Updated access control (markdown)

2019-01-24 12:30:02 +00:00 · 2019-01-24 12:30:02 +00:00 · 17753ef93c
parent 49f9bf1182
commit 17753ef93c
1 changed files with 32 additions and 27 deletions
--- a/access-control.md
+++ b/access-control.md
@ -50,24 +50,15 @@ If there's anything on the list which isn't a name it's ignored. Any value of th
 My idea of this is that there will be a priviliged name which is bound in the environment of each user; each user will have their own binding for this name, and, furthermore, they can change the binding of the name in their environment. For now I propose that this name shall be **friends**. The value of **friends** should be an access list as defined above. The access control list of any cell is the value that **friends** had in the environment in the environment in which it was created, at the time it was created.
-## Functions for managing access control
+## Managing access control
-I propose a number of functions to make this easier. They are, respectively:
+The `with` function can be used to make this easier:
-### (with-access-control list-or-t-or-executable s-expr)
+```
 (with ((*friends* . list-or-t-or-executable)) s-exprs...)
 ```
-Creates a new environment in which **friends** is bound to the value of **list-or-t-or-executable**, and within that environment evaluates the specified **s-expr**. Any cells created during that evaluation will obviously have **list-or-t-or-executable** as their access control. Returns the value of executing **s-expr**.
+Creates a new environment in which **friends** is bound to the value of **list-or-t-or-executable**, and within that environment evaluates the specified **s-exprs**. Any cells created during that evaluation will obviously have **list-or-t-or-executable** as their access control. Returns the value of executing the last **s-expr**.
 ### (with-open-access-control list-or-t-or-executable s-expr)
 As above, but
 1. Creates an enviroment in which **friends** is bound to **T**;
 2. In that environment, makes a copy of **list-or-t-or-executable**;
 3. Creates a further environment in which **friends** is bound to the copy;
 4. Evaluates **s-expr** in that new environment;
 5. Returns the value of executing **s-expr**.
 This ensures that, whatever the readability of the cells created, their access control lists will be readable by everyone.
 ### (get-access-control s-expr)
@ -77,11 +68,13 @@ Returns the access control list of the object which is the value of the **s-expr
 Suppose I want to compile a function **foo** which will be executable by all my current friends and additionally the group **foo-users**:
 ```
    (with-open-access-control
-      (cons 'system.groups.foo-users friends)
+      (cons ::system:groups:foo-users *friends*)
-      (rebind! 'system.users.simon.exec.foo (compile foo))
+      (rebind! ::system:users:simon:functions:foo (compile foo))
 ```
-_Here **rebind!** creates a new binding for the name **foo** in the namespace **system.users.simon.exec**, whether or not that name was previously bound there. Analogous to the Clojure function **swap!**_
+_Here **rebind!** creates a new binding for the name **foo** in the namespace **::system:users:simon:functions**, whether or not that name was previously bound there. Analogous to the Clojure function **swap!**_
 Suppose I want to compile a function **bar** which will be executable by exactly the same people as **foo**:
@ -91,30 +84,42 @@ Suppose I want to compile a function **bar** which will be executable by exactly
 Suppose I want to do some work which is secret, visible only to me and not to my normal friends:
-    (with-access-control
+```
-      (list current-user)
+    (with ((*friends* . (list current-user)))
      (repl))
 ```
 (or, obviously, 
 ```
    (with ((*friends* current-user))
      (repl))
 ```
 which is in practice exactly the same)
 _Here **repl** starts a new read-eval-print loop in the modified environment - I suspect this is a common use case._
 Suppose I want to permanently add Anne and Bill to my normal friends:
-    (rebind! environment.friends (cons 'system.users.anne (cons 'system.users.bill friends)))
+```
    (rebind! *environment*:*friends* (cons ::system:users:anne (cons ::system:users:bill *friends*)))
 ```
-_Here I'm presuming that **environment** is bound to the value of **system.users.simon.environment**, and that unqualified names are searched for first in my own environment._
+_Here I'm presuming that `*environment*` is bound to the value of `::system:users:simon:environment`, and that unqualified names are searched for first in my own environment._
 Suppose I want everyone to be able to play a game, but only outside working hours; and for my friends to be able to play it additionally at lunchtime:
-    (with-open-access-control
+```
    (with ((*friends* 
      (compile
        (lambda (user cell)
-          (let ((time (get-current-time)))
+          (let ((time . (now)))
            (cond 
              ((< time 09:00) T)
              ((> time 17:00) T)
-              ((and (> time 12:30)(< time 13:30)) friends)
+              ((and (> time 12:30)(< time 13:30)) *friends*)
-              (T NIL)))))
+              (T NIL)))))))
-      (rebind! 'system.users.simon.exec.excellent-game (compile excellent-game)))
+      (rebind! ::system:users:simon:functions:excellent-game (compile excellent-game)))
 ```
 ## Summary