rbac

package
v0.0.0-...-dac86b4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 16, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	RoleViewer = &Role{
		Name:        "viewer",
		Description: "Read-only access to all resources",
		Permissions: []Permission{
			{Resource: ResourceWorkflows, Action: ActionRead},
			{Resource: ResourceModules, Action: ActionRead},
			{Resource: ResourceConfigs, Action: ActionRead},
		},
	}

	RoleEditor = &Role{
		Name:        "editor",
		Description: "Read and write access to workflows and modules",
		Permissions: []Permission{
			{Resource: ResourceWorkflows, Action: ActionRead},
			{Resource: ResourceWorkflows, Action: ActionWrite},
			{Resource: ResourceModules, Action: ActionRead},
			{Resource: ResourceModules, Action: ActionWrite},
			{Resource: ResourceConfigs, Action: ActionRead},
			{Resource: ResourceConfigs, Action: ActionWrite},
		},
	}

	RoleOperator = &Role{
		Name:        "operator",
		Description: "Full workflow and module management including deletion",
		Permissions: []Permission{
			{Resource: ResourceWorkflows, Action: ActionRead},
			{Resource: ResourceWorkflows, Action: ActionWrite},
			{Resource: ResourceWorkflows, Action: ActionDelete},
			{Resource: ResourceModules, Action: ActionRead},
			{Resource: ResourceModules, Action: ActionWrite},
			{Resource: ResourceModules, Action: ActionDelete},
			{Resource: ResourceConfigs, Action: ActionRead},
			{Resource: ResourceConfigs, Action: ActionWrite},
			{Resource: ResourceConfigs, Action: ActionDelete},
		},
	}

	RoleAdmin = &Role{
		Name:        "admin",
		Description: "Full access to all resources",
		Permissions: []Permission{
			{Resource: ResourceAll, Action: ActionAdmin},
		},
	}
)

Built-in roles.

Functions

func ContextWithRole 

func ContextWithRole(ctx context.Context, roleName string) context.Context

ContextWithRole stores a role name in the context.

func ContextWithUserID 

func ContextWithUserID(ctx context.Context, userID string) context.Context

ContextWithUserID stores a user ID in the context.

func Middleware 

func Middleware(pe *PolicyEngine, resource Resource, action Action, roleExtractor RoleExtractor) func(http.Handler) http.Handler

Middleware returns HTTP middleware that enforces RBAC permissions. The roleExtractor determines how the user's role is obtained from the request.

func RoleFromContext 

func RoleFromContext(ctx context.Context) (string, bool)

RoleFromContext extracts the role name from the context.

func UserIDFromContext 

func UserIDFromContext(ctx context.Context) (string, bool)

UserIDFromContext extracts the user ID from the context.

Types

type Action 

type Action string

Action represents an operation that can be performed on a resource. 

const (
	ActionRead   Action = "read"
	ActionWrite  Action = "write"
	ActionDelete Action = "delete"
	ActionAdmin  Action = "admin"
)

type Permission 

type Permission struct {
	Resource Resource `json:"resource"`
	Action   Action   `json:"action"`
}

Permission represents permission to perform an action on a resource.

func ParsePermission 

func ParsePermission(s string) (Permission, error)

ParsePermission parses a "resource:action" string into a Permission.

func (Permission) String 

func (p Permission) String() string

String returns a human-readable representation of the permission.

type PolicyEngine 

type PolicyEngine struct {
	// contains filtered or unexported fields
}

PolicyEngine manages roles and evaluates permissions.

func NewPolicyEngine 

func NewPolicyEngine() *PolicyEngine

NewPolicyEngine creates a PolicyEngine pre-loaded with built-in roles.

func (*PolicyEngine) Allowed 

func (pe *PolicyEngine) Allowed(roleName string, resource Resource, action Action) bool

Allowed checks whether the given role has permission for the resource and action.

func (*PolicyEngine) GetRole 

func (pe *PolicyEngine) GetRole(name string) (*Role, bool)

GetRole retrieves a role by name.

func (*PolicyEngine) ListRoles 

func (pe *PolicyEngine) ListRoles() []*Role

ListRoles returns all registered roles.

func (*PolicyEngine) RegisterRole 

func (pe *PolicyEngine) RegisterRole(role *Role)

RegisterRole adds or replaces a role definition.

type Resource 

type Resource string

Resource represents a type of resource in the system. 

const (
	ResourceWorkflows Resource = "workflows"
	ResourceModules   Resource = "modules"
	ResourceConfigs   Resource = "configs"
	ResourceUsers     Resource = "users"
	ResourceSecrets   Resource = "secrets"
	ResourceAll       Resource = "*"
)

type Role 

type Role struct {
	Name        string       `json:"name"`
	Description string       `json:"description"`
	Permissions []Permission `json:"permissions"`
}

Role represents a named set of permissions.

func BuiltinRoles 

func BuiltinRoles() []*Role

BuiltinRoles returns all predefined roles.

func (*Role) HasPermission 

func (r *Role) HasPermission(resource Resource, action Action) bool

HasPermission checks whether this role grants the given permission.

type RoleExtractor 

type RoleExtractor func(r *http.Request) (string, error)

RoleExtractor is a function that extracts a role name from the request.

func ContextRoleExtractor 

func ContextRoleExtractor() RoleExtractor

ContextRoleExtractor returns a RoleExtractor that reads the role from the request context.

func HeaderRoleExtractor 

func HeaderRoleExtractor(header string) RoleExtractor

HeaderRoleExtractor returns a RoleExtractor that reads the role from an HTTP header.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.