openfga

package
v1.54.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 25, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	IDUser              = "userID"
	IDRole              = "roleID"
	IDSupportGroup      = "supportGroupID"
	IDService           = "serviceID"
	IDComponent         = "componentID"
	IDComponentVersion  = "componentVersionID"
	IDComponentInstance = "componentInstanceID"
	IDIssueMatch        = "issueMatchID"
)

IDs (shared across userId/objectId tuple definitions)

View Source 
const (
	TypeUser              = "user"
	TypeRole              = "role"
	TypeSupportGroup      = "support_group"
	TypeService           = "service"
	TypeComponent         = "component"
	TypeComponentVersion  = "component_version"
	TypeComponentInstance = "component_instance"
	TypeIssueMatch        = "issue_match"
)

Types (shared across userType/objectType tuple definitions)

View Source 
const (
	RelCanView           = "can_view"
	RelRole              = "role"
	RelSupportGroup      = "support_group"
	RelRelatedService    = "related_service"
	RelOwner             = "owner"
	RelAdmin             = "admin"
	RelMember            = "member"
	RelComponentInstance = "component_instance"
	RelComponentVersion  = "component_version"
)

Relations (shared across relations tuple definitions)

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessibleResource 

type AccessibleResource struct {
	ObjectType ObjectType
	ObjectId   ObjectId
}

type Authorization 

type Authorization interface {
	// Check if userId has permission on resourceId
	CheckPermission(r RelationInput) (bool, error)
	// Add relationship between userId and resourceId
	AddRelation(r RelationInput) error
	// Add multiple relationships between userId and resourceId
	AddRelationBulk(r []RelationInput) error
	// Remove a single relationship between userId and resourceId
	RemoveRelation(r RelationInput) error
	// Remove all relations that match any given RelationInput as filters
	RemoveRelationBulk(r []RelationInput) error
	// Remove all relations in the authorization store
	RemoveAllRelations() error
	// Update relations based on filters provided
	UpdateRelation(r RelationInput, u RelationInput) error
	// List Relations based on multiple filters
	ListRelations(filters RelationInput) ([]client.ClientTupleKeyWithoutCondition, error)
	// ListAccessibleResources returns a list of resource Ids that the user can access.
	ListAccessibleResources(r RelationInput) ([]AccessibleResource, error)
	// GetListOfAccessibleObjectIds returns a list of object Ids of a given type that the user can access.
	GetListOfAccessibleObjectIds(userId UserId, objectType ObjectType) ([]*int64, error)
}

func NewAuthorizationHandler 

func NewAuthorizationHandler(cfg *util.Config, enablelog bool) Authorization

func NewAuthz 

func NewAuthz(l *logrus.Logger, cfg *util.Config) Authorization

Creates new Authorization implement using OpenFGA

func NewNoAuthz 

func NewNoAuthz(cfg *util.Config) Authorization

type Authz 

type Authz struct {
	// contains filtered or unexported fields
}

func (*Authz) AddRelation 

func (a *Authz) AddRelation(r RelationInput) error

AddRelation adds a specified relationship between userId and objectId.

func (*Authz) AddRelationBulk added in v1.47.0 

func (a *Authz) AddRelationBulk(relations []RelationInput) error

AddRelationBulk adds multiple specified relationships between userId(s) and objectId(s).

func (*Authz) CheckPermission 

func (a *Authz) CheckPermission(r RelationInput) (bool, error)

CheckPermission checks if userId has permission on objectId.

func (*Authz) GetListOfAccessibleObjectIds added in v1.51.0 

func (a *Authz) GetListOfAccessibleObjectIds(userId UserId, objectType ObjectType) ([]*int64, error)

GetListOfAccessibleObjectIds returns a list of object Ids of a given type that the user can access.

func (*Authz) ListAccessibleResources 

func (a *Authz) ListAccessibleResources(r RelationInput) ([]AccessibleResource, error)

ListAccessibleResources returns a list of objectIds of a certain objectType that the user can access.

