permissionset

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 7, 2026 License: GPL-3.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrPermissionSetNotFound   = fmt.Errorf("%w: permission set not found", shared.ErrNotFound)
	ErrPermissionSetSlugExists = fmt.Errorf("%w: permission set slug already exists", shared.ErrAlreadyExists)
	ErrSystemSetImmutable      = fmt.Errorf("%w: system permission sets cannot be modified", shared.ErrForbidden)
	ErrParentNotFound          = fmt.Errorf("%w: parent permission set not found", shared.ErrNotFound)
	ErrCircularInheritance     = fmt.Errorf("%w: circular inheritance detected", shared.ErrValidation)
	ErrInvalidPermission       = fmt.Errorf("%w: invalid permission ID", shared.ErrValidation)
	ErrPermissionAlreadyInSet  = fmt.Errorf("%w: permission already in set", shared.ErrAlreadyExists)
	ErrPermissionNotInSet      = fmt.Errorf("%w: permission not in set", shared.ErrNotFound)
	ErrVersionConflict         = fmt.Errorf("%w: version conflict", shared.ErrConflict)
	ErrInactivePermissionSet   = fmt.Errorf("%w: permission set is inactive", shared.ErrValidation)
	ErrCannotDeleteSystemSet   = fmt.Errorf("%w: cannot delete system permission set", shared.ErrForbidden)
	ErrPermissionSetInUse      = fmt.Errorf("%w: permission set is in use by groups", shared.ErrConflict)
)

Domain errors for permission sets.

Functions

func IsPermissionSetInUse 

func IsPermissionSetInUse(err error) bool

IsPermissionSetInUse checks if the error is a permission set in use error.

func IsPermissionSetNotFound 

func IsPermissionSetNotFound(err error) bool

IsPermissionSetNotFound checks if the error is a not found error.

func IsPermissionSetSlugExists 

func IsPermissionSetSlugExists(err error) bool

IsPermissionSetSlugExists checks if the error is a slug exists error.

func IsSystemSetImmutable 

func IsSystemSetImmutable(err error) bool

IsSystemSetImmutable checks if the error is a system set immutable error.

Types

type Item 

type Item struct {
	// contains filtered or unexported fields
}

Item represents a permission included in a permission set.

func NewItem 

func NewItem(permissionSetID shared.ID, permissionID string, modType ModificationType) (*Item, error)

NewItem creates a new permission set item.

func ReconstituteItem 

func ReconstituteItem(permissionSetID shared.ID, permissionID string, modType ModificationType) *Item

ReconstituteItem recreates an Item from persistence.

func (*Item) IsAdd 

func (i *Item) IsAdd() bool

IsAdd checks if this is an add modification.

func (*Item) IsRemove 

func (i *Item) IsRemove() bool

IsRemove checks if this is a remove modification.

func (*Item) ModificationType 

func (i *Item) ModificationType() ModificationType

ModificationType returns the modification type.

func (*Item) PermissionID 

func (i *Item) PermissionID() string

PermissionID returns the permission ID.

func (*Item) PermissionSetID 

func (i *Item) PermissionSetID() shared.ID

PermissionSetID returns the permission set ID.

type ListFilter 

type ListFilter struct {
	// Tenant filter
	TenantID      *shared.ID // nil = system only, non-nil = tenant + system
	IncludeSystem bool       // Include system templates when filtering by tenant

	// Type filters
	SetTypes []SetType

	// Search
	Search string // Search in name, slug, description

	// Status filter
	IsActive *bool

	// Parent filter
	ParentSetID *shared.ID

	// Pagination
	Limit  int
	Offset int

	// Sorting
	OrderBy   string // "name", "created_at", "updated_at"
	OrderDesc bool
}

ListFilter contains filter options for listing permission sets.

func DefaultListFilter 

func DefaultListFilter() ListFilter

DefaultListFilter returns a default filter.

func SystemOnlyFilter 

func SystemOnlyFilter() ListFilter

SystemOnlyFilter returns a filter for system permission sets only.

type ModificationType 

type ModificationType string

ModificationType represents the type of permission modification. 

const (
	// ModificationAdd adds a permission.
	ModificationAdd ModificationType = "add"
	// ModificationRemove removes a permission.
	ModificationRemove ModificationType = "remove"
)

func AllModificationTypes 

func AllModificationTypes() []ModificationType

AllModificationTypes returns all valid modification types.

func (ModificationType) IsValid 

func (m ModificationType) IsValid() bool

IsValid checks if the modification type is valid.

func (ModificationType) String 

func (m ModificationType) String() string

String returns the string representation.

type PermissionSet 

type PermissionSet struct {
	// contains filtered or unexported fields
}

PermissionSet represents a reusable bundle of permissions.

