Documentation
¶
Overview ¶
Package rbac provides Role-Based Access Control (RBAC) constants, types, and utilities
Index ¶
- func DefaultRolePermissions() map[RoleName][]PermissionName
- func GetRoleDescription(name RoleName) string
- func IsValidPermissionName(name string) bool
- func IsValidRoleName(name string) bool
- type PermissionDefinition
- type PermissionName
- type RoleDefinition
- type RoleName
- type Seeder
- func (s *Seeder) AssignDefaultRoleToUser(ctx context.Context, userID string) error
- func (s *Seeder) AssignDefaultRoleToUsersWithoutRoles(ctx context.Context) (int, error)
- func (s *Seeder) AssignRoleToUser(ctx context.Context, userID string, roleName RoleName) error
- func (s *Seeder) GetPermissionID(ctx context.Context, permName PermissionName) (string, error)
- func (s *Seeder) GetRoleID(ctx context.Context, roleName RoleName) (string, error)
- func (s *Seeder) RemoveRoleFromUser(ctx context.Context, userID string, roleName RoleName) error
- func (s *Seeder) SeedAll(ctx context.Context) error
- func (s *Seeder) SeedPermissions(ctx context.Context) error
- func (s *Seeder) SeedRolePermissions(ctx context.Context) error
- func (s *Seeder) SeedRoles(ctx context.Context) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultRolePermissions ¶
func DefaultRolePermissions() map[RoleName][]PermissionName
DefaultRolePermissions returns the default permission assignments for each role
func GetRoleDescription ¶
GetRoleDescription returns the description for a predefined role
func IsValidPermissionName ¶
IsValidPermissionName checks if a permission name is a predefined permission
func IsValidRoleName ¶
IsValidRoleName checks if a role name is a predefined role
Types ¶
type PermissionDefinition ¶
type PermissionDefinition struct {
Name PermissionName
Resource string
Action string
Description string
}
PermissionDefinition defines a permission with its metadata
func DefaultPermissions ¶
func DefaultPermissions() []PermissionDefinition
DefaultPermissions returns the predefined permissions for the system
func GetPermissionDefinition ¶
func GetPermissionDefinition(name PermissionName) *PermissionDefinition
GetPermissionDefinition returns the definition for a predefined permission
type PermissionName ¶
type PermissionName string
PermissionName represents a type-safe permission name
const ( PermProductCreate PermissionName = "product:create" PermProductRead PermissionName = "product:read" PermProductUpdate PermissionName = "product:update" PermProductDelete PermissionName = "product:delete" )
Product permissions
const ( PermOrderCreate PermissionName = "order:create" PermOrderRead PermissionName = "order:read" PermOrderUpdate PermissionName = "order:update" PermOrderProcess PermissionName = "order:process" )
Order permissions
const ( PermUserCreate PermissionName = "user:create" PermUserRead PermissionName = "user:read" PermUserUpdate PermissionName = "user:update" PermUserDelete PermissionName = "user:delete" PermUserUpdateOwn PermissionName = "user:update_own" )
User permissions
const ( PermCustomerView PermissionName = "customer:view" PermCustomerOrderHistory PermissionName = "customer:order_history" )
Customer support permissions
const (
PermReportView PermissionName = "report:view"
)
Report permissions
func AllPermissionNames ¶
func AllPermissionNames() []PermissionName
AllPermissionNames returns all predefined permission names
func (PermissionName) String ¶
func (p PermissionName) String() string
String returns the string representation of the permission name
type RoleDefinition ¶
RoleDefinition defines a role with its metadata
func DefaultRoles ¶
func DefaultRoles() []RoleDefinition
DefaultRoles returns the predefined roles for the system
type RoleName ¶
type RoleName string
RoleName represents a type-safe role name
const ( // RoleAdmin has full access to all resources RoleAdmin RoleName = "admin" // RoleManager has access to manage products, orders, and view reports RoleManager RoleName = "manager" // RoleCustomerExperience has access to view customer information and order history RoleCustomerExperience RoleName = "customer_experience" // RoleCustomer has access to their own resources and basic product/order operations RoleCustomer RoleName = "customer" )
Predefined role names
func DefaultRole ¶
func DefaultRole() RoleName
DefaultRole returns the default role to assign to new users
type Seeder ¶
type Seeder struct {
// contains filtered or unexported fields
}
Seeder provides functionality to seed the database with predefined roles and permissions
func (*Seeder) AssignDefaultRoleToUser ¶
AssignDefaultRoleToUser assigns the default role (customer) to a user if they have no roles
func (*Seeder) AssignDefaultRoleToUsersWithoutRoles ¶
AssignDefaultRoleToUsersWithoutRoles assigns the default role to all users who don't have any roles Returns the number of users updated
func (*Seeder) AssignRoleToUser ¶
AssignRoleToUser assigns a specific role to a user by role name
func (*Seeder) GetPermissionID ¶
GetPermissionID returns the database ID for a permission name
func (*Seeder) RemoveRoleFromUser ¶
RemoveRoleFromUser removes a specific role from a user by role name
func (*Seeder) SeedPermissions ¶
SeedPermissions seeds all predefined permissions into the database
func (*Seeder) SeedRolePermissions ¶
SeedRolePermissions seeds the role-permission relationships