Documentation
¶
Index ¶
- Constants
- Variables
- type Account
- func (acc *Account) CheckPermissions(ctx context.Context, resource any, patterns ...string) bool
- func (acc *Account) CheckedPermissions(ctx context.Context, resource any, patterns ...string) rbac.Permission
- func (acc *Account) ExtendAdminUsers(ids ...uint64)
- func (acc *Account) ExtendPermissions(perm PermissionChecker)
- func (acc *Account) HasPermission(patterns ...string) bool
- func (acc *Account) IsAdminUser(userID uint64) bool
- func (acc *Account) IsAnonymous() bool
- func (acc *Account) IsOwnerUser(userID uint64) bool
- func (acc *Account) ListPermissions(patterns ...string) []rbac.Permission
- func (acc *Account) OwnerAccountID() uint64
- func (acc *Account) RBACResourceName() string
- func (acc *Account) SetPermissions(perm PermissionChecker)
- func (acc *Account) TableName() string
- type AccountMember
- type AccountSocial
- type AccountSocialSession
- type ApproveStatus
- type AuthClient
- type AuthSession
- type AvailableStatus
- type DirectAccessToken
- type HistoryAction
- type M2MAccountMemberRole
- type M2MRole
- type Option
- type OptionType
- type Order
- type PermissionChecker
- type Role
- type User
- type UserPasswordReset
Constants ¶
View Source
const ( AccessLevelBasic = 0 AccessLevelNoAnonymous = 1 AccessLevelAccount = 2 AccessLevelSystem = 3 )
Variables ¶
View Source
var Anonymous = User{ID: 0}
Anonymous user object
Functions ¶
This section is empty.
Types ¶
type Account ¶
type Account struct {
ID uint64 `json:"id" gorm:"primaryKey"`
Approve ApproveStatus `json:"approved" db:"approve_status" gorm:"column:approve_status" `
Title string `json:"title"`
Description string `json:"description"`
// LogoURI is an URL string that references a logo for the client.
LogoURI string `json:"logo_uri" gorm:"column:logo_uri"`
// PolicyURI is a URL string that points to a human-readable privacy policy document
// that describes how the deployment organization collects, uses,
// retains, and discloses personal data.
PolicyURI string `json:"policy_uri" gorm:"column:policy_uri"`
// TermsOfServiceURI is a URL string that points to a human-readable terms of service
// document for the client that describes a contractual relationship
// between the end-user and the client that the end-user accepts when
// authorizing the client.
TermsOfServiceURI string `json:"tos_uri" gorm:"column:tos_uri"`
// ClientURI is an URL string of a web page providing information about the client.
// If present, the server SHOULD display this URL to the end-user in
// a clickable fashion.
ClientURI string `json:"client_uri" gorm:"column:client_uri"`
// Contacts is a array of strings representing ways to contact people responsible
// for this client, typically email addresses.
Contacts gosql.NullableStringArray `json:"contacts" gorm:"column:contacts;type:text[]"`
Permissions PermissionChecker `json:"-" gorm:"-"`
Admins []uint64 `json:"-" gorm:"-"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
DeletedAt gorm.DeletedAt `json:"deleted_at"`
}
Account provides the information about the account
func PermissionCheckAccountFromContext ¶
PermissionCheckAccountFromContext returns the original account for check
func (*Account) CheckPermissions ¶
CheckPermissions for some specific resource
func (*Account) CheckedPermissions ¶
func (acc *Account) CheckedPermissions(ctx context.Context, resource any, patterns ...string) rbac.Permission
CheckedPermissions for some specific resource
func (*Account) ExtendAdminUsers ¶
ExtendAdminUsers to the account
func (*Account) ExtendPermissions ¶
func (acc *Account) ExtendPermissions(perm PermissionChecker)
ExtendPermissions of the account for the user
func (*Account) HasPermission ¶
HasPermission for the account
func (*Account) IsAdminUser ¶
IsApproved account
func (*Account) IsOwnerUser ¶
IsOwnerUser of the account
func (*Account) ListPermissions ¶
func (acc *Account) ListPermissions(patterns ...string) []rbac.Permission
ListPermissions for the account
func (*Account) OwnerAccountID ¶
OwnerAccountID returns the account ID which belongs the object
func (*Account) RBACResourceName ¶
RBACResourceName returns the name of the resource for the RBAC
func (*Account) SetPermissions ¶ added in v0.2.7
func (acc *Account) SetPermissions(perm PermissionChecker)
SetPermissions of the account for the user
type AccountMember ¶
type AccountMember struct {
ID uint64 `db:"id" gorm:"primaryKey"`
Approve ApproveStatus `db:"approve_status" gorm:"column:approve_status"`
AccountID uint64 `db:"account_id"`
Account *Account `db:"-" gorm:"foreignKey:AccountID;references:ID"`
UserID uint64 `db:"user_id"`
User *User `db:"-" gorm:"foreignKey:UserID;references:ID"`
// Superuser permissions for the current account
// Despite of that optinion that better to use roles as the only way of permission issue
// the Owner flag in most of cases is very useful approach which prevent many problems related to
// permission updates.
