authorization

package

v0.1.1 Latest Latest Go to latest Published: Apr 2, 2025 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dormoron/eidola

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func AuthorizationMiddleware(authorizer *RBACAuthorizer, resource Resource, permission Permission) grpc.UnaryServerInterceptor
type Permission
- func ParsePermission(s string) (Permission, error)
type RBACAuthorizer
- func NewRBACAuthorizer() *RBACAuthorizer
type Resource
type Role
- func NewRole(name, description string) *Role

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrPermissionDenied  = errors.New("权限被拒绝")
	ErrRoleNotFound      = errors.New("角色不存在")
	ErrInvalidPermission = errors.New("无效的权限")
	ErrNoMetadata        = errors.New("上下文中没有元数据")
	ErrNoCredentials     = errors.New("上下文中没有认证信息")
)

权限相关的错误

Functions ¶

func AuthorizationMiddleware ¶

func AuthorizationMiddleware(authorizer *RBACAuthorizer, resource Resource, permission Permission) grpc.UnaryServerInterceptor

AuthorizationMiddleware 授权中间件，用于检查特定权限

Types ¶

type Permission ¶

type Permission string

Permission 表示权限

const (
	PermissionCreate Permission = "create"
	PermissionRead   Permission = "read"
	PermissionUpdate Permission = "update"
	PermissionDelete Permission = "delete"
	PermissionAdmin  Permission = "admin"
)

预定义权限常量

func ParsePermission ¶

func ParsePermission(s string) (Permission, error)

ParsePermission 从字符串解析权限

type RBACAuthorizer ¶

type RBACAuthorizer struct {
	// contains filtered or unexported fields
}

RBACAuthorizer 是基于角色的访问控制授权器

func NewRBACAuthorizer ¶

func NewRBACAuthorizer() *RBACAuthorizer

NewRBACAuthorizer 创建新的RBAC授权器

func (*RBACAuthorizer) AddRole ¶

func (a *RBACAuthorizer) AddRole(role *Role)

AddRole 添加角色

func (*RBACAuthorizer) AuthorizeByRole ¶

func (a *RBACAuthorizer) AuthorizeByRole(ctx context.Context, roleName string, resource Resource, permission Permission) error

AuthorizeByRole 根据角色授权

func (*RBACAuthorizer) CreatePermission ¶

func (a *RBACAuthorizer) CreatePermission(resource Resource, permission Permission) Permission

CreatePermission 解析权限字符串

func (*RBACAuthorizer) GetAllRoles ¶

func (a *RBACAuthorizer) GetAllRoles() []*Role

GetAllRoles 获取所有角色

func (*RBACAuthorizer) GetRole ¶

func (a *RBACAuthorizer) GetRole(roleName string) (*Role, error)

GetRole 获取角色

func (*RBACAuthorizer) MapMethodToPermission ¶

func (a *RBACAuthorizer) MapMethodToPermission(method string, resource Resource, permission Permission)

MapMethodToPermission 映射gRPC方法到权限

func (*RBACAuthorizer) MapServiceToResource ¶

func (a *RBACAuthorizer) MapServiceToResource(serviceName string, resource Resource)

MapServiceToResource 映射整个服务到资源权限

func (*RBACAuthorizer) ParseResourcePermission ¶

func (a *RBACAuthorizer) ParseResourcePermission(perm Permission) (Resource, Permission, error)

ParseResourcePermission 从权限字符串中解析资源和权限

func (*RBACAuthorizer) RemoveRole ¶

func (a *RBACAuthorizer) RemoveRole(roleName string)

RemoveRole 移除角色

func (*RBACAuthorizer) SetupDefaultRoles ¶

func (a *RBACAuthorizer) SetupDefaultRoles()

SetupDefaultRoles 设置默认角色

func (*RBACAuthorizer) StreamServerInterceptor ¶

func (a *RBACAuthorizer) StreamServerInterceptor() grpc.StreamServerInterceptor

StreamServerInterceptor 创建用于流RPC的授权拦截器

func (*RBACAuthorizer) UnaryServerInterceptor ¶

func (a *RBACAuthorizer) UnaryServerInterceptor() grpc.UnaryServerInterceptor

UnaryServerInterceptor 创建用于一元RPC的授权拦截器

type Resource ¶

type Resource string

Resource 表示资源

type Role ¶

type Role struct {
	Name        string
	Description string
	// 资源-权限映射
	Permissions map[Resource][]Permission
}

Role 表示角色

func NewRole ¶

func NewRole(name, description string) *Role

NewRole 创建新角色

func (*Role) AddPermission ¶

func (r *Role) AddPermission(resource Resource, permission Permission)

AddPermission 为角色添加权限

func (*Role) HasPermission ¶

func (r *Role) HasPermission(resource Resource, permission Permission) bool

HasPermission 检查角色是否有对资源的特定权限

func (*Role) HasResource ¶

func (r *Role) HasResource(resource Resource) bool

HasResource 检查角色是否可以访问资源

func (*Role) RemovePermission ¶

func (r *Role) RemovePermission(resource Resource, permission Permission)

RemovePermission 从角色移除权限

Source Files ¶

View all Source files

rbac.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL