auth

package

v0.1.0 Latest Latest Go to latest Published: Feb 22, 2026 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/flectolab/flecto-manager

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func SetUserContext(ctx context.Context, userCtx *UserContext) context.Context
func UserCtxAuthMiddleware(jwtConfig *config.JWTConfig, userService service.UserService, ...) echo.MiddlewareFunc
type PermissionChecker
- func NewPermissionChecker(roleService service.RoleService) *PermissionChecker
type UserContext
- func GetUser(ctx context.Context) *UserContext
- func (uc UserContext) GetUserIdStr() string

Constants ¶

View Source

const (
	ColumnNamespaceCode = model.ColumnNamespaceCode
	ColumnProjectCode   = model.ColumnProjectCode
)

Variables ¶

This section is empty.

Functions ¶

func SetUserContext ¶

func SetUserContext(ctx context.Context, userCtx *UserContext) context.Context

SetUserContext adds a UserContext to the given context. This is primarily used for testing.

func UserCtxAuthMiddleware ¶

func UserCtxAuthMiddleware(jwtConfig *config.JWTConfig, userService service.UserService, roleService service.RoleService, tokenService service.TokenService) echo.MiddlewareFunc

Types ¶

type PermissionChecker ¶

type PermissionChecker struct {
	// contains filtered or unexported fields
}

PermissionChecker allows checking if actions are permitted

func NewPermissionChecker ¶

func NewPermissionChecker(roleService service.RoleService) *PermissionChecker

NewPermissionChecker creates a new PermissionChecker

func (*PermissionChecker) CanAdmin ¶

func (c *PermissionChecker) CanAdmin(permissions *model.SubjectPermissions, section model.SectionType, action model.ActionType) bool

CanAdmin checks if permissions allow an action on an admin section

func (*PermissionChecker) CanAdminForRoleCode ¶

func (c *PermissionChecker) CanAdminForRoleCode(ctx context.Context, roleCode string, section model.SectionType, action model.ActionType) (bool, error)

CanAdminForRoleCode checks if a role can perform an action on an admin section

func (*PermissionChecker) CanAdminForUsername ¶

func (c *PermissionChecker) CanAdminForUsername(ctx context.Context, username string, section model.SectionType, action model.ActionType) (bool, error)

CanAdminForUsername checks if a user can perform an action on an admin section

func (*PermissionChecker) CanResource ¶

func (c *PermissionChecker) CanResource(permissions *model.SubjectPermissions, namespace, project string, resource model.ResourceType, action model.ActionType) bool

CanResource checks if permissions allow an action on a namespace/project/resource

func (*PermissionChecker) CanResourceForRoleCode ¶

func (c *PermissionChecker) CanResourceForRoleCode(ctx context.Context, roleCode, namespace, project string, resource model.ResourceType, action model.ActionType) (bool, error)

CanResourceForRoleCode checks if a role can perform an action on a namespace/project/resource

func (*PermissionChecker) CanResourceForUsername ¶

func (c *PermissionChecker) CanResourceForUsername(ctx context.Context, username, namespace, project string, resource model.ResourceType, action model.ActionType) (bool, error)

CanResourceForUsername checks if a user can perform an action on a namespace/project/resource

func (*PermissionChecker) FilterQueryByNamespace ¶

func (c *PermissionChecker) FilterQueryByNamespace(query *gorm.DB, permissions []model.ResourcePermission, action model.ActionType) *gorm.DB

FilterQueryByNamespace adds WHERE conditions to filter by namespace based on permissions. Uses ColumnNamespaceCode constant for the column name. If user has * namespace permission, returns query unchanged. If user has no matching permissions, adds WHERE 1=0 to return no results.

func (*PermissionChecker) FilterQueryByNamespaceProject ¶

func (c *PermissionChecker) FilterQueryByNamespaceProject(query *gorm.DB, permissions []model.ResourcePermission, action model.ActionType) *gorm.DB

FilterQueryByNamespaceProject adds WHERE conditions to filter by namespace and project based on permissions. Uses ColumnNamespaceCode and ColumnProjectCode constants for column names. Handles wildcards: * namespace = full access, * project = full namespace access. If user has no matching permissions, adds WHERE 1=0 to return no results.

func (*PermissionChecker) FilterQueryByProject ¶

func (c *PermissionChecker) FilterQueryByProject(query *gorm.DB, permissions []model.ResourcePermission, namespace string, action model.ActionType) *gorm.DB

FilterQueryByProject adds WHERE conditions to filter projects within a specific namespace. Uses ColumnProjectCode constant for the column name. Handles wildcards: * namespace or * project = full access within namespace. If user has no matching permissions for this namespace, adds WHERE 1=0 to return no results.

func (*PermissionChecker) MustCanAdminForRoleCode ¶

func (c *PermissionChecker) MustCanAdminForRoleCode(ctx context.Context, roleCode string, section model.SectionType, action model.ActionType) bool

MustCanAdminForRoleCode checks if a role can perform an action on an admin section, returns false on error

func (*PermissionChecker) MustCanAdminForUsername ¶

func (c *PermissionChecker) MustCanAdminForUsername(ctx context.Context, username string, section model.SectionType, action model.ActionType) bool

MustCanAdminForUsername checks if a user can perform an action on an admin section, returns false on error

func (*PermissionChecker) MustCanResourceForRoleCode ¶

func (c *PermissionChecker) MustCanResourceForRoleCode(ctx context.Context, roleCode, namespace, project string, resource model.ResourceType, action model.ActionType) bool

MustCanResourceForRoleCode checks if a role can perform an action on a resource, returns false on error

func (*PermissionChecker) MustCanResourceForUsername ¶

func (c *PermissionChecker) MustCanResourceForUsername(ctx context.Context, username, namespace, project string, resource model.ResourceType, action model.ActionType) bool

MustCanResourceForUsername checks if a user can perform an action on a resource, returns false on error

type UserContext ¶

type UserContext struct {
	UserID             int64
	Username           string
	SubjectPermissions *model.SubjectPermissions
	AuthType           types.AuthType
}

func GetUser ¶

func GetUser(ctx context.Context) *UserContext

func (UserContext) GetUserIdStr ¶

func (uc UserContext) GetUserIdStr() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
openid

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL