You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the library allows representing a few objects (blocks, datalog fragments) that are not correct, according to the spec. This pushes a rather defensive programming model where a lot of actions can return errors and in some cases redundant checks.
Another issue is the redundancy between the biscuit_auth and biscuit_parserBuilder types, which require duplicate validation logic.
An example is the validate_variables check:
the parser checks for free variables in rules heads and expressions when constructing a value by parsing a string
the builder checks only for free variables in rules heads
the datalog module checks for free variables when importing rules from a token (but not when adding them to an authorizer)
One solution would be to be explicit about guarantees each type must support, and to enforce them via smart constructors. Raw constructors would be private, so each mode would be responsible for its own consistency.
Additionally, merging the biscuit_parser and biscuit_auth::builder types would remove redundancy and ensure the checks would be consistent for datalog parsed from a string or built through helpers
Same for the datalog modules, they should enforce the same checks when parsing a token or a snapshot (since the protobuf encoding is quite permissive).
This would make error reporting way simpler in the datalog engine itself, by removing a lot of issues in advance.
The text was updated successfully, but these errors were encountered:
Currently, the library allows representing a few objects (blocks, datalog fragments) that are not correct, according to the spec. This pushes a rather defensive programming model where a lot of actions can return errors and in some cases redundant checks.
Another issue is the redundancy between the
biscuit_authandbiscuit_parserBuildertypes, which require duplicate validation logic.An example is the
validate_variablescheck:One solution would be to be explicit about guarantees each type must support, and to enforce them via smart constructors. Raw constructors would be private, so each mode would be responsible for its own consistency.
Additionally, merging the
biscuit_parserandbiscuit_auth::buildertypes would remove redundancy and ensure the checks would be consistent for datalog parsed from a string or built through helpersSame for the
datalogmodules, they should enforce the same checks when parsing a token or a snapshot (since the protobuf encoding is quite permissive).This would make error reporting way simpler in the datalog engine itself, by removing a lot of issues in advance.
The text was updated successfully, but these errors were encountered: