azchecker

package

v1.3.4 Latest Latest Go to latest Published: Jun 10, 2026 License: GPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/interline-io/transitland-lib

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Action
type Checker
- func NewChecker(userClient UserProvider, fgaClient FGAProvider, db sqlx.Ext) (*Checker, error)
type EntityKey
type FGAProvider
type MockFGAClient
- func NewMockFGAClient() *MockFGAClient
type MockUserProvider
- func NewMockUserProvider() *MockUserProvider
type ObjectType
type Relation
type TupleKey
- func EKLookup(dbx sqlx.Ext, tk TupleKey) (TupleKey, bool, error)
type UserProvider

Constants ¶

This section is empty.

Variables ¶

View Source

var AdminRelation = authz.AdminRelation

View Source

var CanCreateFeed = authz.CanCreateFeed

View Source

var CanCreateFeedVersion = authz.CanCreateFeedVersion

View Source

var CanCreateOrg = authz.CanCreateOrg

View Source

var CanDeleteFeed = authz.CanDeleteFeed

View Source

var CanDeleteFeedVersion = authz.CanDeleteFeedVersion

View Source

var CanDeleteOrg = authz.CanDeleteOrg

View Source

var CanEdit = authz.CanEdit

View Source

var CanEditMembers = authz.CanEditMembers

View Source

var CanSetGroup = authz.CanSetGroup

View Source

var CanSetTenant = authz.CanSetTenant

View Source

var CanView = authz.CanView

View Source

var EditorRelation = authz.EditorRelation

View Source

var ErrUnauthorized = authz.ErrUnauthorized

View Source

var FeedType = authz.FeedType

View Source

var FeedVersionType = authz.FeedVersionType

View Source

var GroupType = authz.GroupType

View Source

var ManagerRelation = authz.ManagerRelation

View Source

var MemberRelation = authz.MemberRelation

View Source

var ParentRelation = authz.ParentRelation

View Source

var TenantType = authz.TenantType

View Source

var UserType = authz.UserType

View Source

var ViewerRelation = authz.ViewerRelation

Functions ¶

This section is empty.

Types ¶

type Action ¶

type Action = authz.Action

type Checker ¶

type Checker struct {
	// contains filtered or unexported fields
}

func NewChecker ¶

func NewChecker(userClient UserProvider, fgaClient FGAProvider, db sqlx.Ext) (*Checker, error)

NewChecker constructs an FGA-backed Checker. All arguments are required; nil returns an error.

func (*Checker) AddGlobalAdmin ¶ added in v1.3.4

func (c *Checker) AddGlobalAdmin(userID string)

AddGlobalAdmin grants an authn user ID unconditional admin status, in addition to anyone carrying the "admin" role. Empty userID is a no-op.

func (*Checker) AddPermission ¶ added in v1.3.3

func (c *Checker) AddPermission(ctx context.Context, obj authz.ObjectRef, subject EntityKey, relation Relation) error

func (*Checker) Check ¶ added in v1.3.3

func (c *Checker) Check(ctx context.Context, obj authz.ObjectRef, action Action) (bool, error)

func (*Checker) GetFeedVersions ¶ added in v1.3.4

func (c *Checker) GetFeedVersions(ctx context.Context, ids []int64) ([]*authz.FeedVersion, error)

func (*Checker) GetFeeds ¶ added in v1.3.4

func (c *Checker) GetFeeds(ctx context.Context, ids []int64) ([]*authz.Feed, error)

func (*Checker) GetGroups ¶ added in v1.3.4

func (c *Checker) GetGroups(ctx context.Context, ids []int64) ([]*authz.Group, error)

func (*Checker) GetTenants ¶ added in v1.3.4

func (c *Checker) GetTenants(ctx context.Context, ids []int64) ([]*authz.Tenant, error)

func (*Checker) GroupSave ¶

func (c *Checker) GroupSave(ctx context.Context, req *authz.GroupSaveRequest) (*authz.GroupSaveResponse, error)

func (*Checker) IsGlobalAdmin ¶ added in v1.3.3

func (c *Checker) IsGlobalAdmin(ctx context.Context) (bool, error)

func (*Checker) ListObjects ¶ added in v1.3.3

func (c *Checker) ListObjects(ctx context.Context, objType ObjectType) ([]authz.ObjectRef, error)

func (*Checker) Me ¶

func (c *Checker) Me(ctx context.Context) (*authz.UserInfo, error)

func (*Checker) ObjectPermissions ¶ added in v1.3.3

func (c *Checker) ObjectPermissions(ctx context.Context, obj authz.ObjectRef) (*authz.ObjectPermissions, error)

func (*Checker) RemovePermission ¶ added in v1.3.3

func (c *Checker) RemovePermission(ctx context.Context, obj authz.ObjectRef, subject EntityKey, relation Relation) error

func (*Checker) SetParent ¶ added in v1.3.3

func (c *Checker) SetParent(ctx context.Context, child authz.ObjectRef, parent authz.ObjectRef) error

func (*Checker) TenantCreateGroup ¶

func (c *Checker) TenantCreateGroup(ctx context.Context, req *authz.TenantCreateGroupRequest) (*authz.GroupSaveResponse, error)

func (*Checker) TenantSave ¶

func (c *Checker) TenantSave(ctx context.Context, req *authz.TenantSaveRequest) (*authz.TenantSaveResponse, error)

func (*Checker) User ¶

func (c *Checker) User(ctx context.Context, req *authz.UserRequest) (*authz.UserResponse, error)

func (*Checker) UserList ¶

func (c *Checker) UserList(ctx context.Context, req *authz.UserListRequest) (*authz.UserListResponse, error)

type EntityKey ¶

type EntityKey = authz.EntityKey

type FGAProvider ¶

type FGAProvider interface {
	Check(context.Context, TupleKey, ...TupleKey) (bool, error)
	ListObjects(context.Context, TupleKey) ([]TupleKey, error)
	GetObjectTuples(context.Context, TupleKey) ([]TupleKey, error)
	WriteTuple(context.Context, TupleKey) error
	SetExclusiveSubjectRelation(context.Context, TupleKey, ...Relation) error
	SetExclusiveRelation(context.Context, TupleKey) error
	DeleteTuple(context.Context, TupleKey) error
}

type MockFGAClient ¶

type MockFGAClient struct{}

func NewMockFGAClient ¶

func NewMockFGAClient() *MockFGAClient

func (*MockFGAClient) Check ¶

func (c *MockFGAClient) Check(context.Context, TupleKey, ...TupleKey) (bool, error)

func (*MockFGAClient) DeleteTuple ¶

func (c *MockFGAClient) DeleteTuple(context.Context, TupleKey) error

func (*MockFGAClient) GetObjectTuples ¶

func (c *MockFGAClient) GetObjectTuples(context.Context, TupleKey) ([]TupleKey, error)

func (*MockFGAClient) ListObjects ¶

func (c *MockFGAClient) ListObjects(context.Context, TupleKey) ([]TupleKey, error)

func (*MockFGAClient) SetExclusiveRelation ¶

func (c *MockFGAClient) SetExclusiveRelation(context.Context, TupleKey) error

func (*MockFGAClient) SetExclusiveSubjectRelation ¶

func (c *MockFGAClient) SetExclusiveSubjectRelation(context.Context, TupleKey, ...Relation) error

func (*MockFGAClient) WriteTuple ¶

func (c *MockFGAClient) WriteTuple(context.Context, TupleKey) error

type MockUserProvider ¶

type MockUserProvider struct {
	// contains filtered or unexported fields
}

func NewMockUserProvider ¶

func NewMockUserProvider() *MockUserProvider

func (*MockUserProvider) AddUser ¶

func (c *MockUserProvider) AddUser(key string, u authn.User)

func (*MockUserProvider) UserByID ¶

func (c *MockUserProvider) UserByID(ctx context.Context, id string) (authn.User, error)

func (*MockUserProvider) Users ¶

func (c *MockUserProvider) Users(ctx context.Context, userQuery string) ([]authn.User, error)

type ObjectType ¶

type ObjectType = authz.ObjectType

type Relation ¶

type Relation = authz.Relation

type TupleKey ¶

type TupleKey = authz.TupleKey

func EKLookup ¶ added in v1.3.3

func EKLookup(dbx sqlx.Ext, tk TupleKey) (TupleKey, bool, error)

EKLookup resolves symbolic entity names in a TupleKey to database IDs. For example, a FeedType entity with name "CT" is looked up in current_feeds and replaced with its integer ID. Returns the resolved tuple, whether both sides were found, and any error.

type UserProvider ¶

type UserProvider interface {
	Users(context.Context, string) ([]authn.User, error)
	UserByID(context.Context, string) (authn.User, error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL