profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/litonico/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

litonico/DeobfuscateEndoh 9

slowly deobfuscating Yusuke Endoh's ASCII fluid dynamics simulation

litonico/Pico-Bezier 3

PICO-8 Bezier curve demo

litonico/ColorCube 1

WebGL rainbows!

litonico/L-Systems 1

Fractal string rewriting

litonico/Abrash 0

Michael Abrash's Graphics Programming Black Book

litonico/Boids 0

Flocking simulation

litonico/Diffusion-Limited-Aggregation 0

Growing coral-ish things with Ruby Graphics

create barnchlitonico/oso-python-quickstart

branch : new-quickstart-code

created branch time in a month

Pull request review commentosohq/oso

Quickstart edits.

 Oso needs three pieces of information to make an authorization decision: - What are they trying to do? (the "action") - What are they doing it to? (the "resource") -You'll pass these pieces of information are to Oso's `{{% exampleGet "isAllowed" %}}` method: `{{% exampleGet "isAllowed" %}}(actor, action, resource)`.+You'll pass these pieces of information into to Oso's `{{% exampleGet "isAllowed" %}}` method: `{{% exampleGet "isAllowed" %}}(actor, action, resource)`. `{{% exampleGet "isAllowed" %}}` will return `True` or `False`, and your application can choose how to enforce that decision. -Here's a program that only allows access to a page if the current user has a role that is allowed to read it.+Here's a program that only allows access to a page if the current user has a role that is allowed to read it. (More precisely, this is a program that allows access if the policy allows it, and the policy allows access to users with the correct role — note the distinction between "policy" and "program".)

I may have misunderstood your comment above:

This isn't strictly correct.

The program only allows access to a page if the policy allows the current user to perform the read action on it.

Since the policy uses roles, the user must have a role that's allowed to read it.

How important do you think this distinction is?

I thought your point was: there is a difference between a policy (which has rules) and a program (which executes). Is that what you meant? And if so, does this parenthetical clear it up?

litonico

comment created time in a month

PullRequestReviewEvent

push eventlitonico/oso

Lito Nicolai

commit sha 695c9d65675b32ecc61f8cacb38dbb48a95ebd98

Prose edits

view details

push time in 2 months

Pull request review commentosohq/oso

Quickstart edits.

 role-based access control.  {{% exampleGet "import_code" %}} +To refer to your {{% exampleGet "classes" %}} in Polar, you must _register_ them with Oso.++{{% exampleGet "register_classes" %}}+ ## Accept or deny requests -When a request arrives, your application will need to ask Oso if it should accept the request. Oso needs three pieces of information to make that decision:+Oso needs three pieces of information to make an authorization decision: - Who is making the request? (the "actor") - What are they trying to do? (the "action") - What are they doing it to? (the "resource")  You'll pass these pieces of information are to Oso's `{{% exampleGet "isAllowed" %}}` method: `{{% exampleGet "isAllowed" %}}(actor, action, resource)`. `{{% exampleGet "isAllowed" %}}` will return `True` or `False`, and your application can choose how to enforce that decision. -That enforcement can happen in the request handler, at the database layer, or in middleware — here, we've chosen to enforce in the request handler.-Here's {{% exampleGet "example_app" %}} route that only displays a page if the current user is allowed to read it.+Here's a program that only allows access to a page if the current user has a role that is allowed to read it.

I was trying to summarize, but I think being precise is more important here. I'll be specific.

litonico

comment created time in 2 months

PullRequestReviewEvent

Pull request review commentosohq/oso

Quickstart edits.

 role-based access control.  {{% exampleGet "import_code" %}} +To refer to your {{% exampleGet "classes" %}} in Polar, you must _register_ them with Oso.++{{% exampleGet "register_classes" %}}+ ## Accept or deny requests -When a request arrives, your application will need to ask Oso if it should accept the request. Oso needs three pieces of information to make that decision:+Oso needs three pieces of information to make an authorization decision: - Who is making the request? (the "actor") - What are they trying to do? (the "action") - What are they doing it to? (the "resource")  You'll pass these pieces of information are to Oso's `{{% exampleGet "isAllowed" %}}` method: `{{% exampleGet "isAllowed" %}}(actor, action, resource)`.

I don't quite understand this one. Where should that be inserted?

litonico

comment created time in 2 months

PullRequestReviewEvent

Pull request review commentosohq/oso

Quickstart edits.

 objects: Python objects methods: Python methods register_classes: |     ```python+    class Page:

That's a great suggestion — I was uncomfortable with how "stub-implementation" those felt.

litonico

comment created time in 2 months

PullRequestReviewEvent

pull request commentosohq/oso

Quickstart edits.

@dhatch Take a look! If this looks good, I'll do the conversion to Node.

litonico

comment created time in 2 months

PR opened osohq/oso

Quickstart edits.

Goals:

  • Remove the use of a webserver for our examples, but make our examples clear enough that web programmers will be able to easily integrate them
  • Remove the "Why use Oso?" section from the intro
  • Shrink the body of actor_has_role_for_resource by hardcoding the roles in the policy
  • Remove implies from the policy
  • Cut most of the text that explains the policy in detail (e.g. the structure of resource data), even if we leave some policy code unexplained.
  • Give examples of when is_allowed will be true and when it will be false [I skipped this, hoping it would be clear from context]
  • Move register_class into an earlier section
  • Delete the Calling back into your [Python/JavaScript] code section.

This is the Python code only. I also removed the "Complete Running Example" section, because I believe we don't have a complete example yet!

+31 -65

0 comment

3 changed files

pr created time in 2 months

create barnchlitonico/oso

branch : lito/making-quickstart-smaller

created branch time in 2 months

push eventlitonico/oso

Lito Nicolai

commit sha 5bd657613d695eb3d69549763a350120bd8bb1c6

Make Gabe's suggested edits to the text

view details

push time in 3 months