Versions in this module Expand all Collapse all v0 v0.4.0 May 6, 2026 Changes in this version + var ErrForbidden = errors.New("forbidden") + type AllowAllAuthorizer struct + func NewAllowAllAuthorizer(metadata PolicyMetadata) *AllowAllAuthorizer + func (a *AllowAllAuthorizer) Can(_ context.Context, _ *auth.PrincipalContext, cap Capability) (*Decision, error) + func (a *AllowAllAuthorizer) Metadata() PolicyMetadata + func (a *AllowAllAuthorizer) Privileges(_ context.Context, _ *auth.PrincipalContext) (Privilege, error) + type Authorizer interface + Can func(ctx context.Context, principalCtx *auth.PrincipalContext, cap Capability) (*Decision, error) + Metadata func() PolicyMetadata + Privileges func(ctx context.Context, principalCtx *auth.PrincipalContext) (Privilege, error) + func NewDefaultCasbinAuthorizer(metadata PolicyMetadata, logger zerolog.Logger) (Authorizer, error) + type AuthorizerConfig struct + AllowAll bool + RoleAliases map[string]string + RoleCapabilities []RoleCapabilityConfig + func (c AuthorizerConfig) ToMetadata() PolicyMetadata + type Capability string + func FeatureCapability(name string) Capability + func Permission(resource, action string) Capability + type CasbinAuthorizer struct + func NewCasbinAuthorizer(metadata PolicyMetadata) (*CasbinAuthorizer, error) + func (a *CasbinAuthorizer) Can(_ context.Context, principalCtx *auth.PrincipalContext, cap Capability) (*Decision, error) + func (a *CasbinAuthorizer) Metadata() PolicyMetadata + func (a *CasbinAuthorizer) Privileges(_ context.Context, principalCtx *auth.PrincipalContext) (Privilege, error) + type Decision struct + Allowed bool + GrantedBy Role + Reason DecisionReason + Required Capability + type DecisionReason string + const ReasonAllowAll + const ReasonDeniedNilPrincipal + const ReasonDeniedNoPermission + const ReasonDeniedNoRoles + const ReasonGranted + type MapAuthorizer struct + func NewMapAuthorizer(privileges map[string]*PrivilegeSet, metadata PolicyMetadata) *MapAuthorizer + func (a *MapAuthorizer) Can(ctx context.Context, principalCtx *auth.PrincipalContext, cap Capability) (*Decision, error) + func (a *MapAuthorizer) Metadata() PolicyMetadata + func (a *MapAuthorizer) Privileges(_ context.Context, principalCtx *auth.PrincipalContext) (Privilege, error) + type MultiAuthorizer struct + func NewMultiAuthorizer(authorizers ...Authorizer) *MultiAuthorizer + func (m *MultiAuthorizer) Can(ctx context.Context, principalCtx *auth.PrincipalContext, cap Capability) (*Decision, error) + func (m *MultiAuthorizer) Metadata() PolicyMetadata + func (m *MultiAuthorizer) Privileges(ctx context.Context, principalCtx *auth.PrincipalContext) (Privilege, error) + type PolicyMetadata struct + RoleAliases map[string]Role + RoleCapabilities map[Role][]Capability + func CloneMetadata(m PolicyMetadata) PolicyMetadata + func MergeRoleAliases(meta PolicyMetadata, aliases map[string]Role) PolicyMetadata + type Privilege interface + Has func(Capability) bool + func NewWildcardPrivilege(ps *PrivilegeSet) Privilege + type PrivilegeSet struct + func NewPrivilegeSet(caps ...Capability) *PrivilegeSet + func (p *PrivilegeSet) Capabilities() []Capability + func (p *PrivilegeSet) Grant(cap Capability) + func (p *PrivilegeSet) Has(cap Capability) bool + func (p *PrivilegeSet) Union(other *PrivilegeSet) *PrivilegeSet + type Role string + type RoleAuthorizer struct + func NewRoleAuthorizer(metadata PolicyMetadata) *RoleAuthorizer + func (a *RoleAuthorizer) Can(ctx context.Context, principalCtx *auth.PrincipalContext, cap Capability) (*Decision, error) + func (a *RoleAuthorizer) Metadata() PolicyMetadata + func (a *RoleAuthorizer) Privileges(_ context.Context, principalCtx *auth.PrincipalContext) (Privilege, error) + type RoleCapabilityConfig struct + Capabilities []string + Role string
Go to main page