Documentation
¶
Index ¶
- Constants
- Variables
- func Destroy(db couchdb.Database, slug string) error
- type Claims
- type Permission
- func (p *Permission) DocType() string
- func (p *Permission) ID() string
- func (p *Permission) Included() []jsonapi.Object
- func (p *Permission) Links() *jsonapi.LinksList
- func (p *Permission) Relationships() jsonapi.RelationshipMap
- func (p *Permission) Rev() string
- func (p *Permission) SetID(id string)
- func (p *Permission) SetRev(rev string)
- type Rule
- type Set
- func (s Set) Allow(v Verb, o Validable) bool
- func (s Set) AllowID(v Verb, doctype, id string) bool
- func (s Set) AllowWholeType(v Verb, doctype string) bool
- func (ps Set) MarshalJSON() ([]byte, error)
- func (ps Set) MarshalScopeString() (string, error)
- func (ps Set) Some(predicate func(Rule) bool) bool
- func (ps *Set) UnmarshalJSON(j []byte) error
- type Validable
- type Verb
- type VerbSet
Constants ¶
const ( // AppAudience is the audience for JWT used by client-side apps AppAudience = "app" // RegistrationTokenAudience is the audience field of JWT for registration tokens RegistrationTokenAudience = "registration" // AccessTokenAudience is the audience field of JWT for access tokens AccessTokenAudience = "access" // RefreshTokenAudience is the audience field of JWT for refresh tokens RefreshTokenAudience = "refresh" )
#nosec
const ( GET = Verb("GET") POST = Verb("POST") PUT = Verb("PUT") PATCH = Verb("PATCH") DELETE = Verb("DELETE") )
All possible Verbs, a subset of http methods
Variables ¶
var ( // ErrInvalidToken is used when the token is invalid (the signature is not // correct, the domain is not the good one, etc.) ErrInvalidToken = echo.NewHTTPError(http.StatusBadRequest, "Invalid JWT token") // ErrInvalidAudience is used when the audience is not expected ErrInvalidAudience = echo.NewHTTPError(http.StatusBadRequest, "Invalid audience for JWT token") )
ALL : the default VerbSet allows all Verbs
var Index = mango.IndexOnFields("application_id")
Index is the necessary index for this package used in instance creation
Functions ¶
Types ¶
type Claims ¶
type Claims struct {
jwt.StandardClaims
Scope string `json:"scope,omitempty"`
}
Claims is used for JWT used in OAuth2 flow and applications token
type Permission ¶
type Permission struct {
PID string `json:"_id,omitempty"`
PRev string `json:"_rev,omitempty"`
ApplicationID string `json:"application_id"`
Permissions Set `json:"permissions,omitempty"`
ExpiresAt int `json:"expires_at,omitempty"`
Codes map[string]string `json:"codes,omitempty"`
}
Permission is a storable object containing a set of rules and several codes
func GetForApp ¶
func GetForApp(db couchdb.Database, slug string) (*Permission, error)
GetForApp retrieves the Permission doc for a given app
func (*Permission) Included ¶
func (p *Permission) Included() []jsonapi.Object
Included implements jsonapi.Doc
func (*Permission) Links ¶
func (p *Permission) Links() *jsonapi.LinksList
Links implements jsonapi.Doc
func (*Permission) Relationships ¶
func (p *Permission) Relationships() jsonapi.RelationshipMap
Relationships implements jsonapi.Doc
type Rule ¶
type Rule struct {
// Type is the JSON-API type or couchdb Doctype
Type string `json:"type"`
// Title is a human readable (i18n key) header for this rule
Title string `json:"-"`
// Description is a human readable (i18n key) purpose of this rule
Description string `json:"description,omitempty"`
// Verbs is a subset of http methods.
Verbs VerbSet `json:"verbs,omitempty"`
// Selector is the field which must be one of Values.
Selector string `json:"selector,omitempty"`
Values []string `json:"values,omitempty"`
}
Rule represent a single permissions rule, ie a Verb and a type
func UnmarshalRuleString ¶
UnmarshalRuleString parse a scope formated rule
func (Rule) MarshalScopeString ¶
MarshalScopeString transform a Rule into a string of the shape io.cozy.files:GET:io.cozy.files.music-dir
func (Rule) ValuesContain ¶
ValuesContain returns true if the value is in r.Values
type Set ¶
type Set []Rule
Set is a Set of rule
func UnmarshalScopeString ¶
UnmarshalScopeString parse a Scope string into a permission Set
func (Set) AllowWholeType ¶
AllowWholeType returns true if the set allows to apply verb to every document from the given doctypes (ie. r.values == 0)
func (Set) MarshalJSON ¶
MarshalJSON implements json.Marshaller on Set see docs/permission for structure
func (Set) MarshalScopeString ¶
MarshalScopeString transforms a Set into a string for Oauth Scope (a space separated concatenation of its rules)
func (*Set) UnmarshalJSON ¶
UnmarshalJSON parses a json formated permission set
type VerbSet ¶
type VerbSet map[Verb]struct{}
VerbSet is a Set of Verbs
func (VerbSet) MarshalJSON ¶
MarshalJSON implements json.Marshaller on VerbSet the VerbSet is converted to a json array
func (*VerbSet) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaller on VerbSet it expects a json array