GO-2025-4243: Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk

authz

package

v1.0.1 Latest Latest Go to latest Published: Jan 28, 2026 License: AGPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/abhinavxd/libredesk

Links

Open Source Insights

Documentation ¶

Overview ¶

package authz provides Casbin-based authorization.

Index ¶

type Enforcer
- func NewEnforcer(lo *logf.Logger, i18n *i18n.I18n) (*Enforcer, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Enforcer ¶

type Enforcer struct {
	// contains filtered or unexported fields
}

Enforcer is a wrapper around Casbin enforcer.

func NewEnforcer ¶

func NewEnforcer(lo *logf.Logger, i18n *i18n.I18n) (*Enforcer, error)

NewEnforcer initializes a new Enforcer with the hardcoded model

func (*Enforcer) Enforce ¶

func (e *Enforcer) Enforce(user umodels.User, obj, act string) (bool, error)

Enforce checks if a user has permission to perform an action on an object.

func (*Enforcer) EnforceConversationAccess ¶

func (e *Enforcer) EnforceConversationAccess(user umodels.User, conversation cmodels.Conversation) (bool, error)

EnforceConversationAccess determines if a user has access to a specific conversation based on their permissions. Requires basic "read" permission AND one of the following conditions: 1. User has the "read_all" permission, allowing access to all conversations. 2. User has the "read_assigned" permission and is the assigned user. 3. User has the "read_team_inbox" permission and is part of the assigned team, with the conversation NOT assigned to any user. 4. User has the "read_unassigned" permission and the conversation is not assigned to any user or team. Returns true if access is granted, false otherwise. In case of an error while checking permissions returns false and the error.

func (*Enforcer) EnforceMediaAccess ¶

func (e *Enforcer) EnforceMediaAccess(user umodels.User, model string) (bool, error)

EnforceMediaAccess checks for read access on linked model to media.

func (*Enforcer) InvalidateAllCache ¶

func (e *Enforcer) InvalidateAllCache()

InvalidateAllCache clears the entire permissions cache.

func (*Enforcer) InvalidateUserCache ¶

func (e *Enforcer) InvalidateUserCache(userID int)

InvalidateUserCache removes user from permsCache to be called when user permissions change.

func (*Enforcer) LoadPermissions ¶

func (e *Enforcer) LoadPermissions(user umodels.User) error

LoadPermissions syncs user permissions with Casbin enforcer by removing existing policies and adding current permissions as new policies.

Source Files ¶

View all Source files

authz.go

Directories ¶

Path	Synopsis
models

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL