Permission expressions from DB

[thaingo]

We have a use-case in which Admin user should be able to configure permissions (read/update/delete) in non-programming way.

To implement that requirement, one of steps is to fetch permission expressions from DB and construct permission strings. Is there any way to do that?

[aklish]

There is no base support in Elide for something like this. It also feels like a narrow use case so I'm not sure we would add support for it.

Usually, there is a database with a predefined set of roles and users can be added or removed from roles and permissions. Model security is static and users are simply given or revoked permissions via the database.

Dynamic model security would require either:

1. Make Elide security checks generic (read, write, update) - and implement the check definitions using something dynamic from the database.
2. Elide 5 added a dynamic type system (which means Elide types can be created dynamically). JPA requires static annotations to work - but you could leverage a hybrid (JPA annotations are static but Elide annotations are dynamic). We do plan on adding a mechanism to refresh the Elide types after service boot (for yavin project). In theory, you could hook into something like this.

[thaingo]

Thanks for the input @aklish . Looking forward to the mechanism to refresh the Elide types.

Also, I'm curious to know more of usage of Elide types.

1. One use-case, I have done and do see them a bit convenience over JVM types, is that it is more convenient to check types at runtime and construct different api graphs/paths. Hence I can reuse code, specifically filter expression checks. Could you share some more use-cases of the Elide type system?
2. What do you mean Elide types can be created dynamically specifically? Could you show some example of that?

[aklish]

Elide's type system is very similar to the Java reflection API. Here is the root of all Elide types:

https://github.com/yahoo/elide/blob/master/elide-core/src/main/java/com/yahoo/elide/core/type/Type.java

All Java classes are wrapped in the following subclass that uses reflection to implement the Type interface:

https://github.com/yahoo/elide/blob/master/elide-core/src/main/java/com/yahoo/elide/core/type/ClassType.java

Elide analytic models can be defined either with Java classes OR HJSON configuration files. To implement, the latter, we created a different subclass of Type:

https://github.com/yahoo/elide/blob/master/elide-datastore/elide-datastore-aggregation/src/main/java/com/yahoo/elide/datastores/aggregation/dynamic/TableType.java

To leverage custom types, you must implement your own DataStore to register them with Elide. Your types could subclass ClassType but provide annotation information for Elide permissions by instead reading the information from your database. Because your models are still Java classes (registered with Elide using a subclass of ClassType), JPA will still work. Permission annotations though will be returned dynamically from your database.