// Admin permission restricted by some limits which available only to superusers and managers.
IsAdmin bool `db:"is_admin"`
// Roles of the member
Roles []*Role `gorm:"many2many:m2m_account_member_role;foreignKey:ID;joinForeignKey:MemberID;references:ID;joinReferences:RoleID"`
CreatedAt time.Time `db:"created_at"`
UpdatedAt time.Time `db:"updated_at"`
DeletedAt gorm.DeletedAt `db:"deleted_at"`
}
AccountMember contains reference from user to account as memeber
func (*AccountMember) OwnerAccountID ¶
func (member *AccountMember) OwnerAccountID() uint64
func (*AccountMember) RBACResourceName ¶
func (member *AccountMember) RBACResourceName() string
RBACResourceName returns the name of the resource for the RBAC
func (*AccountMember) TableName ¶
func (member *AccountMember) TableName() string
TableName of the model in the database
type AccountSocial ¶
type AccountSocial struct {
ID uint64 `db:"id" gorm:"primaryKey"`
UserID uint64 `db:"user_id"`
User *User `db:"-" gorm:"foreignKey:UserID"`
SocialID string `db:"social_id"` // social network user id
Provider string `db:"provider"` // facebook, google, twitter, github, etc
Email string `db:"email"`
FirstName string `db:"first_name"`
LastName string `db:"last_name"`
Username string `db:"username"`
Avatar string `db:"avatar"`
Link string `db:"link"`
// Data is a JSON object with additional data
Data gosql.NullableJSON[map[string]any] `db:"data" gorm:"type:jsonb"`
// Sessions list linked to the account
Sessions []*AccountSocialSession `db:"-" gorm:"foreignKey:AccountSocialID;references:ID"`
CreatedAt time.Time `db:"created_at"`
UpdatedAt time.Time `db:"updated_at"`
DeletedAt gorm.DeletedAt `db:"deleted_at"`
}
AccountSocial object represents a social network account
func (*AccountSocial) CreatorUserID ¶
func (m *AccountSocial) CreatorUserID() uint64
CreatorUserID returns the ID of the owner of the resource
func (*AccountSocial) RBACResourceName ¶
func (m *AccountSocial) RBACResourceName() string
RBACResourceName returns the name of the resource for the RBAC
type AccountSocialSession ¶
type AccountSocialSession struct {
// Unique name of the session to destinguish between different sessions with different scopes
Name string `db:"name" gorm:"primaryKey"`
AccountSocialID uint64 `db:"account_social_id" gorm:"primaryKey;autoIncrement:false"`
TokenType string `db:"token_type" json:"token_type,omitempty"`
AccessToken string `db:"access_token" json:"access_token"`
RefreshToken string `db:"refresh_token" json:"refresh_token"`
Scopes gosql.NullableStringArray `db:"scopes" json:"scopes,omitempty" gorm:"type:text[]"`
CreatedAt time.Time `db:"created_at" json:"created_at"`
UpdatedAt time.Time `db:"updated_at" json:"updated_at"`
ExpiresAt null.Time `db:"expires_at" json:"expires_at,omitempty"`
DeletedAt gorm.DeletedAt `db:"deleted_at" json:"deleted_at,omitempty"`
}
func (*AccountSocialSession) TableName ¶
func (m *AccountSocialSession) TableName() string
TableName in database
type ApproveStatus ¶
type ApproveStatus int
ApproveStatus of the model
const ( UndefinedApproveStatus ApproveStatus = 0 PendingApproveStatus ApproveStatus = 0 ApprovedApproveStatus ApproveStatus = 1 DisapprovedApproveStatus ApproveStatus = 2 BannedApproveStatus ApproveStatus = 3 )
ApproveStatus option constants...
func (ApproveStatus) IsApproved ¶
func (s ApproveStatus) IsApproved() bool
func (ApproveStatus) IsRejected ¶
func (s ApproveStatus) IsRejected() bool
func (ApproveStatus) IsUndefined ¶
func (s ApproveStatus) IsUndefined() bool
func (ApproveStatus) String ¶
func (s ApproveStatus) String() string
type AuthClient ¶
type AuthClient struct {
// ClientID is the client ID which represents unique connection indentificator
ID string `db:"id"`
// Owner and creator of the auth client
AccountID uint64 `db:"account_id"`
UserID uint64 `db:"user_id"`
// Title of the AuthClient as himan readable name
Title string `db:"title"`
// Secret is the client's secret. The secret will be included in the create request as cleartext, and then
// never again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users
// that they need to write the secret down as it will not be made available again.
Secret string `db:"secret"`
// RedirectURIs is an array of allowed redirect urls for the client, for example http://mydomain/oauth/callback .
RedirectURIs gosql.NullableStringArray `db:"redirect_uris" gorm:"type:text[]"`
// GrantTypes is an array of grant types the client is allowed to use.
//
// Pattern: client_credentials|authorization_code|implicit|refresh_token
GrantTypes gosql.NullableStringArray `db:"grant_types" gorm:"type:text[]"`
// ResponseTypes is an array of the OAuth 2.0 response type strings that the client can
// use at the authorization endpoint.
//
// Pattern: id_token|code|token
ResponseTypes gosql.NullableStringArray `db:"response_types" gorm:"type:text[]"`
// Scope is a string containing a space-separated list of scope values (as
// described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client
// can use when requesting access tokens.
//
// Pattern: ([a-zA-Z0-9\.\*]+\s?)+
Scope string `db:"scope"`
// Audience is a whitelist defining the audiences this client is allowed to request tokens for. An audience limits
// the applicability of an OAuth 2.0 Access Token to, for example, certain API endpoints. The value is a list
// of URLs. URLs MUST NOT contain whitespaces.
Audience gosql.NullableStringArray `json:"audience" gorm:"type:text[]"`
// SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a
// list of the supported subject_type values for this server. Valid types include `pairwise` and `public`.
SubjectType string `db:"subject_type"`
// AllowedCORSOrigins are one or more URLs (scheme://host[:port]) which are allowed to make CORS requests
// to the /oauth/token endpoint. If this array is empty, the sever's CORS origin configuration (`CORS_ALLOWED_ORIGINS`)
// will be used instead. If this array is set, the allowed origins are appended to the server's CORS origin configuration.
// Be aware that environment variable `CORS_ENABLED` MUST be set to `true` for this to work.
AllowedCORSOrigins gosql.NullableStringArray `db:"allowed_cors_origins" gorm:"type:text[]"`
// Public flag tells that the client is public
Public bool `db:"public"`
// ExpiresAt contins the time of expiration of the client
ExpiresAt time.Time `db:"expires_at"`
CreatedAt time.Time `db:"created_at"`
UpdatedAt time.Time `db:"updated_at"`
DeletedAt gorm.DeletedAt `db:"deleted_at"`
}
AuthClient object represents an OAuth 2.0 client
func (*AuthClient) OwnerAccountID ¶
func (m *AuthClient) OwnerAccountID() uint64
OwnerAccountID returns the account ID which belongs the object
func (*AuthClient) RBACResourceName ¶
func (m *AuthClient) RBACResourceName() string
RBACResourceName returns the name of the resource for the RBAC
type AuthSession ¶
type AuthSession struct {
ID uint64 `db:"id"`
Active bool `db:"active"`
ClientID string `db:"client_id"` // Internal AuthClient id
Username string `db:"username"`
Subject string `db:"subject"`
RequestID string `db:"request_id"`
// AccessToken is the main access token for the session
AccessToken string `db:"access_token"`
AccessTokenExpiresAt time.Time `db:"access_token_expires_at"`
RefreshToken null.String `db:"refresh_token" gorm:"type:text"`
RefreshTokenExpiresAt time.Time `db:"refresh_token_expires_at"`
Form string `db:"form"`
RequestedScope gosql.NullableStringArray `db:"requested_scope" gorm:"type:text[]"`
GrantedScope gosql.NullableStringArray `db:"granted_scope" gorm:"type:text[]"`
RequestedAudience gosql.NullableStringArray `db:"requested_audience" gorm:"type:text[]"`
GrantedAudience gosql.NullableStringArray `db:"granted_audience" gorm:"type:text[]"`
CreatedAt time.Time `db:"created_at"`
DeletedAt gorm.DeletedAt `db:"deleted_at"`
}
AuthSession describes session object of the external applications which are authenticated by the oauth2 protocol with the current service
func (*AuthSession) RBACResourceName ¶
func (m *AuthSession) RBACResourceName() string
RBACResourceName returns the name of the resource for the RBAC
type AvailableStatus ¶
type AvailableStatus int
AvailableStatus type
const ( UndefinedAvailableStatus AvailableStatus = 0 AvailableAvailableStatus AvailableStatus = 1 )
AvailableStatus option constants...
type DirectAccessToken ¶
type DirectAccessToken struct {
ID uint64 `json:"id"`
Token string `json:"token"`
Description string `json:"description"`
UserID sql.Null[uint64] `json:"user_id"`
AccountID uint64 `json:"account_id"`
CreatedAt time.Time `json:"created_at"`
ExpiresAt time.Time `json:"expires_at"`
}
func (*DirectAccessToken) RBACResourceName ¶
func (m *DirectAccessToken) RBACResourceName() string
RBACResourceName returns the name of the resource for the RBAC
func (*DirectAccessToken) TableName ¶
func (m *DirectAccessToken) TableName() string
type HistoryAction ¶
type HistoryAction struct {
ID uuid.UUID `gorm:"type:uuid;primaryKey;"`
RequestID string `gorm:"type:varchar(255);not null;index:idx_history_actions_request_id;"`
UserID uint64 `json:"user_id" gorm:"index:idx_history_actions_user_id;not null;"`
AccountID uint64 `json:"account_id" gorm:"index:idx_history_actions_account_id;not null;"`
Name string `gorm:"type:varchar(255);not null;index:idx_history_actions_name;"`
Message string `gorm:"type:text;not null;"`
ObjectType string `gorm:"type:varchar(255);not null;index:idx_history_actions_object_type;"`
ObjectID uint64 `gorm:"type:bigint;not null;index:idx_history_actions_object_id;"`
ObjectIDs string `gorm:"type:varchar(255);not null;index:idx_history_actions_object_ids;"`
Data gosql.NullableJSON[map[string]any] `gorm:"type:jsonb;not null;"`
ActionAt time.Time `gorm:"type:timestamp;not null;index:idx_history_actions_at;"`
}
HistoryAction model used for store history of actions.
func (*HistoryAction) CreatorUserID ¶
func (act *HistoryAction) CreatorUserID() uint64
func (*HistoryAction) DataMap ¶
func (act *HistoryAction) DataMap() map[string]any
DataMap returns data as map.
func (*HistoryAction) DataTo ¶
func (act *HistoryAction) DataTo(dest any) error
DataTo unmarshal data to dest.
func (*HistoryAction) OwnerAccountID ¶
func (act *HistoryAction) OwnerAccountID() uint64
func (*HistoryAction) RBACResourceName ¶
func (*HistoryAction) RBACResourceName() string
RBACResourceName returns the name of the resource for the RBAC
func (*HistoryAction) TableName ¶
func (*HistoryAction) TableName() string
TableName returns name of table.
