diff options
| author | Owen Jacobson <owen@grimoire.ca> | 2022-02-26 13:10:37 -0500 |
|---|---|---|
| committer | Owen Jacobson <owen@grimoire.ca> | 2022-02-26 13:20:38 -0500 |
| commit | a4b5716d159cb35f99d5291c1951f140643c0c68 (patch) | |
| tree | 43cdbab8c1f5e3c9efaf02aeb1e8fa66d683f136 /site/code | |
| parent | a229af2ef98099d88e85faedfde4d9ee68cd7f8d (diff) | |
Stop tracking the built site!
Diffstat (limited to 'site/code')
| -rw-r--r-- | site/code/commit-messages/index.html | 177 | ||||
| -rw-r--r-- | site/code/configuring-browser-apps/index.html | 267 | ||||
| -rw-r--r-- | site/code/index.html | 192 | ||||
| -rw-r--r-- | site/code/users-rolegraph-privs/index.html | 244 |
4 files changed, 0 insertions, 880 deletions
diff --git a/site/code/commit-messages/index.html b/site/code/commit-messages/index.html deleted file mode 100644 index 2692dc0..0000000 --- a/site/code/commit-messages/index.html +++ /dev/null @@ -1,177 +0,0 @@ -<!DOCTYPE html> -<html lang="en"> - <head> - <meta charset="utf-8"> - <meta http-equiv="X-UA-Compatible" content="IE=edge"> - <meta name="viewport" content="width=device-width, initial-scale=1.0"> - - - - <link rel="shortcut icon" href="../../img/favicon.ico"> - <title>Writing Good Commit Messages - The Grimoire</title> - <link href="../../css/bootstrap-custom.min.css" rel="stylesheet"> - <link href="../../css/font-awesome.min.css" rel="stylesheet"> - <link href="../../css/base.css" rel="stylesheet"> - <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css"> - <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries --> - <!--[if lt IE 9]> - <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> - <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script> - <![endif]--> - - <script src="../../js/jquery-1.10.2.min.js" defer></script> - <script src="../../js/bootstrap-3.0.3.min.js" defer></script> - <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script> - <script>hljs.initHighlightingOnLoad();</script> - </head> - - <body> - - <div class="navbar navbar-default navbar-fixed-top" role="navigation"> - <div class="container"> - - <!-- Collapsed navigation --> - <div class="navbar-header"> - <!-- Expander button --> - <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> - <span class="sr-only">Toggle navigation</span> - <span class="icon-bar"></span> - <span class="icon-bar"></span> - <span class="icon-bar"></span> - </button> - <a class="navbar-brand" href="../..">The Grimoire</a> - </div> - - <!-- Expanded navigation --> - <div class="navbar-collapse collapse"> - <!-- Main navigation --> - <ul class="nav navbar-nav"> - <li > - <a href="../..">Owen Jacobson</a> - </li> - <li > - <a href="../">Code</a> - </li> - <li > - <a href="../../nomic/">Nomic</a> - </li> - </ul> - - <ul class="nav navbar-nav navbar-right"> - <li> - <a href="#" data-toggle="modal" data-target="#mkdocs_search_modal"> - <i class="fa fa-search"></i> Search - </a> - </li> - <li> - <a href="https://github.com/grimoire-ca/bliki/edit/master/docs/code/commit-messages.md"><i class="fa fa-github"></i> Edit on GitHub</a> - </li> - </ul> - </div> - </div> - </div> - - <div class="container"> - <div class="col-md-3"><div class="bs-sidebar hidden-print affix well" role="complementary"> - <ul class="nav bs-sidenav"> - <li class="main active"><a href="#writing-good-commit-messages">Writing Good Commit Messages</a></li> - </ul> -</div></div> - <div class="col-md-9" role="main"> - -<h1 id="writing-good-commit-messages">Writing Good Commit Messages<a class="headerlink" href="#writing-good-commit-messages" title="Permanent link">¶</a></h1> -<p>Rule zero: “good” is defined by the standards of the project you're on. Have a look at what the existing messages look like, and try to emulate that first before doing anything else.</p> -<p>Having said that, here are some principles I've found helpful and broadly applicable.</p> -<ul> -<li> -<p>Treat the first line of the message as a one-sentence summary. Most SCM systems have an “overview” command that shows shortened commit messages in bulk, so making the very beginning of the message meaningful helps make those modes more useful for finding specific commits. <em>It's okay for this to be a “what” description</em> if the rest of the message is a “why” description.</p> -</li> -<li> -<p>Fill out the rest of the message with prose outlining why you made the change. Don't reiterate the contents of the change in great detail if you can avoid it: anyone who needs that can read the diff themselves, or reach out to ask for help understanding the change. A good rationale sets context for the problem being solved and addresses the ways the proposed change alters that context.</p> -</li> -<li> -<p>If you use an issue tracker (and you should), include whatever issue-linking notes it supports right at the start of the message, where it'll be visible even in summarized commit logs. If your tracker has absurdly long issue-linking syntax, or doesn't support issue links in commits at all, include a short issue identifier at the front of the message and put the long part somewhere out of the way, such as on a line of its own at the end of the message.</p> -</li> -<li> -<p>If you need rich commit messages (links, lists, and so on), pick one markup language and stick with it. It'll be easier to write useful commit formatters if you only have to deal with one syntax, rather than four. Personally, I use Markdown when I can, or a reduced subset of Markdown, as it's something most developers I interact with will be at least passing familiar with.</p> -</li> -</ul></div> - </div> - - <footer class="col-md-12"> - <hr> - <p>Documentation built with <a href="https://www.mkdocs.org/">MkDocs</a>.</p> - </footer> - <script> - var base_url = "../..", - shortcuts = {"help": 191, "next": 78, "previous": 80, "search": 83}; - </script> - <script src="../../js/base.js" defer></script> - <script src="../../search/main.js" defer></script> - - <div class="modal" id="mkdocs_search_modal" tabindex="-1" role="dialog" aria-labelledby="Search Modal" aria-hidden="true"> - <div class="modal-dialog"> - <div class="modal-content"> - <div class="modal-header"> - <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> - <h4 class="modal-title" id="exampleModalLabel">Search</h4> - </div> - <div class="modal-body"> - <p> - From here you can search these documents. Enter - your search terms below. - </p> - <form role="form"> - <div class="form-group"> - <input type="text" class="form-control" placeholder="Search..." id="mkdocs-search-query" title="Type search term here"> - </div> - </form> - <div id="mkdocs-search-results"></div> - </div> - <div class="modal-footer"> - </div> - </div> - </div> -</div><div class="modal" id="mkdocs_keyboard_modal" tabindex="-1" role="dialog" aria-labelledby="Keyboard Shortcuts Modal" aria-hidden="true"> - <div class="modal-dialog"> - <div class="modal-content"> - <div class="modal-header"> - <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> - <h4 class="modal-title" id="exampleModalLabel">Keyboard Shortcuts</h4> - </div> - <div class="modal-body"> - <table class="table"> - <thead> - <tr> - <th style="width: 20%;">Keys</th> - <th>Action</th> - </tr> - </thead> - <tbody> - <tr> - <td class="help shortcut"><kbd>?</kbd></td> - <td>Open this help</td> - </tr> - <tr> - <td class="next shortcut"><kbd>n</kbd></td> - <td>Next page</td> - </tr> - <tr> - <td class="prev shortcut"><kbd>p</kbd></td> - <td>Previous page</td> - </tr> - <tr> - <td class="search shortcut"><kbd>s</kbd></td> - <td>Search</td> - </tr> - </tbody> - </table> - </div> - <div class="modal-footer"> - </div> - </div> - </div> -</div> - - </body> -</html> diff --git a/site/code/configuring-browser-apps/index.html b/site/code/configuring-browser-apps/index.html deleted file mode 100644 index de2abd7..0000000 --- a/site/code/configuring-browser-apps/index.html +++ /dev/null @@ -1,267 +0,0 @@ -<!DOCTYPE html> -<html lang="en"> - <head> - <meta charset="utf-8"> - <meta http-equiv="X-UA-Compatible" content="IE=edge"> - <meta name="viewport" content="width=device-width, initial-scale=1.0"> - - - - <link rel="shortcut icon" href="../../img/favicon.ico"> - <title>Configuring Browser Apps - The Grimoire</title> - <link href="../../css/bootstrap-custom.min.css" rel="stylesheet"> - <link href="../../css/font-awesome.min.css" rel="stylesheet"> - <link href="../../css/base.css" rel="stylesheet"> - <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css"> - <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries --> - <!--[if lt IE 9]> - <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> - <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script> - <![endif]--> - - <script src="../../js/jquery-1.10.2.min.js" defer></script> - <script src="../../js/bootstrap-3.0.3.min.js" defer></script> - <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script> - <script>hljs.initHighlightingOnLoad();</script> - </head> - - <body> - - <div class="navbar navbar-default navbar-fixed-top" role="navigation"> - <div class="container"> - - <!-- Collapsed navigation --> - <div class="navbar-header"> - <!-- Expander button --> - <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> - <span class="sr-only">Toggle navigation</span> - <span class="icon-bar"></span> - <span class="icon-bar"></span> - <span class="icon-bar"></span> - </button> - <a class="navbar-brand" href="../..">The Grimoire</a> - </div> - - <!-- Expanded navigation --> - <div class="navbar-collapse collapse"> - <!-- Main navigation --> - <ul class="nav navbar-nav"> - <li > - <a href="../..">Owen Jacobson</a> - </li> - <li > - <a href="../">Code</a> - </li> - <li > - <a href="../../nomic/">Nomic</a> - </li> - </ul> - - <ul class="nav navbar-nav navbar-right"> - <li> - <a href="#" data-toggle="modal" data-target="#mkdocs_search_modal"> - <i class="fa fa-search"></i> Search - </a> - </li> - <li> - <a href="https://github.com/grimoire-ca/bliki/edit/master/docs/code/configuring-browser-apps.md"><i class="fa fa-github"></i> Edit on GitHub</a> - </li> - </ul> - </div> - </div> - </div> - - <div class="container"> - <div class="col-md-3"><div class="bs-sidebar hidden-print affix well" role="complementary"> - <ul class="nav bs-sidenav"> - <li class="main active"><a href="#configuring-browser-apps">Configuring Browser Apps</a></li> - <li><a href="#why-bother">Why Bother</a></li> - <li><a href="#what-gets-configured">What Gets Configured</a></li> - <li><a href="#delivering-configuration">Delivering Configuration</a></li> - </ul> -</div></div> - <div class="col-md-9" role="main"> - -<h1 id="configuring-browser-apps">Configuring Browser Apps<a class="headerlink" href="#configuring-browser-apps" title="Permanent link">¶</a></h1> -<p>I've found myself in he unexpected situation of having to write a lot of -browser apps/single page apps this year. I have some thoughts on configuration.</p> -<h2 id="why-bother">Why Bother<a class="headerlink" href="#why-bother" title="Permanent link">¶</a></h2> -<ul> -<li>Centralize environment-dependent facts to simplify management & testing</li> -<li> -<p>Make it easy to manage app secrets.</p> -<p><a href="https://twitter.com/wlonk">@wlonk</a> adds:</p> -<blockquote> -<p>“Secrets”? What this means in a browser app is a bit different.</p> -</blockquote> -<p>Which is unpleasantly true. In a freestanding browser app, a “secret” is only as secret as your users and their network connections choose to make it, i.e., not very secret at all. Maybe that should read “make it easy to manage app <em>tokens</em> and <em>identities</em>,” instead.</p> -</li> -<li> -<p>Keep config data & API tokens out of app's source control</p> -</li> -<li>Integration point for external config sources (Aerobatic, Heroku, etc)</li> -<li>The forces described in <a href="http://12factor.net/dependencies">12 Factor App: Dependencies</a> and, to a lesser extent, <a href="http://12factor.net/config">12 Factor App: Configuration</a> apply just as well to web client apps as they do to freestanding services.</li> -</ul> -<h2 id="what-gets-configured">What Gets Configured<a class="headerlink" href="#what-gets-configured" title="Permanent link">¶</a></h2> -<p>Yes:</p> -<ul> -<li>Base URLs of backend services</li> -<li>Tokens and client IDs for various APIs</li> -</ul> -<p>No:</p> -<ul> -<li>“Environments” (sorry, Ember folks - I know Ember thought this through carefully, but whole-env configs make it easy to miss settings in prod or test, and encourage patterns like “all devs use the same backends”)</li> -</ul> -<h2 id="delivering-configuration">Delivering Configuration<a class="headerlink" href="#delivering-configuration" title="Permanent link">¶</a></h2> -<p>There are a few ways to get configuration into the app.