Documentation
¶
Index ¶
- type AccessGrant
- type AccessKind
- type AppRelation
- func (r AppRelation) CanAccessProxy() bool
- func (r AppRelation) CanDelete() bool
- func (r AppRelation) CanDeploy() bool
- func (r AppRelation) CanManageACL() bool
- func (r AppRelation) CanStartStop() bool
- func (r AppRelation) CanUpdateConfig() bool
- func (r AppRelation) CanViewDetails() bool
- func (r AppRelation) String() string
- type ContentRole
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessGrant ¶
type AccessGrant struct {
AppID string
Principal string
Kind AccessKind
Role ContentRole
GrantedBy string
GrantedAt string
}
AccessGrant represents a row from the app_access table.
type AccessKind ¶
type AccessKind string
AccessKind distinguishes user grants from group grants.
const (
AccessKindUser AccessKind = "user"
)
type AppRelation ¶
type AppRelation int
AppRelation is the effective relationship between a caller and a specific app. Determines what operations the caller can perform.
const ( RelationNone AppRelation = iota // No access at all RelationAnonymous // Public app, unauthenticated user RelationContentViewer // Per-content viewer (ACL grant) RelationContentCollaborator // Per-content collaborator (ACL grant) RelationOwner // App owner RelationAdmin // System admin )
func EvaluateAccess ¶
func EvaluateAccess( caller *auth.CallerIdentity, appOwner string, grants []AccessGrant, accessType string, ) AppRelation
EvaluateAccess determines the caller's relationship to a specific app.
Evaluation order:
- Public app + nil caller -> RelationAnonymous
- System admin -> RelationAdmin (overrides all)
- App owner -> RelationOwner
- Explicit user ACL grants -> highest content role
- logged_in or public app + authenticated caller -> RelationContentViewer
- No match -> RelationNone
accessType is the app's access_type column ("acl", "logged_in", or "public"). caller may be nil for unauthenticated requests to public apps.
func (AppRelation) CanAccessProxy ¶
func (r AppRelation) CanAccessProxy() bool
CanAccessProxy reports whether this relation allows using the app via proxy.
func (AppRelation) CanDelete ¶
func (r AppRelation) CanDelete() bool
CanDelete reports whether this relation allows deleting the app.
func (AppRelation) CanDeploy ¶
func (r AppRelation) CanDeploy() bool
CanDeploy reports whether this relation allows deploying bundles.
func (AppRelation) CanManageACL ¶
func (r AppRelation) CanManageACL() bool
CanManageACL reports whether this relation allows managing ACL grants.
func (AppRelation) CanStartStop ¶
func (r AppRelation) CanStartStop() bool
CanStartStop reports whether this relation allows starting/stopping the app.
func (AppRelation) CanUpdateConfig ¶
func (r AppRelation) CanUpdateConfig() bool
CanUpdateConfig reports whether this relation allows updating app config.
func (AppRelation) CanViewDetails ¶
func (r AppRelation) CanViewDetails() bool
CanViewDetails reports whether this relation allows viewing app details.
func (AppRelation) String ¶ added in v0.0.3
func (r AppRelation) String() string
String returns the lowercase name of the app relation.
type ContentRole ¶
type ContentRole int
ContentRole is a per-content role granted via the app_access table. Ordered by privilege for max-wins resolution.
const ( ContentRoleViewer ContentRole = iota // Can use the app via proxy ContentRoleCollaborator // Can deploy, start/stop, update config )
func ParseContentRole ¶
func ParseContentRole(s string) (ContentRole, bool)
ParseContentRole converts a string to a ContentRole. Returns ContentRoleViewer and false for unrecognized values.
func (ContentRole) String ¶
func (r ContentRole) String() string
String returns the lowercase name of the content role.
Source Files