Skip to content

lunarmodules/lua-lace

Repository files navigation

Luacheck Tests Coveralls code coverage

Lua Access Control Engine - Lace

Lace is a simple access control engine modelled on Squid's acl syntax. It provides a parser of rulesets and an engine to execute the parsed rulesets. It relies on the calling application to provide access control types and then Lace runs the boolean logic and returns an allow/deny result along with the location of the decision and any description provided by it. Lace also handles errors in the control callbacks to always return gracefully in the form:

local result, reason = engine:run(context)

if result == nil then
   report_error(reason)
elseif result == false then
   handle_deny(reason)
else
   handle_allow(reason)
end

Lace is designed to allow a ruleset loaded into an engine to be run multiple times with different contexts, each time unaffected by the last. Of course, this relies on various idempotency requirements being placed on the control type callbacks, but that is covered in the usage documentation.

For some examples of using Lace, please see the examples/ tree.

Thanks

Thanks go to Codethink Limited for sponsoring development by means of tea, biscuits and long lunch hours.