func NewClonedPermissionSet 

func NewClonedPermissionSet(tenantID shared.ID, name, slug, description string, parentSetID shared.ID, sourceVersion int) (*PermissionSet, error)

NewClonedPermissionSet creates a permission set cloned from a parent.

func NewExtendedPermissionSet 

func NewExtendedPermissionSet(tenantID shared.ID, name, slug, description string, parentSetID shared.ID) (*PermissionSet, error)

NewExtendedPermissionSet creates a permission set that extends a parent.

func NewPermissionSet 

func NewPermissionSet(tenantID shared.ID, name, slug, description string) (*PermissionSet, error)

NewPermissionSet creates a new custom permission set.

func Reconstitute 

func Reconstitute(
	id shared.ID,
	tenantID *shared.ID,
	name, slug, description string,
	setType SetType,
	parentSetID *shared.ID,
	clonedFromVersion *int,
	isActive bool,
	createdAt, updatedAt time.Time,
) *PermissionSet

Reconstitute recreates a PermissionSet from persistence.

func (*PermissionSet) Activate 

func (ps *PermissionSet) Activate()

Activate activates the permission set.

func (*PermissionSet) CanModify 

func (ps *PermissionSet) CanModify() bool

CanModify checks if this permission set can be modified. System templates cannot be modified by tenants.

func (*PermissionSet) ClonedFromVersion 

func (ps *PermissionSet) ClonedFromVersion() *int

ClonedFromVersion returns the version this set was cloned from.

func (*PermissionSet) CreatedAt 

func (ps *PermissionSet) CreatedAt() time.Time

CreatedAt returns the creation timestamp.

func (*PermissionSet) Deactivate 

func (ps *PermissionSet) Deactivate()

Deactivate deactivates the permission set.

func (*PermissionSet) Description 

func (ps *PermissionSet) Description() string

Description returns the permission set description.

func (*PermissionSet) HasParent 

func (ps *PermissionSet) HasParent() bool

HasParent checks if this set has a parent.

func (*PermissionSet) ID 

func (ps *PermissionSet) ID() shared.ID

ID returns the permission set ID.

func (*PermissionSet) IsActive 

func (ps *PermissionSet) IsActive() bool

IsActive returns whether the permission set is active.

func (*PermissionSet) IsCloned 

func (ps *PermissionSet) IsCloned() bool

IsCloned checks if this is a cloned set.

func (*PermissionSet) IsCustom 

func (ps *PermissionSet) IsCustom() bool

IsCustom checks if this is a custom set.

func (*PermissionSet) IsExtended 

func (ps *PermissionSet) IsExtended() bool

IsExtended checks if this is an extended set.

func (*PermissionSet) IsSystem 

func (ps *PermissionSet) IsSystem() bool

IsSystem checks if this is a system template.

func (*PermissionSet) Name 

func (ps *PermissionSet) Name() string

Name returns the permission set name.

func (*PermissionSet) ParentSetID 

func (ps *PermissionSet) ParentSetID() *shared.ID

ParentSetID returns the parent permission set ID (if any).

func (*PermissionSet) SetType 

func (ps *PermissionSet) SetType() SetType

SetType returns the type of permission set.

func (*PermissionSet) Slug 

func (ps *PermissionSet) Slug() string

Slug returns the permission set slug.

func (*PermissionSet) TenantID 

func (ps *PermissionSet) TenantID() *shared.ID

TenantID returns the tenant ID (nil for system templates).

func (*PermissionSet) UpdateDescription 

func (ps *PermissionSet) UpdateDescription(description string)

UpdateDescription updates the permission set description.

func (*PermissionSet) UpdateName 

func (ps *PermissionSet) UpdateName(name string) error

UpdateName updates the permission set name.

func (*PermissionSet) UpdatedAt 

func (ps *PermissionSet) UpdatedAt() time.Time

UpdatedAt returns the last update timestamp.

type PermissionSetWithItems 

type PermissionSetWithItems struct {
	PermissionSet *PermissionSet
	Items         []*Item
}

PermissionSetWithItems represents a permission set with its items.

func (*PermissionSetWithItems) EffectivePermissions 

func (ps *PermissionSetWithItems) EffectivePermissions() []permission.Permission

EffectivePermissions returns the effective permissions for this set. For custom/system sets: returns all added permissions. For extended sets: caller must resolve with parent permissions.

type Repository 

type Repository interface {
	// Permission Set CRUD
	Create(ctx context.Context, ps *PermissionSet) error
	GetByID(ctx context.Context, id shared.ID) (*PermissionSet, error)
	// GetByTenantAndID retrieves a permission set by tenant and ID.
	GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*PermissionSet, error)
	GetBySlug(ctx context.Context, tenantID *shared.ID, slug string) (*PermissionSet, error)
	Update(ctx context.Context, ps *PermissionSet) error
	Delete(ctx context.Context, id shared.ID) error

