Versions in this module Expand all Collapse all v0 v0.2.0 Mar 8, 2026 Changes in this version + type RelationshipSyncer interface + AddOrgMembership func(ctx context.Context, principalID, orgID uuid.UUID, role string) error + RegisterOrganization func(ctx context.Context, orgID, ownerID uuid.UUID) error + RegisterPrincipal func(ctx context.Context, principalID uuid.UUID) error + RemoveOrgMembership func(ctx context.Context, principalID, orgID uuid.UUID, role string) error + SetPlatformAdmin func(ctx context.Context, principalID uuid.UUID, isAdmin bool) error + UnregisterOrganization func(ctx context.Context, orgID uuid.UUID) error + UnregisterPrincipal func(ctx context.Context, principalID uuid.UUID) error + UpdateOrgMembership func(ctx context.Context, principalID, orgID uuid.UUID, oldRole, newRole string) error + type SyncMode string + const SyncModeEventual + const SyncModeStrict v0.1.0 Feb 28, 2026 Changes in this version + var DefaultRoleHierarchy = RoleHierarchy + var DefaultRolePermissions = RolePermissions + var ErrInvalidResourceID = &middlewareError + var ErrMissingResourceID = &middlewareError + type Action string + const ActionCreate + const ActionDelete + const ActionList + const ActionManage + const ActionRead + const ActionUpdate + type Authorizer interface + Can func(ctx context.Context, principal Principal, action Action, resource Resource) (bool, error) + CanAll func(ctx context.Context, principal Principal, actions []Action, resource Resource) (bool, error) + CanAny func(ctx context.Context, principal Principal, actions []Action, resource Resource) (bool, error) + Filter func(ctx context.Context, principal Principal, action Action, resources []Resource) ([]Resource, error) + type Decision struct + Allowed bool + PolicyID string + Reason string + type DecisionAuthorizer interface + Decide func(ctx context.Context, principal Principal, action Action, resource Resource) (Decision, error) + type ErrorResponse struct + Error string + Message string + type FeatureAuthorizer interface + CanWithFeature func(ctx context.Context, principal Principal, action Action, resource Resource, ...) (bool, error) + type Middleware struct + func NewMiddleware(authorizer Authorizer) *Middleware + func (m *Middleware) RequireAction(resourceType ResourceType, action Action) func(http.Handler) http.Handler + func (m *Middleware) RequireAllActions(resourceType ResourceType, actions ...Action) func(http.Handler) http.Handler + func (m *Middleware) RequireAnyAction(resourceType ResourceType, actions ...Action) func(http.Handler) http.Handler + func (m *Middleware) RequireResourceAction(extractor ResourceExtractor, action Action) func(http.Handler) http.Handler + type OrgAuthorizer interface + CanForOrg func(ctx context.Context, principal Principal, orgID uuid.UUID, action Action, ...) (bool, error) + GetRole func(ctx context.Context, principal Principal, orgID uuid.UUID) (string, error) + IsMember func(ctx context.Context, principal Principal, orgID uuid.UUID) (bool, error) + type OrgMiddleware struct + func NewOrgMiddleware(authorizer OrgAuthorizer) *OrgMiddleware + func (m *OrgMiddleware) RequireMembership() func(http.Handler) http.Handler + func (m *OrgMiddleware) RequireRole(role string, hierarchy RoleHierarchy) func(http.Handler) http.Handler + type PlatformAuthorizer interface + IsPlatformAdmin func(ctx context.Context, principal Principal) (bool, error) + type PlatformMiddleware struct + func NewPlatformMiddleware(authorizer PlatformAuthorizer) *PlatformMiddleware + func (m *PlatformMiddleware) RequirePlatformAdmin() func(http.Handler) http.Handler + type Principal struct + Attributes map[string]any + ID uuid.UUID + Type PrincipalType + func NewServicePrincipal(serviceID uuid.UUID) Principal + func NewUserPrincipal(userID uuid.UUID) Principal + func NewUserPrincipalWithAttrs(userID uuid.UUID, attrs map[string]any) Principal + func (p Principal) WithAttr(key string, value any) Principal + type PrincipalType string + const PrincipalTypeAPIKey + const PrincipalTypeService + const PrincipalTypeSystem + const PrincipalTypeUser + type Resource struct + Attributes map[string]any + ID *uuid.UUID + OrgID *uuid.UUID + OwnerID *uuid.UUID + Type ResourceType + func NewOrgResource(resourceType ResourceType, orgID uuid.UUID) Resource + func NewOwnedResource(resourceType ResourceType, id, ownerID uuid.UUID) Resource + func NewResource(resourceType ResourceType) Resource + func NewResourceWithID(resourceType ResourceType, id uuid.UUID) Resource + func (r Resource) IsOwner(principalID uuid.UUID) bool + func (r Resource) WithAttr(key string, value any) Resource + func (r Resource) WithOrg(orgID uuid.UUID) Resource + func (r Resource) WithOwner(ownerID uuid.UUID) Resource + type ResourceExtractor func(r *http.Request) (Resource, error) + func WithResourceID(resourceType ResourceType, pathParamName string, ...) ResourceExtractor + type ResourceType string + const ResourceTypeMember + const ResourceTypeOrganization + const ResourceTypeUser + type RoleHierarchy map[string]int + func (h RoleHierarchy) CanAccess(userRole, requiredRole string) bool + func (h RoleHierarchy) IsHigherOrEqual(role1, role2 string) bool + func (h RoleHierarchy) Level(role string) int + type RolePermissions map[string][]string + func (rp RolePermissions) GetPermissions(role string) []string + func (rp RolePermissions) HasAllPermissions(role string, permissions []string) bool + func (rp RolePermissions) HasAnyPermission(role string, permissions []string) bool + func (rp RolePermissions) HasPermission(role, permission string) bool
Go to main page