??? Ofun: Permissions & Security

Access control, capability management, and sandboxing.

Use Case 1: Role-Based Access Control

// rbac.ifa - Role-Based Access Control system

ayanmo roles = {
    "admin": ["read", "write", "delete", "admin"],
    "editor": ["read", "write"],
    "viewer": ["read"],
    "guest": []
};

ayanmo users = {
    "alice": {"role": "admin"},
    "bob": {"role": "editor"},
    "carol": {"role": "viewer"},
    "guest": {"role": "guest"}
};

ise has_permission(user_id, permission) {
    ayanmo user = users[user_id];
    ti (user == nil) {
        padap? iro;
    }
    
    ayanmo role_perms = roles[user["role"]];
    ti (role_perms == nil) {
        padap? iro;
    }
    
    padap? Ogunda.contains(role_perms, permission);
}

ise require_permission(user_id, permission) {
    ti (!has_permission(user_id, permission)) {
        Irosu.kigbe("Access denied: " + user_id + " lacks '" + permission + "' permission");
        padap? Okanran.error("Permission denied");
    }
    padap? otito;
}

ise protected_action(user_id, action, resource) {
    ayanmo required = "";
    
    ti (action == "view") { ayanmo required = "read"; }
    bib?k? ti (action == "edit") { ayanmo required = "write"; }
    bib?k? ti (action == "remove") { ayanmo required = "delete"; }
    
    ti (Okanran.is_error(require_permission(user_id, required))) {
        padap?;
    }
    
    Irosu.fo("? " + user_id + " performed '" + action + "' on " + resource);
}

// Usage
protected_action("alice", "remove", "document.txt");  // ?
protected_action("bob", "edit", "document.txt");      // ?
protected_action("carol", "edit", "document.txt");    // Access denied
protected_action("guest", "view", "document.txt");    // Access denied

Use Case 2: Capability-Based Security

// capabilities.ifa - Fine-grained permission tokens

ise create_capability(resource, operations, expires) {
    ayanmo cap = {
        "id": Irete.uuid(),
        "resource": resource,
        "operations": operations,
        "expires": expires,
        "created": Iwori.now()
    };
    
    // Sign capability
    ayanmo data = Ogbe.format_json(cap);
    cap["signature"] = Irete.sha256(data + SECRET_KEY);
    
    padap? cap;
}

ise verify_capability(cap, operation, resource) {
    // Verify signature
    ayanmo original = {
        "id": cap["id"],
        "resource": cap["resource"],
        "operations": cap["operations"],
        "expires": cap["expires"],
        "created": cap["created"]
    };
    ayanmo expected_sig = Irete.sha256(Ogbe.format_json(original) + SECRET_KEY);
    
    ti (cap["signature"] != expected_sig) {
        padap? {"valid": iro, "reason": "Invalid signature"};
    }
    
    // Check expiration
    ti (cap["expires"] < Iwori.now()) {
        padap? {"valid": iro, "reason": "Capability expired"};
    }
    
    // Check resource match
    ti (cap["resource"] != resource && cap["resource"] != "*") {
        padap? {"valid": iro, "reason": "Resource mismatch"};
    }
    
    // Check operation allowed
    ti (!Ogunda.contains(cap["operations"], operation)) {
        padap? {"valid": iro, "reason": "Operation not permitted"};
    }
    
    padap? {"valid": otito};
}

// Usage
ayanmo SECRET_KEY = "cap_secret";

// Create a capability for reading a specific file
ayanmo read_cap = create_capability(
    "/data/report.csv",
    ["read"],
    Iwori.now() + 3600  // Expires in 1 hour
);

Irosu.fo("Created capability: " + read_cap["id"]);

// Later, verify before allowing access
ayanmo result = verify_capability(read_cap, "read", "/data/report.csv");
ti (result["valid"]) {
    Irosu.fo("? Access granted");
} bib?k? {
    Irosu.fo("? " + result["reason"]);
}

Use Case 3: Sandbox Execution

// sandbox.ifa - Run untrusted code with restricted permissions

ise create_sandbox(permissions) {
    padap? {
        "permissions": permissions,
        "allowed_domains": [],
        "max_memory": 10 * 1024 * 1024,  // 10MB
        "max_time": 5000  // 5 seconds
    };
}

ise sandbox_can(sandbox, action) {
    padap? Ogunda.contains(sandbox["permissions"], action);
}

ise sandboxed_eval(sandbox, code) {
    // Check for dangerous operations in code
    ayanmo dangerous = ["Odi.", "Otura.", "Oyeku.exit", "eval"];
    
    fun pattern ninu dangerous {
        ti (Ika.contains(code, pattern)) {
            ti (!sandbox_can(sandbox, pattern)) {
                padap? Okanran.error("Blocked: " + pattern + " not permitted");
            }
        }
    }
    
    // Execute with timeout
    ayanmo start = Iwori.now_ms();
    
    // Simulated execution
    Irosu.fo("Executing sandboxed code...");
    
    ayanmo elapsed = Iwori.now_ms() - start;
    ti (elapsed > sandbox["max_time"]) {
        padap? Okanran.error("Execution timeout exceeded");
    }
    
    padap? {"success": otito, "time": elapsed};
}

// Usage
ayanmo restricted = create_sandbox(["Irosu.", "Ogbe.", "Ogunda."]);

// This would be blocked
ayanmo result = sandboxed_eval(restricted, "Odi.read('secret.txt')");
ti (Okanran.is_error(result)) {
    Irosu.fo("Blocked: " + Okanran.message(result));
}

// This would be allowed
ayanmo result2 = sandboxed_eval(restricted, "Irosu.fo('Hello')");
ti (!Okanran.is_error(result2)) {
    Irosu.fo("? Executed in " + result2["time"] + "ms");
}

Use Case 4: Audit Logging

// audit.ifa - Security audit trail

ayanmo audit_log = [];

ise audit(user, action, resource, result) {
    ayanmo entry = {
        "timestamp": Iwori.now(),
        "user": user,
        "action": action,
        "resource": resource,
        "result": result,
        "ip": Ogbe.env("CLIENT_IP")
    };
    
    // Append to in-memory log
    ayanmo audit_log = Ogunda.push(audit_log, entry);
    
    // Also write to file
    ayanmo line = Iwori.format(entry["timestamp"], "%Y-%m-%d %H:%M:%S") + 
        " | " + entry["user"] + 
        " | " + entry["action"] + 
        " | " + entry["resource"] + 
        " | " + entry["result"];
    
    Odi.append("audit.log", line + "\n");
}

ise audited_action(user, action, resource, operation) {
    ayanmo result = Okanran.try(operation);
    
    ti (Okanran.is_error(result)) {
        audit(user, action, resource, "FAILED: " + Okanran.message(result));
    } bib?k? {
        audit(user, action, resource, "SUCCESS");
    }
    
    padap? result;
}

// Wrapper for file operations
ise secure_read(user, path) {
    padap? audited_action(user, "READ", path, || {
        ti (!has_permission(user, "read")) {
            padap? Okanran.error("Permission denied");
        }
        padap? Odi.read(path);
    });
}

// Usage
secure_read("alice", "/data/secrets.txt");
secure_read("guest", "/data/secrets.txt");

Irosu.fo("\n?? Audit Log:");
fun entry ninu audit_log {
    Irosu.fo(entry["user"] + " ? " + entry["action"] + " ? " + entry["result"]);
}