope * AccessControlPointcutElement
  acPointcutElementDefined(_, _, AccessControlPointcutElement(_, MatchName(p, WildCardArg()), _, _)).
  acPointcutElementDefined(_, _, AccessControlPointcutElement(t, _, _, _)) :-
    false | error $[Only pages, templates, ajaxtemplates and actions are supported in pointcuts] @t.

  acPointcutElementDefined(s, s_pointcut, elem@AccessControlPointcutElement(ACTypePage(), MatchName(, _), args, optWc)) :- {   }
    argTypes == typesOfPointcutIdentifiers(s_pointcut, args),
    resolvePage(s, p) == [(_, (_, PAGE(_, ts)))] | error $[Page rule refers to non-existing page [p]] @p, // correct error message for tests
    acPointcutElementArgsCompatible(argTypes, ts, optWc) | error $[Incompatible argument types for page [p]] @elem.

  acPointcutElementDefined(s, s_pointcut, elem@AccessControlPointcutElement(ACTypeTemplate(), MatchName(, _), args, optWc)) :- {   }
    argTypes == typesOfPointcutIdentifiers(s_pointcut, args),
    resolveTemplateNoAjax(s, t) == [(_, (_, TEMPLATE(_, ts, _)))] | error $[Template rule refers to non-existing template [t]] @t, // correct error message for tests
    acPointcutElementArgsCompatible(argTypes, ts, optWc) | error $[Template rule refers to non-existing template [t] for the given argument types] @elem. // correct error message for tests

  acPointcutElementDefined(s, s_pointcut, elem@AccessControlPointcutElement(ACTypeAjaxTemplate(), MatchName(, _), args, optWc)) :- {   }
    argTypes == typesOfPointcutIdentifiers(s_pointcut, args),
    resolveAjaxTemplate(s, t) == [(_, (_, TEMPLATE(_, ts, _)))] | error $[Ajax template rule refers to non-existing template [t]] @t, // correct error message for tests
    acPointcutElementArgsCompatible(argTypes, ts, optWc) | error $[Ajax template rule refers to non-existing template [t] for the given argument types] @elem. // correct error message for tests

  acPointcutElementDefined(_, _, elem@AccessControlPointcutElement(ACTypeAction(), _, _, _)).

   : list(TYPE) * list(TYPE) * OptWildCardArg
  acPointcutElementArgsCompatible([], [], _).
  acPointcutElementArgsCompatible([], [_ | _], WildCardArg()).
  acPointcutElementArgsCompatible([], [_ | _], OptWildCardArgNone()) :- false.
  acPointcutElementArgsCompatible([_ | _], [], _) :- false.
  acPointcutElementArgsCompatible([t1 | t1s], [t2 | t2s], optWc) :-
    typeCompatible(t1, t2),
    acPointcutElementArgsCompatible(t1s, t2s, optWc).

rules // utils

  principalPropertyTypes maps principalPropertyType(*, list(*), *) = list(*)
   : scope * string * string -> TYPE
  principalPropertyType(s, , ent) = t :-
    t == propertyType(s, x) | error $[[x] is not a property of entity [ent]]. // correct error message for tests
  principalPropertyType(s, @"name", ent) = t :-
    t == propertyType(s, x) | error $[Principal credential type [ent] does not have a [x] property, a property with [x] annotation is not sufficient for use as credential]. // correct error message for tests

   : scope
  principalDefined(s) :- { t }
    principalType(s) == t | error $[Principal is not defined].

   : scope -> TYPE
  principalType(s) = t :- {  }
    resolveType(s, "securityContext") == [(_, (_, ENTITY(_, s_securityContext)))] | error $[securityContext not defined],
    resolveProperty(s_securityContext, "principal") == [(_, (_, t))]. // no fixed error message here to allow more specific error messages on higher predicates

   : scope -> list(TYPE)
  credentialTypes(s) = ts :- {   }
    resolveType(s, "securityContext") == [(_, (_, ENTITY(_, s_securityContext)))] | error $[securityContext not defined],
    queryResultTypes(resolveProperty(s_securityContext, "_credentials")) == result,
    result == [CREDENTIALS(ts) | _] | error $[No credentials have been defined].

   maps typesOfPointcutIdentifier(*, list(*)) = list(*)
   : scope * string -> TYPE
  typesOfPointcutIdentifier(s, ) = t :-
    resolveVar(s, x) == [(_, (_, t))] | error $[Pointcut element uses unknown identifier [x]]. // correct error message for tests

  pointcutArgsUsed maps pointcutArgUsed(list(*), *, *)
   : string * list(string) * AccessControlPointcutElement
  pointcutArgUsed(x, [], loc) :- false | error $[Pointcut element must use pointcut argument [x]] @loc. // correct error message for tests
  pointcutArgUsed(x, [x | _], _).
  pointcutArgUsed(x, [_ | ys], loc) :- pointcutArgUsed(x, ys, loc).