	// Permission Set queries
	List(ctx context.Context, filter ListFilter) ([]*PermissionSet, error)
	Count(ctx context.Context, filter ListFilter) (int64, error)
	ExistsBySlug(ctx context.Context, tenantID *shared.ID, slug string) (bool, error)
	ListByIDs(ctx context.Context, ids []shared.ID) ([]*PermissionSet, error)
	ListSystemSets(ctx context.Context) ([]*PermissionSet, error)
	ListByTenant(ctx context.Context, tenantID shared.ID, includeSystem bool) ([]*PermissionSet, error)

	// Permission Set Items
	AddItem(ctx context.Context, item *Item) error
	RemoveItem(ctx context.Context, permissionSetID shared.ID, permissionID string) error
	ListItems(ctx context.Context, permissionSetID shared.ID) ([]*Item, error)
	GetWithItems(ctx context.Context, id shared.ID) (*PermissionSetWithItems, error)
	BatchAddItems(ctx context.Context, items []*Item) error
	ReplaceItems(ctx context.Context, permissionSetID shared.ID, items []*Item) error

	// Version tracking
	CreateVersion(ctx context.Context, version *Version) error
	GetLatestVersion(ctx context.Context, permissionSetID shared.ID) (*Version, error)
	ListVersions(ctx context.Context, permissionSetID shared.ID) ([]*Version, error)

	// Inheritance queries
	GetParent(ctx context.Context, permissionSetID shared.ID) (*PermissionSet, error)
	ListChildren(ctx context.Context, parentSetID shared.ID) ([]*PermissionSet, error)
	GetInheritanceChain(ctx context.Context, permissionSetID shared.ID) ([]*PermissionSet, error)

	// Usage queries (for deletion checks)
	CountGroupsUsing(ctx context.Context, permissionSetID shared.ID) (int64, error)
	ListGroupIDsUsing(ctx context.Context, permissionSetID shared.ID) ([]shared.ID, error)
}

Repository defines the interface for permission set persistence.

type SetType 

type SetType string

SetType represents the type of a permission set. 

const (
	// SetTypeSystem represents platform-wide templates (tenant_id = NULL).
	SetTypeSystem SetType = "system"
	// SetTypeExtended inherits from parent, auto-syncs new permissions.
	SetTypeExtended SetType = "extended"
	// SetTypeCloned is an independent copy, manual updates.
	SetTypeCloned SetType = "cloned"
	// SetTypeCustom is built from scratch by tenant.
	SetTypeCustom SetType = "custom"
)

func AllSetTypes 

func AllSetTypes() []SetType

AllSetTypes returns all valid set types.

func (SetType) IsCloned 

func (t SetType) IsCloned() bool

IsCloned checks if this is a cloned set.

func (SetType) IsCustom 

func (t SetType) IsCustom() bool

IsCustom checks if this is a custom set.

func (SetType) IsExtended 

func (t SetType) IsExtended() bool

IsExtended checks if this is an extended set.

func (SetType) IsSystem 

func (t SetType) IsSystem() bool

IsSystem checks if this is a system template.

func (SetType) IsValid 

func (t SetType) IsValid() bool

IsValid checks if the set type is valid.

func (SetType) RequiresParent 

func (t SetType) RequiresParent() bool

RequiresParent checks if this set type requires a parent.

func (SetType) String 

func (t SetType) String() string

String returns the string representation.

type Version 

type Version struct {
	// contains filtered or unexported fields
}

Version represents a version record for a permission set.

func NewVersion 

func NewVersion(permissionSetID shared.ID, version int, changes VersionChanges, changedBy *shared.ID) (*Version, error)

NewVersion creates a new version record.

func ReconstituteVersion 

func ReconstituteVersion(
	permissionSetID shared.ID,
	version int,
	changes VersionChanges,
	changedAt time.Time,
	changedBy *shared.ID,
) *Version

ReconstituteVersion recreates a Version from persistence.

func (*Version) ChangedAt 

func (v *Version) ChangedAt() time.Time

ChangedAt returns when this version was created.

func (*Version) ChangedBy 

func (v *Version) ChangedBy() *shared.ID

ChangedBy returns who made this change.

func (*Version) Changes 

func (v *Version) Changes() VersionChanges

Changes returns the changes in this version.

func (*Version) PermissionSetID 

func (v *Version) PermissionSetID() shared.ID

PermissionSetID returns the permission set ID.

func (*Version) Version 

func (v *Version) Version() int

Version returns the version number.

type VersionChanges 

type VersionChanges struct {
	Added   []string `json:"added,omitempty"`
	Removed []string `json:"removed,omitempty"`
	Initial bool     `json:"initial,omitempty"`
}

VersionChanges represents the changes in a version.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.