Toggle navigation
?
users online
Logout
Open hangout
Open chat for current file
/* First, we establish the facts of the evaluation. */ executive(alice). director(bob). human_resources(danny). read_compensation(danny). /* Defining attributes for some users. * Note that these are not imperative function calls. */ manager(alice, bob). manager(bob, charlie). manager(charlie, danny). manager(charlie, ellen). /* And here ^ we introduce a managerial hierarchy via relationships */ /* Defining helper functions */ is_in_manager_chain_or_hr(Manager, Managee) :- manager(Manager, Managee). is_in_manager_chain_or_hr(Manager, Managee) :- manager(Manager, Intermediate), manager(Intermediate, Managee). is_in_manager_chain_or_hr(Hr, _) :- human_resources(Hr), read_compensation(Hr). /* “AND” logic is performed with commas, * “OR” logic with consecutive identical rule names */ violates_executive_privilege(Violator, Violatee) :- executive(Violatee), not(executive(Violator)). violates_director_privilege(Violator, Violatee) :- director(Violatee), not(director(Violator)). /* These are similar to our C/JS pseudocode */ /* Defining authorization case functions */ authorized(Principal, Action, Entity) :- /* Self case */ Action == read_compensation, Principal == Entity. authorized(Principal, Action, Entity) :- /* Managerial/HR case */ Action == read_compensation, is_in_manager_chain_or_hr(Principal, Entity), not(violates_executive_privilege(Principal, Entity)), not(violates_director_privilege(Principal, Entity)).