Documentation
¶
Index ¶
- Constants
- Variables
- func CS3ResourcePermissionsToLibregraphActions(p *provider.ResourcePermissions) []string
- func CS3ResourcePermissionsToRole(roleSet []*libregraph.UnifiedRoleDefinition, p *provider.ResourcePermissions, ...) *libregraph.UnifiedRoleDefinition
- func GetAllowedResourceActions(role *libregraph.UnifiedRoleDefinition, condition string) []string
- func GetLegacyRoleName(role libregraph.UnifiedRoleDefinition) string
- func GetRole(f RoleFilter) (*libregraph.UnifiedRoleDefinition, error)
- func GetRoles(f RoleFilter) []*libregraph.UnifiedRoleDefinition
- func GetRolesByPermissions(roleSet []*libregraph.UnifiedRoleDefinition, actions []string, ...) []*libregraph.UnifiedRoleDefinition
- func PermissionsToCS3ResourcePermissions(unifiedRolePermissions []*libregraph.UnifiedRolePermission) *provider.ResourcePermissions
- type RoleFilter
Constants ¶
View Source
const ( // UnifiedRoleViewerID Unified role viewer id. UnifiedRoleViewerID = "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5" // UnifiedRoleViewerListGrantsID Unified role viewer id. UnifiedRoleViewerListGrantsID = "d5041006-ebb3-4b4a-b6a4-7c180ecfb17d" // UnifiedRoleSpaceViewerID Unified role space viewer id. UnifiedRoleSpaceViewerID = "a8d5fe5e-96e3-418d-825b-534dbdf22b99" // UnifiedRoleEditorID Unified role editor id. UnifiedRoleEditorID = "fb6c3e19-e378-47e5-b277-9732f9de6e21" // UnifiedRoleEditorListGrantsID Unified role editor id. UnifiedRoleEditorListGrantsID = "e8ea8b21-abd4-45d2-b893-8d1546378e9e" // UnifiedRoleSpaceEditorID Unified role space editor id. UnifiedRoleSpaceEditorID = "58c63c02-1d89-4572-916a-870abc5a1b7d" // UnifiedRoleSpaceEditorWithoutVersionsID Unified role space editor without list/restore versions id. UnifiedRoleSpaceEditorWithoutVersionsID = "3284f2d5-0070-4ad8-ac40-c247f7c1fb27" // UnifiedRoleFileEditorID Unified role file editor id. UnifiedRoleFileEditorID = "2d00ce52-1fc2-4dbc-8b95-a73b73395f5a" // UnifiedRoleFileEditorListGrantsID Unified role file editor id. UnifiedRoleFileEditorListGrantsID = "c1235aea-d106-42db-8458-7d5610fb0a67" // UnifiedRoleEditorLiteID Unified role editor-lite id. UnifiedRoleEditorLiteID = "1c996275-f1c9-4e71-abdf-a42f6495e960" // UnifiedRoleManagerID Unified role manager id. UnifiedRoleManagerID = "312c0871-5ef7-4b3a-85b6-0e4074c64049" // UnifiedRoleSecureViewerID Unified role secure viewer id. UnifiedRoleSecureViewerID = "aa97fe03-7980-45ac-9e50-b325749fd7e6" // UnifiedRoleDeniedID Unified role to deny all access. UnifiedRoleDeniedID = "63e64e19-8d43-42ec-a738-2b6af2610efa" // UnifiedRoleConditionDrive defines constraint that matches a Driveroot/Spaceroot UnifiedRoleConditionDrive = "exists @Resource.Root" // UnifiedRoleConditionFolder defines constraints that matches a DriveItem representing a Folder UnifiedRoleConditionFolder = "exists @Resource.Folder" // UnifiedRoleConditionFile defines a constraint that matches a DriveItem representing a File UnifiedRoleConditionFile = "exists @Resource.File" // UnifiedRoleConditionFederatedUser defines a constraint that matches a federated user UnifiedRoleConditionFederatedUser = "@Subject.UserType==\"Federated\"" // For federated sharing we need roles that combine the constraints for the resource and the user. // UnifiedRoleConditionFileFederatedUser defines a constraint that matches a File and a federated user UnifiedRoleConditionFileFederatedUser = UnifiedRoleConditionFile + " && " + UnifiedRoleConditionFederatedUser // UnifiedRoleConditionFolderFederatedUser defines a constraint that matches a Folder and a federated user UnifiedRoleConditionFolderFederatedUser = UnifiedRoleConditionFolder + " && " + UnifiedRoleConditionFederatedUser DriveItemPermissionsCreate = "libre.graph/driveItem/permissions/create" DriveItemChildrenCreate = "libre.graph/driveItem/children/create" DriveItemStandardDelete = "libre.graph/driveItem/standard/delete" DriveItemPathRead = "libre.graph/driveItem/path/read" DriveItemQuotaRead = "libre.graph/driveItem/quota/read" DriveItemContentRead = "libre.graph/driveItem/content/read" DriveItemUploadCreate = "libre.graph/driveItem/upload/create" DriveItemPermissionsRead = "libre.graph/driveItem/permissions/read" DriveItemChildrenRead = "libre.graph/driveItem/children/read" DriveItemVersionsRead = "libre.graph/driveItem/versions/read" DriveItemDeletedRead = "libre.graph/driveItem/deleted/read" DriveItemPathUpdate = "libre.graph/driveItem/path/update" DriveItemPermissionsDelete = "libre.graph/driveItem/permissions/delete" DriveItemDeletedDelete = "libre.graph/driveItem/deleted/delete" DriveItemVersionsUpdate = "libre.graph/driveItem/versions/update" DriveItemDeletedUpdate = "libre.graph/driveItem/deleted/update" DriveItemBasicRead = "libre.graph/driveItem/basic/read" DriveItemPermissionsUpdate = "libre.graph/driveItem/permissions/update" DriveItemPermissionsDeny = "libre.graph/driveItem/permissions/deny" )
Variables ¶
View Source
var ( // ErrUnknownRole is returned when an unknown unified role is requested. ErrUnknownRole = errors.New("unknown role, check if the role is enabled") )
Functions ¶
func CS3ResourcePermissionsToLibregraphActions ¶
func CS3ResourcePermissionsToLibregraphActions(p *provider.ResourcePermissions) []string
CS3ResourcePermissionsToLibregraphActions converts the provided cs3 ResourcePermissions to a list of libregraph actions
func CS3ResourcePermissionsToRole ¶
func CS3ResourcePermissionsToRole(roleSet []*libregraph.UnifiedRoleDefinition, p *provider.ResourcePermissions, constraints string, listFederatedRoles bool) *libregraph.UnifiedRoleDefinition
CS3ResourcePermissionsToRole converts the provided cs3 ResourcePermissions to a libregraph UnifiedRoleDefinition
func GetAllowedResourceActions ¶
func GetAllowedResourceActions(role *libregraph.UnifiedRoleDefinition, condition string) []string
GetAllowedResourceActions returns the allowed resource actions for the provided role by condition
func GetLegacyRoleName ¶
func GetLegacyRoleName(role libregraph.UnifiedRoleDefinition) string
GetLegacyRoleName returns the legacy role name for the provided role
func GetRole ¶
func GetRole(f RoleFilter) (*libregraph.UnifiedRoleDefinition, error)
GetRole returns a role filter that matches the provided resources
func GetRoles ¶
func GetRoles(f RoleFilter) []*libregraph.UnifiedRoleDefinition
GetRoles returns a role filter that matches the provided resources
func GetRolesByPermissions ¶
func GetRolesByPermissions(roleSet []*libregraph.UnifiedRoleDefinition, actions []string, constraints string, listFederatedRoles, descending bool) []*libregraph.UnifiedRoleDefinition
GetRolesByPermissions returns a list of role definitions that match the provided actions and constraints
func PermissionsToCS3ResourcePermissions ¶
func PermissionsToCS3ResourcePermissions(unifiedRolePermissions []*libregraph.UnifiedRolePermission) *provider.ResourcePermissions
PermissionsToCS3ResourcePermissions converts the provided libregraph UnifiedRolePermissions to a cs3 ResourcePermissions
Types ¶
type RoleFilter ¶
type RoleFilter func(*libregraph.UnifiedRoleDefinition) bool
RoleFilter is used to filter role collections
func RoleFilterAll ¶
func RoleFilterAll() RoleFilter
RoleFilterAll returns a role filter that matches all roles
func RoleFilterIDs ¶
func RoleFilterIDs(ids ...string) RoleFilter
RoleFilterIDs returns a role filter that matches the provided ids the filter is always OR!
func RoleFilterInvert ¶
func RoleFilterInvert(f RoleFilter) RoleFilter
RoleFilterInvert inverts the provided role filter
Source Files
Click to show internal directories.
Click to hide internal directories.