func (*Authz) ListRelations added in v1.47.0 

func (a *Authz) ListRelations(filter RelationInput) ([]client.ClientTupleKeyWithoutCondition, error)

ListRelations lists all relations that match any given RelationInput as filter(s)

func (*Authz) RemoveAllRelations added in v1.47.0 

func (a *Authz) RemoveAllRelations() error

RemoveAllRelations removes all tuples for the store backing the provided Authorization.

func (*Authz) RemoveRelation 

func (a *Authz) RemoveRelation(r RelationInput) error

RemoveRelation removes a relationship between userId and objectId.

func (*Authz) RemoveRelationBulk added in v1.47.0 

func (a *Authz) RemoveRelationBulk(r []RelationInput) error

RemoveRelationBulk removes all relations that match the given RelationInput as filters.

func (*Authz) UpdateRelation added in v1.47.0 

func (a *Authz) UpdateRelation(add RelationInput, rem RelationInput) error

UpdateRelation updates relations by removing relations that match the filter for the old relation and adding the new relation.

type NoAuthz 

type NoAuthz struct {
	// contains filtered or unexported fields
}

func (*NoAuthz) AddRelation 

func (a *NoAuthz) AddRelation(r RelationInput) error

AddRelation adds a relationship between userId and resourceId.

func (*NoAuthz) AddRelationBulk added in v1.47.0 

func (a *NoAuthz) AddRelationBulk(r []RelationInput) error

AddRelationBulk adds multiple relationships between userId and resourceId.

func (*NoAuthz) CheckPermission 

func (a *NoAuthz) CheckPermission(r RelationInput) (bool, error)

CheckPermission checks if userId has permission on resourceId.

func (*NoAuthz) GetListOfAccessibleObjectIds added in v1.51.0 

func (a *NoAuthz) GetListOfAccessibleObjectIds(userId UserId, objectType ObjectType) ([]*int64, error)

GetListOfAccessibleObjectIds returns a list of object Ids of a given type that the user can access.

func (*NoAuthz) ListAccessibleResources 

func (a *NoAuthz) ListAccessibleResources(r RelationInput) ([]AccessibleResource, error)

ListAccessibleResources returns a list of resource Ids that the user can access.

func (*NoAuthz) ListRelations added in v1.47.0 

func (a *NoAuthz) ListRelations(input RelationInput) ([]client.ClientTupleKeyWithoutCondition, error)

ListRelations lists all relations for a given input.

func (*NoAuthz) RemoveAllRelations added in v1.47.0 

func (a *NoAuthz) RemoveAllRelations() error

RemoveAllRelations removes all relations in the authorization store, used mainly for tests

func (*NoAuthz) RemoveRelation 

func (a *NoAuthz) RemoveRelation(r RelationInput) error

RemoveRelation removes a relationship between userId and resourceId.

func (*NoAuthz) RemoveRelationBulk added in v1.47.0 

func (a *NoAuthz) RemoveRelationBulk(input []RelationInput) error

DeleteObjectRelations deletes all relations for a given object.

func (*NoAuthz) UpdateRelation added in v1.47.0 

func (a *NoAuthz) UpdateRelation(r RelationInput, u RelationInput) error

UpdateRelation updates a relationship between userId and resourceId.

type ObjectId 

type ObjectId string

func ObjectIdFromInt added in v1.47.0 

func ObjectIdFromInt(id int64) ObjectId

ObjectIdFromInt converts a numeric ID to an OpenFGA ObjectId.

type ObjectType 

type ObjectType string

type RelationInput 

type RelationInput struct {
	UserType   UserType
	UserId     UserId
	Relation   RelationType
	ObjectType ObjectType
	ObjectId   ObjectId
}

type RelationType 

type RelationType string

type UserId 

type UserId string

func UserIdFromInt added in v1.47.0 

func UserIdFromInt(id int64) UserId

UserIdFromInt converts an int ID to an OpenFGA UserId.

type UserType 

type UserType string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.