rbac

package
v0.0.0-...-8acab51 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2026 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrUserNotFound        = errors.New("user not found")
	ErrRoleNotFound        = errors.New("role not found")
	ErrAssignmentNotFound  = errors.New("assignment not found")
	ErrDuplicateAssignment = errors.New("user already has this role")
)

Functions

func GetRoleFromContext 

func GetRoleFromContext(c echo.Context) string

GetRoleFromContext retrieves the role from the echo context

func SetRoleInContext 

func SetRoleInContext(c echo.Context, role string)

SetRoleInContext stores the role in the echo context

Types

type AssignRoleRequest 

type AssignRoleRequest struct {
	UserID     string
	RoleName   string
	AssignedBy string
	ExpiresAt  *time.Time
}

AssignRoleRequest represents a request to assign a role to a user

type ContextKey 

type ContextKey string

ContextKey is the type for context keys 

const (
	// RoleContextKey is the key for storing role in context
	RoleContextKey ContextKey = "role"
)

type Middleware 

type Middleware struct {
	// contains filtered or unexported fields
}

Middleware provides RBAC middleware for Echo

func NewMiddleware 

func NewMiddleware(rbac *RBAC) *Middleware

NewMiddleware creates a new RBAC middleware

func (*Middleware) RequireAllPermissions 

func (m *Middleware) RequireAllPermissions(permissions ...string) echo.MiddlewareFunc

RequireAllPermissions returns a middleware that requires all of the specified permissions

func (*Middleware) RequireAnyPermission 

func (m *Middleware) RequireAnyPermission(permissions ...string) echo.MiddlewareFunc

RequireAnyPermission returns a middleware that requires any of the specified permissions

func (*Middleware) RequireAnyRole 

func (m *Middleware) RequireAnyRole(roles ...string) echo.MiddlewareFunc

RequireAnyRole returns a middleware that requires any of the specified roles

func (*Middleware) RequirePermission 

func (m *Middleware) RequirePermission(permission string) echo.MiddlewareFunc

RequirePermission returns a middleware that requires a specific permission

func (*Middleware) RequireRole 

func (m *Middleware) RequireRole(roleName string) echo.MiddlewareFunc

RequireRole returns a middleware that requires a specific role

type RBAC 

type RBAC struct {
	// contains filtered or unexported fields
}

RBAC handles role-based access control

func New 

func New() *RBAC

New creates a new RBAC instance

func (*RBAC) DefineRole 

func (r *RBAC) DefineRole(name string, permissions []string)

DefineRole defines a new role with the given permissions

func (*RBAC) GetAllPermissions 

func (r *RBAC) GetAllPermissions(roleName string) []string

GetAllPermissions returns all permissions for a role including inherited ones

func (*RBAC) GetRole 

func (r *RBAC) GetRole(name string) *Role

GetRole returns a role by name

func (*RBAC) GetRolePermissions 

func (r *RBAC) GetRolePermissions(roleName string) []string

GetRolePermissions returns the permissions for a role

func (*RBAC) HasPermission 

func (r *RBAC) HasPermission(roleName, permission string) bool

HasPermission checks if a role has a specific permission

func (*RBAC) ListRoles 

func (r *RBAC) ListRoles() []*Role

ListRoles returns all defined roles

func (*RBAC) RemoveRole 

func (r *RBAC) RemoveRole(name string)

RemoveRole removes a role

func (*RBAC) SetRoleParent 

func (r *RBAC) SetRoleParent(roleName, parentName string)

SetRoleParent sets the parent role for inheritance

type RevokeRoleRequest 

type RevokeRoleRequest struct {
	UserID    string
	RoleName  string
	RevokedBy string
}

RevokeRoleRequest represents a request to revoke a role from a user

type Role 

type Role struct {
	Name        string   `json:"name"`
	Permissions []string `json:"permissions"`
	Parent      string   `json:"parent,omitempty"` // Parent role for inheritance
}

Role represents a role with permissions

type UserRoleAssignment 

type UserRoleAssignment struct {
	ID         string     `json:"id"`
	UserID     string     `json:"user_id"`
	RoleName   string     `json:"role_name"`
	AssignedBy string     `json:"assigned_by,omitempty"`
	AssignedAt time.Time  `json:"assigned_at"`
	ExpiresAt  *time.Time `json:"expires_at,omitempty"`
	Revoked    bool       `json:"revoked"`
	RevokedAt  *time.Time `json:"revoked_at,omitempty"`
	RevokedBy  *string    `json:"revoked_by,omitempty"`
}

UserRoleAssignment represents a user-role assignment

type UserRoleService 

type UserRoleService struct {
	// contains filtered or unexported fields
}

UserRoleService handles user-role assignments

func NewUserRoleService 

func NewUserRoleService(dbPath string, rbac *RBAC) (*UserRoleService, error)

NewUserRoleService creates a new user role service

func (*UserRoleService) AssignRole 

func (s *UserRoleService) AssignRole(ctx context.Context, req *AssignRoleRequest) (*UserRoleAssignment, error)

AssignRole assigns a role to a user

func (*UserRoleService) BulkAssignRole 

func (s *UserRoleService) BulkAssignRole(ctx context.Context, userIDs []string, roleName, assignedBy string) error

BulkAssignRole assigns a role to multiple users

func (*UserRoleService) BulkRevokeRole 

func (s *UserRoleService) BulkRevokeRole(ctx context.Context, userIDs []string, roleName, revokedBy string) error

BulkRevokeRole revokes a role from multiple users

func (*UserRoleService) CleanupExpiredAssignments 

func (s *UserRoleService) CleanupExpiredAssignments(ctx context.Context) (int64, error)

CleanupExpiredAssignments removes expired role assignments

func (*UserRoleService) Close 

func (s *UserRoleService) Close() error

Close closes the database connection

func (*UserRoleService) GetAssignmentHistory 

func (s *UserRoleService) GetAssignmentHistory(ctx context.Context, userID string) ([]*UserRoleAssignment, error)

GetAssignmentHistory returns the assignment history for a user

func (*UserRoleService) GetRoleUsers 

func (s *UserRoleService) GetRoleUsers(ctx context.Context, roleName string) ([]*UserRoleAssignment, error)

GetRoleUsers returns all users with a specific role

func (*UserRoleService) GetUserPermissions 

func (s *UserRoleService) GetUserPermissions(ctx context.Context, userID string) ([]string, error)

GetUserPermissions returns all permissions for a user through their roles

func (*UserRoleService) GetUserRoles 

func (s *UserRoleService) GetUserRoles(ctx context.Context, userID string) ([]*UserRoleAssignment, error)

GetUserRoles returns all active roles for a user

func (*UserRoleService) HasPermission 

func (s *UserRoleService) HasPermission(ctx context.Context, userID, permission string) (bool, error)

HasPermission checks if a user has a specific permission through any of their roles

func (*UserRoleService) HasRole 

func (s *UserRoleService) HasRole(ctx context.Context, userID, roleName string) (bool, error)

HasRole checks if a user has a specific role

func (*UserRoleService) RevokeRole 

func (s *UserRoleService) RevokeRole(ctx context.Context, req *RevokeRoleRequest) error

RevokeRole revokes a role from a user

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.