Quelle Test.vdmpp Sprache: VDM

class Test
values

requester : FExp`UnId = mk_FExp`UnId(<requester>);
resource  : FExp`UnId = mk_FExp`UnId(<resource>);

Anne : FExp`Id = (mk_token("Anne"));
Bob : FExp`Id = (mk_token("Bob"));
Charlie : FExp`Id = (mk_token("Charlie"));
Dave : FExp`Id = (mk_token("Dave"));
Eric : FExp`Id = (mk_token("Eric"));
Fred : FExp`Id = (mk_token("Fred"));

write : FExp`Id = (mk_token("write"));
read : FExp`Id = (mk_token("read"));
create : FExp`Id = (mk_token("create"));
signoff : FExp`Id = (mk_token("signoff"));

lab_results_signed : FExp`Id =
  (mk_token("lab_results_signed"));

results_analysis_signed : FExp`Id =
  (mk_token("results_analysis_signed"));

Project1 : set of PDP`Subject = {Anne,Bob};
Project2 : set of PDP`Subject = {Bob,Charlie,Dave};
lab_technician : set of PDP`Subject = {Anne,Dave};
lab_manager  : set of PDP`Subject = {Bob,Charlie};

Company2 : set of PDP`Subject = {Eric, Fred};
Assessor : set of PDP`Subject = {Fred};

lab_results : FExp`Id = (mk_token("lab_results"));
results_analysis : FExp`Id = (mk_token("results_analysis"));
sc_assess : FExp`Id = (mk_token("sc_assess"));

doc1 : FExp`Id = (mk_token("doc1"));
doc2 : FExp`Id = (mk_token("doc2"));

signed : FExp`Id = (mk_token("signed"));

con_nt : FExp = new FExp(mk_FExp`Unary(<NOT>,mk_FExp`boolLiteral(<TRUE>)));
con_nf : FExp = new FExp(mk_FExp`Unary(<NOT>,mk_FExp`boolLiteral(<FALSE>)));
con_no : FExp = new FExp(mk_FExp`Unary(<NOT>,mk_FExp`intLiteral(<ONE>)));

-- on Project One, lab results can be created only by a lab
-- technician, and can be read by anybody on the project.  These are
-- project-wide.

project1_rule_nf : PDP`Rule =
   mk_PDP`Rule(mk_PDP`Target(lab_technician,{lab_results},{create}),
           <Permit>, con_nf);

project1_rule_nt : PDP`Rule =
   mk_PDP`Rule(mk_PDP`Target(lab_technician,{lab_results},{create}),
           <Permit>, con_nt);

project1_rule_no : PDP`Rule =
   mk_PDP`Rule(mk_PDP`Target(lab_technician,{lab_results},{create}),
           <Permit>, con_no);

project1_rule2 : PDP`Rule =
   mk_PDP`Rule(mk_PDP`Target(Project1,{lab_results},{read}),
           <Permit>, nil);

-- The project policy for the lab_results document is the combination
-- of these.
-- one policy for each exzpression that we test

lab_results_project_policy_no : PDP`Policy =
   mk_PDP`Policy(mk_PDP`Target(Project1,{lab_results},{}),
         {project1_rule_no, project1_rule2}, <denyOverrides>);

lab_results_project_policy_nt : PDP`Policy =
   mk_PDP`Policy(mk_PDP`Target(Project1,{lab_results},{}),
         {project1_rule_nt, project1_rule2}, <denyOverrides>);

lab_results_project_policy_nf : PDP`Policy =
   mk_PDP`Policy(mk_PDP`Target(Project1,{lab_results},{}),
         {project1_rule_nf, project1_rule2}, <denyOverrides>);

-- New policy
-- Only a lab manager can sign these results off.

lab_results_rule1 : PDP`Rule =
   mk_PDP`Rule(mk_PDP`Target(lab_manager,{lab_results},{signoff}),
           <Permit>, nil);

-- Also, after signoff, no one can write to the lab_results file.

lab_results_rule2 : PDP`Rule =
    mk_PDP`Rule(mk_PDP`Target(Project1,{lab_results},{write}),
            <Deny>, new FExp(mk_FExp`ArrayLookup(signed,resource)));

lab_results_creator_policy : PDP`Policy =
   mk_PDP`Policy(mk_PDP`Target(Project1,{lab_results},{}),
         {lab_results_rule1, lab_results_rule2}, <denyOverrides>);

-- New policy
-- From company 2, assessor_role writes the scale assessment.

scale_assess_write : PDP`Rule =
    mk_PDP`Rule(mk_PDP`Target(Assessor,{sc_assess},{write}),
            <Permit>, nil);

-- From company 2, anyone can read the scale assessment.

scale_assess_read : PDP`Rule =
    mk_PDP`Rule(mk_PDP`Target(Company2,{sc_assess},{read}),
            <Permit>, nil);

scale_assess_policy : PDP`Policy =
   mk_PDP`Policy(mk_PDP`Target(Company2,{sc_assess},{}),
         {scale_assess_read, scale_assess_write}, <denyOverrides>);

gold_policy_no : PDP =
    new PDP({lab_results_project_policy_no,lab_results_creator_policy,scale_assess_policy},
            <permitOverrides>);

gold_policy_nt : PDP =
    new PDP({lab_results_project_policy_nt,lab_results_creator_policy,scale_assess_policy},
            <permitOverrides>);

gold_policy_nf : PDP =
    new PDP({lab_results_project_policy_nf,lab_results_creator_policy,scale_assess_policy},
             <permitOverrides>);

gold_policy_project_results : PDP =
    new PDP({lab_results_project_policy_nf,lab_results_creator_policy}, <permitOverrides>);

gold_policy_results_scale : PDP =
    new PDP({lab_results_creator_policy,scale_assess_policy}, <permitOverrides>);

operations

  public Run: () ==> PDP`Effect
  Run () ==
--  ( dcl pdp : PDP := gold_policy_no;
--  ( dcl pdp : PDP := gold_policy_nt;
--  ( dcl pdp : PDP := gold_policy_nf;
--  ( dcl pdp : PDP := gold_policy_project_results;
  ( dcl pdp : PDP := gold_policy_results_scale;
    dcl s : FExp := new FExp(mk_token("signed"));
    dcl lr : FExp := new FExp(mk_token("lab_results"));
    dcl req : Request := new Request(Anne,lab_results,{create});
    dcl env : Env := new Env({s.GetExp() |-> {lr.GetExp() |-> <B>}},
                             {s.GetExp() |-> {lr.GetExp() |-> true}});
    dcl eval : Evaluator := new Evaluator(req,pdp,env);
    return eval.evaluate()
  );

end Test

quality93%

¤ Dauer der Verarbeitung: 0.13 Sekunden (vorverarbeitet) ¤

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung ist noch experimentell.