</p> -<h3 id="globals">Globals<a class="headerlink" href="#globals" title="Permanent link">¶</a></h3> -<pre><code class="html"><head> - <script>window.appConfig = { - "FOO_URL": "https://foo.example.com/", - "FOO_TOKEN": "my-super-secret-token" - };</script> - <script src="/your/app.js"></script> -</head> -</code></pre> - -<ul> -<li>Easy to consume: it's just globals, so <code>window.appConfig.foo</code> will read them.<ul> -<li>This requires some discipline to use well.</li> -</ul> -</li> -<li>Have to generate a script to set them.<ul> -<li>This can be a <code><script>window.appConfig = {some json}</script></code> tag or a standalone config script loaded with <code><script src="/config.js"></code></li> -<li>Generating config scripts sets a minimum level of complexity for the deployment process: you either need a server to generate the script at request time, or a preprocessing step at deployment time.</li> -<li> -<p>It's code generation, which is easy to do badly. I had originally proposed using <code>JSON.stringify</code> to generate a Javascript object literal, but this fails for any config values with <code></script></code> in them. That may be an unlikely edge case, but that only makes it a nastier trap for administrators.</p> -<p><a href="https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify">There are more edge cases</a>. I strongly suspect that a hazard-free implementation requires a full-blown JS source generator. I had a look at building something out of <a href="https://github.com/estools/escodegen">escodegen</a> and <a href="https://github.com/estools/estemplate">estemplate</a>, but</p> -<ol> -<li> -<p><code>escodegen</code>'s node version <a href="https://github.com/estools/escodegen/issues/298">doesn't generate browser-safe code</a>, so string literals with <code></script></code> or <code></head></code> in them still break the page, and</p> -</li> -<li> -<p>converting javascript values into parse trees to feed to <code>estemplate</code> is some seriously tedious code.</p> -</li> -</ol> -</li> -</ul> -</li> -</ul> -<h3 id="data-attributes-and-link-elements">Data Attributes and Link Elements<a class="headerlink" href="#data-attributes-and-link-elements" title="Permanent link">¶</a></h3> -<pre><code class="html"><head> - <link rel="foo-url" href="https://foo.example.com/"> - <script src="/your/app.js" data-foo-token="my-super-secret-token"></script> -</head> -</code></pre> - -<ul> -<li>Flat values only. This is probably a good thing in the grand, since flat configurations are easier to reason about and much easier to document, but it makes namespacing trickier than it needs to be for groups of related config values (URL + token for a single service, for example).</li> -<li>Have to generate the DOM to set them.<ul> -<li>This is only practical given server-side templates or DOM rendering. You can't do this with bare nginx, unless you pre-generate pages at deployment time.</li> -</ul> -</li> -</ul> -<h3 id="config-api-endpoint">Config API Endpoint<a class="headerlink" href="#config-api-endpoint" title="Permanent link">¶</a></h3> -<pre><code class="js">fetch('/config') /* {"FOO_URL": …, "FOO_TOKEN": …} */ - .then(response => response.json()) - .then(json => someConfigurableService); -</code></pre> - -<ul> -<li>Works even with “dumb” servers (nginx, CloudFront) as the endpoint can be a generated JSON file on disk. If you can generate files, you can generate a JSON endpoint.</li> -<li>Requires an additional request to fetch the configuration, and logic for injecting config data into all the relevant configurable places in the code.<ul> -<li>This request can't happen until all the app code has loaded.</li> -<li>It's very tempting to write the config to a global. This produces some hilarious race conditions.</li> -</ul> -</li> -</ul> -<h3 id="cookies">Cookies<a class="headerlink" href="#cookies" title="Permanent link">¶</a></h3> -<p>See for example <a href="https://github.com/henrikjoreteg/clientconfig">clientconfig</a>:</p> -<pre><code class="js">var config = require('clientconfig'); -</code></pre> - -<ul> -<li>Easy to consume given the right tools; tricky to do right from scratch.