type M2MAccountMemberRole ¶
type M2MAccountMemberRole struct {
MemberID uint64 `db:"member_id" gorm:"primaryKey"`
RoleID uint64 `db:"role_id" gorm:"primaryKey"`
CreatedAt time.Time `db:"created_at"`
}
M2MAccountMemberRole m2m link between members and roles|permissions
func (*M2MAccountMemberRole) TableName ¶
func (member *M2MAccountMemberRole) TableName() string
TableName of the model in the database
type M2MRole ¶
type M2MRole struct {
ParentRoleID uint64 `db:"parent_role_id" gorm:"primaryKey"`
ChildRoleID uint64 `db:"child_role_id" gorm:"primaryKey"`
CreatedAt time.Time `db:"created_at"`
}
M2MRole link parent and child role
type Option ¶
type Option struct {
Type OptionType `json:"type"`
TargetID uint64 `json:"target_id"`
Name string `json:"name"`
Value gosql.NullableJSON[any] `json:"value" gorm:"type:jsonb"`
CreatedAt time.Time `db:"created_at"`
UpdatedAt time.Time `db:"updated_at"`
DeletedAt gorm.DeletedAt `db:"deleted_at"`
}
func (*Option) CreatorUserID ¶
func (*Option) OwnerAccountID ¶
func (*Option) RBACResourceName ¶
RBACResourceName returns the name of the resource for the RBAC
type OptionType ¶
type OptionType string
const ( UndefinedOptionType OptionType = "undefined" UserOptionType OptionType = "user" AccountOptionType OptionType = "account" SystemOptionType OptionType = "system" )
type Order ¶
type Order int8
func OrderFromStr ¶
PrepareQuery returns the query with applied order
func (*Order) PrepareQuery ¶
PrepareQuery returns the query with applied order
type PermissionChecker ¶ added in v0.2.7
type PermissionChecker interface {
CheckPermissions(ctx context.Context, resource any, patterns ...string) bool
CheckedPermissions(ctx context.Context, resource any, patterns ...string) rbac.Permission
ChildRoles() []rbac.Role
ChildPermissions() []rbac.Permission
Permissions(patterns ...string) []rbac.Permission
HasPermission(patterns ...string) bool
}
type Role ¶
type Role struct {
ID uint64 `db:"id"`
Name string `db:"name"`
Title string `db:"title"`
Description string `db:"description"`
// Contains additional data for the role
Context gosql.NullableJSON[map[string]any] `db:"context"`
ChildRoles []*Role `db:"-" gorm:"many2many:m2m_rbac_role;ForeignKey:ID;joinForeignKey:parent_role_id;joinReferences:child_role_id;References:ID"`
PermissionPatterns gosql.NullableStringArray `db:"permissions" gorm:"column:permissions;type:text[]"`
AccessLevel int `db:"access_level"` // 0 - any, 1 - no anonymous, 2 - account, >=3 - system
CreatedAt time.Time `db:"created_at"`
UpdatedAt time.Time `db:"updated_at"`
DeletedAt gorm.DeletedAt `db:"deleted_at"`
}
Role base model
func (*Role) ContextItem ¶
ContextItem returns one value by name from context
func (*Role) ContextItemString ¶
ContextItemString returns one string value by name from context
func (*Role) ContextMap ¶
ContextMap returns the map from the context
func (*Role) RBACResourceName ¶
RBACResourceName returns the name of the resource for the RBAC
type User ¶
type User struct {
ID uint64 `json:"id" gorm:"primaryKey"`
Email string `json:"email"`
Password string `json:"password"`
Approve ApproveStatus `gorm:"column:approve_status" db:"approve_status" json:"approve_status"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
DeletedAt gorm.DeletedAt `json:"deleted_at"`
}
User direct defenition
func (*User) CreatorUserID ¶
CreatorUserID returns the user id
func (*User) IsAnonymous ¶
IsAnonymous user object nolint:unused // temporary
func (*User) RBACResourceName ¶
RBACResourceName returns the name of the resource for the RBAC
type UserPasswordReset ¶
type UserPasswordReset struct {
UserID uint64 `json:"user_id" gorm:"primaryKey"`
Token string `json:"token" gorm:"index:,unique" limit:"128"`
CreatedAt time.Time `json:"created_at"`
ExpiresAt time.Time `json:"expires_at"`
}
UserPasswordReset direct defenition
func (*UserPasswordReset) TableName ¶
func (u *UserPasswordReset) TableName() string
TableName returns the name in database
Source Files
Click to show internal directories.
Click to hide internal directories.