authz

package
v0.0.0-...-4c964c4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 29, 2025 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNoPermissionCheckProvided is error that is thrown if no permission checks are provided.
	ErrNoPermissionCheckProvided = errors.New("no permission checks provided")
)
View Source 
var WireSet = wire.NewSet(
	ProvideAuthorizer,
	ProvidePermissionCache,
)

WireSet provides a wire set for this package.

Functions

func CheckPublicAccess 

func CheckPublicAccess(
	ctx context.Context,
	publicAccess publicaccess.Service,
	scope *types.Scope,
	resource *types.Resource,
	permission enum.Permission,
) (bool, error)

CheckPublicAccess checks if the requested permission is public for the provided scope and resource.

Types

type Authorizer 

type Authorizer interface {
	/*
	 * Checks whether the principal of the current session with the provided metadata
	 * has the permission to execute the action on the resource within the scope.
	 * Returns
	 *		(true, nil)   - the action is permitted
	 *		(false, nil)  - the action is not permitted
	 *		(false, err)  - an error occurred while performing the permission check and the action should be denied
	 */
	Check(ctx context.Context,
		session *auth.Session,
		scope *types.Scope,
		resource *types.Resource,
		permission enum.Permission) (bool, error)

	/*
	 * Checks whether the principal of the current session with the provided metadata
	 * has the permission to execute ALL the action on the resource within the scope.
	 * Returns
	 *		(true, nil)   - all requested actions are permitted
	 *		(false, nil)  - at least one requested action is not permitted
	 *		(false, err)  - an error occurred while performing the permission check and all actions should be denied
	 */
	CheckAll(ctx context.Context,
		session *auth.Session,
		permissionChecks ...types.PermissionCheck) (bool, error)
}

Authorizer abstraction of an entity responsible for authorizing access to resources.

func ProvideAuthorizer 

func ProvideAuthorizer(
	pCache PermissionCache,
	spaceStore store.SpaceStore,
	publicAccess publicaccess.Service,
) Authorizer

type MembershipAuthorizer 

type MembershipAuthorizer struct {
	// contains filtered or unexported fields
}

func NewMembershipAuthorizer 

func NewMembershipAuthorizer(
	permissionCache PermissionCache,
	spaceStore store.SpaceStore,
	publicAccess publicaccess.Service,
) *MembershipAuthorizer

func (*MembershipAuthorizer) Check 

func (a *MembershipAuthorizer) Check(
	ctx context.Context,
	session *auth.Session,
	scope *types.Scope,
	resource *types.Resource,
	permission enum.Permission,
) (bool, error)

func (*MembershipAuthorizer) CheckAll 

func (a *MembershipAuthorizer) CheckAll(
	ctx context.Context, session *auth.Session,
	permissionChecks ...types.PermissionCheck,
) (bool, error)

type PermissionCache 

type PermissionCache cache.Cache[PermissionCacheKey, bool]

func NewPermissionCache 

func NewPermissionCache(
	spaceStore store.SpaceStore,
	membershipStore store.MembershipStore,
	cacheDuration time.Duration,
) PermissionCache

func ProvidePermissionCache 

func ProvidePermissionCache(
	spaceStore store.SpaceStore,
	membershipStore store.MembershipStore,
) PermissionCache

type PermissionCacheKey 

type PermissionCacheKey struct {
	PrincipalID int64
	SpaceRef    string
	Permission  enum.Permission
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.