</li> -<li>Requires server-side support to send the correct cookie. Some servers will allow you to generate the right cookie once and store it in a config file; others will need custom logic, which means (effectively) you need an app server.</li> -<li>Cookies persist and get re-sent on subsequent requests, even if the server stops delivering config cookies. Client code has to manage the cookie lifecycle carefully (clientconfig does this automatically)</li> -<li>Size limits constrain how much configuration you can do.</li> -</ul></div> - </div> - - <footer class="col-md-12"> - <hr> - <p>Documentation built with <a href="https://www.mkdocs.org/">MkDocs</a>.</p> - </footer> - <script> - var base_url = "../..", - shortcuts = {"help": 191, "next": 78, "previous": 80, "search": 83}; - </script> - <script src="../../js/base.js" defer></script> - <script src="../../search/main.js" defer></script> - - <div class="modal" id="mkdocs_search_modal" tabindex="-1" role="dialog" aria-labelledby="Search Modal" aria-hidden="true"> - <div class="modal-dialog"> - <div class="modal-content"> - <div class="modal-header"> - <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> - <h4 class="modal-title" id="exampleModalLabel">Search</h4> - </div> - <div class="modal-body"> - <p> - From here you can search these documents. Enter - your search terms below. - </p> - <form role="form"> - <div class="form-group"> - <input type="text" class="form-control" placeholder="Search..." id="mkdocs-search-query" title="Type search term here"> - </div> - </form> - <div id="mkdocs-search-results"></div> - </div> - <div class="modal-footer"> - </div> - </div> - </div> -</div><div class="modal" id="mkdocs_keyboard_modal" tabindex="-1" role="dialog" aria-labelledby="Keyboard Shortcuts Modal" aria-hidden="true"> - <div class="modal-dialog"> - <div class="modal-content"> - <div class="modal-header"> - <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> - <h4 class="modal-title" id="exampleModalLabel">Keyboard Shortcuts</h4> - </div> - <div class="modal-body"> - <table class="table"> - <thead> - <tr> - <th style="width: 20%;">Keys</th> - <th>Action</th> - </tr> - </thead> - <tbody> - <tr> - <td class="help shortcut"><kbd>?</kbd></td> - <td>Open this help</td> - </tr> - <tr> - <td class="next shortcut"><kbd>n</kbd></td> - <td>Next page</td> - </tr> - <tr> - <td class="prev shortcut"><kbd>p</kbd></td> - <td>Previous page</td> - </tr> - <tr> - <td class="search shortcut"><kbd>s</kbd></td> - <td>Search</td> - </tr> - </tbody> - </table> - </div> - <div class="modal-footer"> - </div> - </div> - </div> -</div> - - </body> -</html> diff --git a/site/code/index.html b/site/code/index.html deleted file mode 100644 index f26b2dd..0000000 --- a/site/code/index.html +++ /dev/null @@ -1,192 +0,0 @@ -<!DOCTYPE html> -<html lang="en"> - <head> - <meta charset="utf-8"> - <meta http-equiv="X-UA-Compatible" content="IE=edge"> - <meta name="viewport" content="width=device-width, initial-scale=1.0"> - <meta name="description" content="None"> - - - <link rel="shortcut icon" href="../img/favicon.ico"> - <title>The Grimoire</title> - <link href="../css/bootstrap-custom.min.css" rel="stylesheet"> - <link href="../css/font-awesome.min.css" rel="stylesheet"> - <link href="../css/base.css" rel="stylesheet"> - <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css"> - <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries --> - <!--[if lt IE 9]> - <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> - <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script> - <![endif]--> - - <script src="../js/jquery-1.10.2.min.js" defer></script> - <script src="../js/bootstrap-3.0.3.min.js" defer></script> - <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script> - <script>hljs.initHighlightingOnLoad();</script> - </head> - - <body class="homepage"> - - <div class="navbar navbar-default navbar-fixed-top" role="navigation"> - <div class="container"> - - <!-- Collapsed navigation --> - <div class="navbar-header"> - <!-- Expander button --> - <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> - <span class="sr-only">Toggle navigation</span> - <span class="icon-bar"></span> - <span class="icon-bar"></span> - <span class="icon-bar"></span> - </button> - <a class="navbar-brand" href="..">The Grimoire</a> - </div> - - <!-- Expanded navigation --> - <div class="navbar-collapse collapse"> - <!-- Main navigation --> - <ul class="nav navbar-nav"> - <li > - <a href="..">Owen Jacobson</a> - </li> - <li class="active"> - <a href="./">Code</a> - </li> - <li > - <a href="../nomic/">Nomic</a> - </li> - </ul> - - <ul class="nav navbar-nav navbar-right"> - <li> - <a href="#" data-toggle="modal" data-target="#mkdocs_search_modal"> - <i class="fa fa-search"></i> Search - </a> - </li> - <li > - <a rel="next" href=".."> - <i class="fa fa-arrow-left"></i> Previous - </a> - </li> - <li > - <a rel="prev" href="../nomic/"> - Next <i class="fa fa-arrow-right"></i> - </a> - </li> - <li> - <a href="https://github.com/grimoire-ca/bliki/edit/master/docs/code/index.md"><i class="fa fa-github"></i> Edit on GitHub</a> - </li> - </ul> - </div> - </div> - </div> - - <div class="container"> - <div class="col-md-3"><div class="bs-sidebar hidden-print affix well" role="complementary"> - <ul class="nav bs-sidenav"> - <li class="main active"><a href="#code">Code</a></li> - </ul> -</div></div> - <div class="col-md-9" role="main"> - -<h1 id="code">Code<a class="headerlink" href="#code" title="Permanent link">¶</a></h1> -<p>Pieces of code and code-adjacent work, with or without exposition, that don't quite fit into the library ecosystem, but which I enjoyed writing.</p> -<ul> -<li> -<p><a href="users-rolegraph-privs/">A Users, Roles & Privileges Scheme Using Graphs</a> — An SQL schema and associated queries for handling permissions when roles can nest arbitrarily.</p> -</li> -<li> -<p><a href="configuring-browser-apps/">Configuring Browser Apps</a> — Notes on the available techniques for delivering runtime configuration to code running in a user's browser, and the tradeoffs involved.</p> -</li> -<li> -<p><a href="commit-messages/">Writing Good Commit Messages</a> — A style guide.</p> -</li> -<li> -<p><a href="../git/">Some collected advice about Git</a> — Not the source control tool we want, but definitely the source control tool we've got, and I think we should make the best of it.</p> -</li> -</ul> -<p>I also maintain a <a href="https://github.com/ojacobson/">Github account</a> for more substantial projects.</p></div> - </div> - - <footer class="col-md-12"> - <hr> - <p>Documentation built with <a href="https://www.mkdocs.org/">MkDocs</a>.</p> - </footer> - <script> - var base_url = "..", - shortcuts = {"help": 191, "next": 78, "previous": 80, "search": 83}; - </script> - <script src="../js/base.js" defer></script> - <script src="../search/main.js" defer></script> - - <div class="modal" id="mkdocs_search_modal" tabindex="-1" role="dialog" aria-labelledby="Search Modal" aria-hidden="true"> - <div class="modal-dialog"> - <div class="modal-content"> - <div class="modal-header"> - <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> - <h4 class="modal-title" id="exampleModalLabel">Search</h4> - </div> - <div class="modal-body"> - <p> - From here you can search these documents. Enter - your search terms below. - </p> - <form role="form"> - <div class="form-group"> - <input type="text" class="form-control" placeholder="Search..." id="mkdocs-search-query" title="Type search term here"> - </div> - </form> - <div id="mkdocs-search-results"></div> - </div> - <div class="modal-footer"> - </div> - </div> - </div> -</div><div class="modal" id="mkdocs_keyboard_modal" tabindex="-1" role="dialog" aria-labelledby="Keyboard Shortcuts Modal" aria-hidden="true"> - <div class="modal-dialog"> - <div class="modal-content"> - <div class="modal-header"> - <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> - <h4 class="modal-title" id="exampleModalLabel">Keyboard Shortcuts</h4> - </div> - <div class="modal-body"> - <table class="table"> - <thead> - <tr> - <th style="width: 20%;">Keys</th> - <th>Action</th> - </tr> - </thead> - <tbody> - <tr> - <td class="help shortcut"><kbd>?</kbd></td> - <td>Open this help</td> - </tr> - <tr> - <td class="next shortcut"><kbd>n</kbd></td> - <td>Next page</td> - </tr> - <tr> - <td class="prev shortcut"><kbd>p</kbd></td> - <td>Previous page</td> - </tr> - <tr> - <td class="search shortcut"><kbd>s</kbd></td> - <td>Search</td> - </tr> - </tbody> - </table> - </div> - <div class="modal-footer"> - </div> - </div> - </div> -</div> - - </body> -</html> - -<!