| Title: | Access Control Module for 'shiny' Applications |
|---|---|
| Description: | Provides a flexible framework for implementing hierarchical access control in 'shiny' applications. Features include user permission management through a two-tier system of access panels and units, pluggable 'shiny' module for administrative interfaces, and support for multiple storage backends (local, 'AWS S3', 'Posit Connect'). The system enables fine-grained control over application features, with built-in audit trails and user management capabilities. Integrates seamlessly with 'Posit Connect's authentication system. |
| Authors: | Peyman Eshghi [aut, cre] (ORCID: <https://orcid.org/0000-0003-1613-2705>), Nandu Krishnan [aut], Nadia Abraham [aut], Harika Adapala [ctb], Johnson & Johnson Innovative Medicine [cph, fnd] |
| Maintainer: | Peyman Eshghi <[email protected]> |
| License: | Apache License (>= 2) |
| Version: | 0.1.1.3 |
| Built: | 2026-06-04 10:39:02 UTC |
| Source: | https://github.com/johnsonandjohnson/raccess |
Get all access list till date
get_accesshistory(pin_board, pin_name)get_accesshistory(pin_board, pin_name)
pin_board |
Pin board |
pin_name |
Pin Name |
Get access list at a given date or in a specific time period
get_accesslist(pin_board, pin_name, datemin, datemax = NA)get_accesslist(pin_board, pin_name, datemin, datemax = NA)
pin_board |
Pin board |
pin_name |
pin name |
datemin |
Date in "YYYY-MM-DD" format |
datemax |
Date, either NA or in "YYYY-MM-DD" format |
A list of dataframes with access details
Gets the list of admins
get_admins(pin_board, pin_name, admin_panel)get_admins(pin_board, pin_name, admin_panel)
pin_board |
Pin board |
pin_name |
pin name |
admin_panel |
Admin panel name |
Gather pin_board elements
get_board(pin_board, pin_name)get_board(pin_board, pin_name)
pin_board |
pin board |
pin_name |
pin name |
A list with access_panels, access_units, access_df, access_list
Helper function to get access units/panels with access for a user from an existing pin board
get_granted_units(user_id, pin_board, pin_name)get_granted_units(user_id, pin_board, pin_name)
user_id |
user id |
pin_board |
pin board |
pin_name |
pin name |
A vector with access units
Get user data using API
get_user_api(contact_info, url, api_key = NULL)get_user_api(contact_info, url, api_key = NULL)
contact_info |
User entered search text |
url |
URL |
api_key |
Valid api key or NULL |
A tibble with user id and username
Server logic of module_iam
module_iam_server(id, rAccess_obj)module_iam_server(id, rAccess_obj)
id |
Module's ID |
rAccess_obj |
New instance of rAccess(R6 object) |
This is a Shiny module used by the main shiny web application
module_iam_ui(id)module_iam_ui(id)
id |
User ID |
Server logic of module_sub_iam
module_sub_iam_server(id, access_panel_id, rAccess_obj)module_sub_iam_server(id, access_panel_id, rAccess_obj)
id |
Module's ID |
access_panel_id |
Access panel ID |
rAccess_obj |
New instance of rAccess(R6 object) |
This is a Shiny module used by the main shiny web application
module_sub_iam_ui(id)module_sub_iam_ui(id)
id |
Module's ID |
The rAccess class encapsulates various methods used in the IAM (Identity
and Access Management) module.
It provides functionalities to check user permissions, verify admin status,
retrieve user details,
and interact with pin boards for access control configuration.
userUser ID
app_nameApplication Name
pin_namePin name
pin_listList of pins
pin_boardPin board object
access_panelsAvailable access panels
access_unitsAvailable access units
access_modeAccess mode, e.g., "default", "single unit"
user_dfData frame of user IDs and names
switch_sizeSize of UI switch elements (e.g., "small", "large", "default", "mini", "small", "normal", "large")
unit_displayDisplay type for access units ("switch", "dropdown")
board_typeType of pin board ("local", "s3", "rconnect")
local_board_pathLocal path for local pin boards
s3_bucketS3 bucket name
s3_access_keyS3 access key
s3_secret_keyS3 secret key
use_rconnect_usersBoolean, use rconnect users in conjunction with user_df
configConfiguration file content
dataList of data paths from config
verboseBoolean, whether to print logs
panel_configComplete panel structure
secure_modeBoolean, enforce access requirement
initialize(user, ...)Constructor to create an instance with specified parameters.
check_access(user_id, access_panel)Checks user access rights for a given panel.
is_admin()Checks if the current user is an admin.
no_admin()Checks if there are no admins in the admin panel.
get_userlist_unit(access_panel, access_unit)Gets list of users with access to the specified unit.
rAccessThemes()Includes custom CSS themes for the app.
get_user_accesslist(user_id)Lists access units available to a user, including "everyone".
get_superAdmins()Returns list of admin user IDs.
userUser ID
app_nameApp Name
pin_nameA field that takes the argument pin_name
pin_listA field that takes the argument pin_list
pin_boardA field that takes the argument pin_board
access_panelsA field that takes the argument access_panels
access_unitsA field that takes the argument access_units
access_modeEnables user to select access modes.Available access modes are : default - Allows access to multiple access panels and multiple access units, single unit - Allows access to single access unit within an access panel.
user_dfA data.frame with user id and user name
switch_sizeTakes values : 'default', 'mini', 'small', 'normal', 'large'. Determines the size of access unit switches used in the module.
unit_displayTakes values : 'switch', 'dropdown'. Determines the type of display for access units. Defaults to 'switch'.
board_typeBoard type. Takes values "local", "s3", "rconnect"
local_board_pathLocal board path.
s3_bucketS3 bucket
s3_access_keyS3 Access Key
s3_secret_keyS3 Secret Key
use_rconnect_usersIf true then rconnect users will be combined with the given user_df
configrAccess configuration file
dataLists all datapaths in config file
verboseIf TRUE, prints all data base updates in the log
panel_configA list with entire panel structure including datapaths
secure_modeIf TRUE, then user should have access to at least one access_unit/access_panel to use the app.
new()
Constructor to initialize an rAccess object
rAccess$new( user = NULL, pin_board = NULL, app_name = NULL, pin_name = NULL, access_panels, access_units = NULL, access_mode = "default", user_df = NULL, switch_size = NULL, unit_display = "switch", board_type = NULL, local_board_path = NULL, s3_bucket = NULL, s3_access_key = NULL, s3_secret_key = NULL, use_rconnect_users = TRUE, config = NULL, verbose = FALSE, secure_mode = FALSE )
userUser ID
pin_boardPin board
app_nameApp name
pin_namePin name
access_panelsAccess panels
access_unitsAccess units
access_modeAccess mode
user_dfData Frame with username and userid
switch_sizeDetermines size of access unit switches : default,
mini, small, normal, large
unit_displayDetermines the type of display for access units :
switch, dropdown.
board_typePin board type: local, s3, rconnect
local_board_pathLocal path to save pin_board when board_type is
local.
s3_bucketS3 bucket id
s3_access_keyAccess key to S3 bucket
s3_secret_keySecret Key to S3 bucket
use_rconnect_usersIf TRUE, then rconnect users will be combined with user_df when deployed.
configrAccess configuration file
verboseIf TRUE, prints all data base updates in the log
secure_modeIf TRUE, then user should have access to at least one access_unit/access_panel to use the app.
pin_name, access_panels, access_units, Pin_board ...
matched_users()
Find users matching search input in self$user_df
rAccess$matched_users(contact_info)
contact_infoUser entered search text
A data.frame
check_access()
To check user access rights to an access unit within a particular access panel. Returns access details from the app's access pin board that matches given user_id and access panel
rAccess$check_access(user_id = self$user, access_panel)
user_idUser ID
access_panelAccess Panel name
is_admin()
To check if the user is Admin in order to provide access to IAM module. Returns TRUE if it is an admin user.
rAccess$is_admin()
no_admin()
check if there is no user in the ADMIN panel Returns FALSE if there is one or more admins.
rAccess$no_admin()
get_userlist_unit()
Gets user list filtered by given access unit
rAccess$get_userlist_unit(access_panel, access_unit)
access_panelAccess panel name
access_unitAccess unit name
rAccessThemes()
Function to inline js/css into the main app’s HTML
rAccess$rAccessThemes()
get_user_accesslist()
Function to get list of access units for a given user.
Note that it will contain access units that are accessible by everyone.
rAccess$get_user_accesslist(user_id = self$user)
user_idUser ID
A list
get_superAdmins()
Function to get app admins
rAccess$get_superAdmins()
ADMIN user ids
clone()
The objects of this class are cloneable with this method.
rAccess$clone(deep = FALSE)
deepWhether to make a deep clone.
Function to create rconnect pinboard
rconnect_pin_board(server, key)rconnect_pin_board(server, key)
server |
rconnect server |
key |
API KEY to connect with rconnect servers |
a pin_board
Set environmental variables to connect to AWS S3 bucket
s3_config(access_key, secret_key, region = "us-east-1")s3_config(access_key, secret_key, region = "us-east-1")
access_key |
Character. AWS access key. |
secret_key |
Character. AWS secret key. |
region |
Character. AWS region. Defaults to |
Function to create s3 pin_board
s3_pinboard( s3_bucket, s3_access_key, s3_secret_key, s3_region = "us-east-1", s3_prefix )s3_pinboard( s3_bucket, s3_access_key, s3_secret_key, s3_region = "us-east-1", s3_prefix )
s3_bucket |
s3 bucket name |
s3_access_key |
access key to connect to s3 bucket |
s3_secret_key |
secret key to connect to s3 bucket |
s3_region |
s3 bucket region |
s3_prefix |
Prefix to |
s3 pin board
Copies a configuration file (.yml) from the package's config directory to a specified path.
use_config(file_name = "rAccess.yml", path = getwd())use_config(file_name = "rAccess.yml", path = getwd())
file_name |
Config file name with .yml extension |
path |
Directory to which config file is to be added |