simple

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package simple provides a simple role-based authorization provider.

This provider uses role hierarchy and permission mappings to make authorization decisions. It has no external dependencies and is suitable for applications with straightforward RBAC requirements.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Option 

type Option func(*Provider)

Option configures an Provider.

func WithOwnerFullAccess 

func WithOwnerFullAccess(enabled bool) Option

WithOwnerFullAccess enables full access for resource owners.

func WithPermissions 

func WithPermissions(p authz.RolePermissions) Option

WithPermissions sets a custom permission mapping.

func WithPlatformAdminBypass 

func WithPlatformAdminBypass(enabled bool) Option

WithPlatformAdminBypass enables platform admin bypass for all checks.

func WithPlatformAdminChecker 

func WithPlatformAdminChecker(fn func(ctx context.Context, principalID uuid.UUID) (bool, error)) Option

WithPlatformAdminChecker sets the function to check platform admin status.

func WithRoleGetter 

func WithRoleGetter(fn func(ctx context.Context, principalID, orgID uuid.UUID) (string, error)) Option

WithRoleGetter sets the function to retrieve a principal's role in an organization.

func WithRoleHierarchy 

func WithRoleHierarchy(h authz.RoleHierarchy) Option

WithRoleHierarchy sets a custom role hierarchy.

type Provider 

type Provider struct {
	// contains filtered or unexported fields
}

Provider implements the Authorizer interface using role hierarchy and permissions.

func New 

func New(opts ...Option) *Provider

New creates a new simple Provider with the given options.

func (*Provider) Can 

func (a *Provider) Can(ctx context.Context, principal authz.Principal, action authz.Action, resource authz.Resource) (bool, error)

Can checks if a principal can perform an action on a resource.

func (*Provider) CanAll 

func (a *Provider) CanAll(ctx context.Context, principal authz.Principal, actions []authz.Action, resource authz.Resource) (bool, error)

CanAll checks if a principal can perform all specified actions on a resource.

func (*Provider) CanAny 

func (a *Provider) CanAny(ctx context.Context, principal authz.Principal, actions []authz.Action, resource authz.Resource) (bool, error)

CanAny checks if a principal can perform any of the specified actions on a resource.

func (*Provider) CanForOrg 

func (a *Provider) CanForOrg(ctx context.Context, principal authz.Principal, orgID uuid.UUID, action authz.Action, resource authz.Resource) (bool, error)

CanForOrg checks permission scoped to a specific organization.

func (*Provider) Decide 

func (a *Provider) Decide(ctx context.Context, principal authz.Principal, action authz.Action, resource authz.Resource) (authz.Decision, error)

Decide returns a detailed authorization decision.

func (*Provider) Filter 

func (a *Provider) Filter(ctx context.Context, principal authz.Principal, action authz.Action, resources []authz.Resource) ([]authz.Resource, error)

Filter returns only the resources the principal can access with the given action.

func (*Provider) GetRole 

func (a *Provider) GetRole(ctx context.Context, principal authz.Principal, orgID uuid.UUID) (string, error)

GetRole returns the principal's role in an organization.

func (*Provider) IsMember 

func (a *Provider) IsMember(ctx context.Context, principal authz.Principal, orgID uuid.UUID) (bool, error)

IsMember checks if a principal is a member of an organization.

func (*Provider) IsPlatformAdmin 

func (a *Provider) IsPlatformAdmin(ctx context.Context, principal authz.Principal) (bool, error)

IsPlatformAdmin checks if a principal has platform-wide admin access.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.