-- -MkDocs version : 1.0.4 -Build Date UTC : 2020-05-08 17:38:47 ---> diff --git a/site/code/users-rolegraph-privs/index.html b/site/code/users-rolegraph-privs/index.html deleted file mode 100644 index 386be98..0000000 --- a/site/code/users-rolegraph-privs/index.html +++ /dev/null @@ -1,244 +0,0 @@ -<!DOCTYPE html> -<html lang="en"> - <head> - <meta charset="utf-8"> - <meta http-equiv="X-UA-Compatible" content="IE=edge"> - <meta name="viewport" content="width=device-width, initial-scale=1.0"> - - - - <link rel="shortcut icon" href="../../img/favicon.ico"> - <title>A Users, Roles & Privileges Scheme Using Graphs - The Grimoire</title> - <link href="../../css/bootstrap-custom.min.css" rel="stylesheet"> - <link href="../../css/font-awesome.min.css" rel="stylesheet"> - <link href="../../css/base.css" rel="stylesheet"> - <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css"> - <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries --> - <!--[if lt IE 9]> - <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> - <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script> - <![endif]--> - - <script src="../../js/jquery-1.10.2.min.js" defer></script> - <script src="../../js/bootstrap-3.0.3.min.js" defer></script> - <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script> - <script>hljs.initHighlightingOnLoad();</script> - </head> - - <body> - - <div class="navbar navbar-default navbar-fixed-top" role="navigation"> - <div class="container"> - - <!-- Collapsed navigation --> - <div class="navbar-header"> - <!-- Expander button --> - <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> - <span class="sr-only">Toggle navigation</span> - <span class="icon-bar"></span> - <span class="icon-bar"></span> - <span class="icon-bar"></span> - </button> - <a class="navbar-brand" href="../..">The Grimoire</a> - </div> - - <!-- Expanded navigation --> - <div class="navbar-collapse collapse"> - <!-- Main navigation --> - <ul class="nav navbar-nav"> - <li > - <a href="../..">Owen Jacobson</a> - </li> - <li > - <a href="../">Code</a> - </li> - <li > - <a href="../../nomic/">Nomic</a> - </li> - </ul> - - <ul class="nav navbar-nav navbar-right"> - <li> - <a href="#" data-toggle="modal" data-target="#mkdocs_search_modal"> - <i class="fa fa-search"></i> Search - </a> - </li> - <li> - <a href="https://github.com/grimoire-ca/bliki/edit/master/docs/code/users-rolegraph-privs.md"><i class="fa fa-github"></i> Edit on GitHub</a> - </li> - </ul> - </div> - </div> - </div> - - <div class="container"> - <div class="col-md-3"><div class="bs-sidebar hidden-print affix well" role="complementary"> - <ul class="nav bs-sidenav"> - <li class="main active"><a href="#a-users-roles-privileges-scheme-using-graphs">A Users, Roles & Privileges Scheme Using Graphs</a></li> - </ul> -</div></div> - <div class="col-md-9" role="main"> - -<h1 id="a-users-roles-privileges-scheme-using-graphs">A Users, Roles & Privileges Scheme Using Graphs<a class="headerlink" href="#a-users-roles-privileges-scheme-using-graphs" title="Permanent link">¶</a></h1> -<p>The basic elements:</p> -<ul> -<li>Every agent that can interact with a system is represented by a <strong>user</strong>.</li> -<li>Every capability the system has is authorized by a distinct <strong>privilege</strong>.</li> -<li>Each user has a list of zero or more <strong>roles</strong>.<ul> -<li>Roles can <strong>imply</strong> further roles. This relationship is transitive: if role A implies role B, then a member of role A is a member of role B; if role B also implies role C, then a member of role A is also a member of role C. It helps if the resulting role graph is acyclic, but it's not necessary.</li> -<li>Roles can <strong>grant</strong> privileges.</li> -</ul> -</li> -</ul> -<p>A user's privileges are the union of the privileges granted by the transitive closure of their roles.</p> -<pre><code class="sql">create table "user" ( - username varchar - primary key - -- credentials &c -); - -create table role ( - name varchar - primary key -); - -create table role_member ( - role varchar - not null - references role, - member varchar - not null - references "user", - primary key (role, member) -); - -create table role_implies ( - role varchar - not null - references role, - implied_role varchar - not null -); - -create table privilege ( - privilege varchar - primary key -); - -create table role_grants ( - role varchar - not null - references role, - privilege varchar - not null - references privilege, - primary key (role, privilege) -); -</code></pre> - -<p>If your database supports recursive CTEs, this schema can be queried in one shot, since we can have the database do all the graph-walking along roles:</p> -<pre><code class="sql">with recursive user_roles (role) AS ( - select - role - from - role_member - where - member = 'SOME USERNAME' - union - select - implied_role as role - from - user_roles - join role_implies on - user_roles.role = role_implies.role -) -select distinct - role_grants.privilege as privilege -from - user_roles - join role_grants on - user_roles.role = role_grants.role -order by privilege; -</code></pre> - -<p>If not, you'll need to pull the entire graph into memory and manipulate it there: this schema doesn't give you any easy handles to identify only the roles transitively included in the role of interest, and repeatedly querying for each step of the graph requires an IO roundtrip at each step, burning whole milliseconds along the way.</p> -<p>Realistic use cases should have fairly simple graphs: elemental privileges are grouped into concrete roles, which are in turn grouped into abstracted roles (by department, for example), which are in turn granted to users. If the average user is in tens of roles and has hundreds of privileges, the entire dataset fits in memory, and PostgreSQL performs well. In PostgreSQL, the above schema handles ~10k privileges and ~10k roles with randomly-generated graph relationships in around 100ms on my laptop, which is pretty slow but not intolerable. Perverse cases (interconnected total subgraphs, deeply-nested linear graphs) can take absurd time but do not reflect any likely permissions scheme.</p></div> - </div> - - <footer class="col-md-12"> - <hr> - <p>Documentation built with <a href="https://www.mkdocs.org/">MkDocs</a>.</p> - </footer> - <script> - var base_url = "../..", - shortcuts = {"help": 191, "next": 78, "previous": 80, "search": 83}; - </script> - <script src="../../js/base.js" defer></script> - <script src="../../search/main.js" defer></script> - - <div class="modal" id="mkdocs_search_modal" tabindex="-1" role="dialog" aria-labelledby="Search Modal" aria-hidden="true"> - <div class="modal-dialog"> - <div class="modal-content"> - <div class="modal-header"> - <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> - <h4 class="modal-title" id="exampleModalLabel">Search</h4> - </div> - <div class="modal-body"> - <p> - From here you can search these documents. Enter - your search terms below. - </p> - <form role="form"> - <div class="form-group"> - <input type="text" class="form-control" placeholder="Search..." id="mkdocs-search-query" title="Type search term here"> - </div> - </form> - <div id="mkdocs-search-results"></div> - </div> - <div class="modal-footer"> - </div> - </div> - </div> -</div><div class="modal" id="mkdocs_keyboard_modal" tabindex="-1" role="dialog" aria-labelledby="Keyboard Shortcuts Modal" aria-hidden="true"> - <div class="modal-dialog"> - <div class="modal-content"> - <div class="modal-header"> - <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> - <h4 class="modal-title" id="exampleModalLabel">Keyboard Shortcuts</h4> - </div> - <div class="modal-body"> - <table class="table"> - <thead> - <tr> - <th style="width: 20%;">Keys</th> - <th>Action</th> - </tr> - </thead> - <tbody> - <tr> - <td class="help shortcut"><kbd>?</kbd></td> - <td>Open this help</td> - </tr> - <tr> - <td class="next shortcut"><kbd>n</kbd></td> - <td>Next page</td> - </tr> - <tr> - <td class="prev shortcut"><kbd>p</kbd></td> - <td>Previous page</td> - </tr> - <tr> - <td class="search shortcut"><kbd>s</kbd></td> - <td>Search</td> - </tr> - </tbody> - </table> - </div> - <div class="modal-footer"> - </div> - </div> - </div> -</div> - - </body> -</html> |