permission

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 7, 2026 License: GPL-3.0 Imports: 2 Imported by: 0

Documentation

Overview

Package permission defines granular permissions for resource-based authorization.

Permission naming convention follows hierarchical pattern: 

{module}:{subfeature}:{action}

Examples:

  • integrations:scm:read (read SCM connections)
  • assets:groups:write (manage asset groups)
  • team:roles:assign (assign roles to users)

For simpler permissions without subfeatures: 

{module}:{action}

Examples:

  • dashboard:read
  • assets:read

Index

Constants

This section is empty.

Variables

View Source 
var RolePermissions = map[tenant.Role][]Permission{
	tenant.RoleOwner: {

		DashboardRead,
		AuditRead,
		SettingsRead, SettingsWrite,

		AssetsRead, AssetsWrite, AssetsDelete, AssetsImport, AssetsExport,
		AssetGroupsRead, AssetGroupsWrite, AssetGroupsDelete,
		ComponentsRead, ComponentsWrite, ComponentsDelete,

		FindingsRead, FindingsWrite, FindingsDelete,
		FindingsAssign, FindingsTriage, FindingsStatus, FindingsExport, FindingsBulkUpdate, FindingsApprove,
		FindingsFixApply, FindingsVerify,
		ExposuresRead, ExposuresWrite, ExposuresDelete, ExposuresTriage,
		SuppressionsRead, SuppressionsWrite, SuppressionsDelete, SuppressionsApprove,
		VulnerabilitiesRead, VulnerabilitiesWrite, VulnerabilitiesDelete,
		CredentialsRead, CredentialsWrite,
		RemediationRead, RemediationWrite,
		WorkflowsRead, WorkflowsWrite,
		PoliciesRead, PoliciesWrite, PoliciesDelete,

		ScansRead, ScansWrite, ScansDelete, ScansExecute,
		ScanProfilesRead, ScanProfilesWrite, ScanProfilesDelete,
		SourcesRead, SourcesWrite, SourcesDelete,
		ToolsRead, ToolsWrite, ToolsDelete,
		TenantToolsRead, TenantToolsWrite, TenantToolsDelete,
		ScannerTemplatesRead, ScannerTemplatesWrite, ScannerTemplatesDelete,
		SecretStoreRead, SecretStoreWrite, SecretStoreDelete,

		AgentsRead, AgentsWrite, AgentsDelete,
		CommandsRead, CommandsWrite, CommandsDelete,

		TeamRead, TeamUpdate, TeamDelete,
		MembersRead, MembersInvite, MembersWrite,
		GroupsRead, GroupsWrite, GroupsDelete, GroupsMembers, GroupsAssets,
		RolesRead, RolesWrite, RolesDelete, RolesAssign,
		PermissionSetsRead, PermissionSetsWrite, PermissionSetsDelete,
		AssignmentRulesRead, AssignmentRulesWrite, AssignmentRulesDelete,

		IntegrationsRead, IntegrationsManage,
		SCMConnectionsRead, SCMConnectionsWrite, SCMConnectionsDelete,
		NotificationsRead, NotificationsWrite, NotificationsDelete,
		WebhooksRead, WebhooksWrite, WebhooksDelete,
		APIKeysRead, APIKeysWrite, APIKeysDelete,
		PipelinesRead, PipelinesWrite, PipelinesDelete, PipelinesExecute,

		BillingRead, BillingWrite,
		SLARead, SLAWrite, SLADelete,

		ScopeRead, ScopeWrite, ScopeDelete,

		ValidationRead, ValidationWrite,

		PentestCampaignsRead, PentestCampaignsWrite, PentestCampaignsDelete,
		PentestFindingsRead, PentestFindingsWrite, PentestFindingsDelete,
		PentestRetestsRead, PentestRetestsWrite,
		PentestTemplatesRead, PentestTemplatesWrite,
		PentestReportsWrite,

		ComplianceFrameworksRead, ComplianceFrameworksWrite,
		ComplianceAssessmentsRead, ComplianceAssessmentsWrite,
		ComplianceMappingsRead, ComplianceMappingsWrite,
		ComplianceReportsRead,

		ReportsRead, ReportsWrite,

		ThreatIntelRead, ThreatIntelWrite,

		AITriageRead, AITriageTrigger,
	},

	tenant.RoleAdmin: {

		DashboardRead,
		AuditRead,
		SettingsRead, SettingsWrite,

		AssetsRead, AssetsWrite, AssetsDelete, AssetsImport, AssetsExport,
		AssetGroupsRead, AssetGroupsWrite, AssetGroupsDelete,
		ComponentsRead, ComponentsWrite, ComponentsDelete,

		FindingsRead, FindingsWrite, FindingsDelete,
		FindingsAssign, FindingsTriage, FindingsStatus, FindingsExport, FindingsBulkUpdate, FindingsApprove,
		FindingsFixApply, FindingsVerify,
		ExposuresRead, ExposuresWrite, ExposuresDelete, ExposuresTriage,
		SuppressionsRead, SuppressionsWrite, SuppressionsDelete,
		VulnerabilitiesRead, VulnerabilitiesWrite, VulnerabilitiesDelete,
		CredentialsRead, CredentialsWrite,
		RemediationRead, RemediationWrite,
		WorkflowsRead, WorkflowsWrite,
		PoliciesRead, PoliciesDelete, PoliciesWrite,

		ScansRead, ScansWrite, ScansDelete, ScansExecute,
		ScanProfilesRead, ScanProfilesWrite, ScanProfilesDelete,
		SourcesRead, SourcesWrite, SourcesDelete,
		ToolsRead, ToolsWrite, ToolsDelete,
		TenantToolsRead, TenantToolsWrite, TenantToolsDelete,
		ScannerTemplatesRead, ScannerTemplatesWrite, ScannerTemplatesDelete,
		SecretStoreRead, SecretStoreWrite, SecretStoreDelete,

		AgentsRead, AgentsWrite, AgentsDelete,
		CommandsRead, CommandsWrite, CommandsDelete,

		TeamRead, TeamUpdate,
		MembersRead, MembersInvite, MembersWrite,
		GroupsRead, GroupsWrite, GroupsDelete, GroupsMembers, GroupsAssets,
		RolesRead, RolesWrite, RolesDelete, RolesAssign,
		PermissionSetsRead, PermissionSetsWrite, PermissionSetsDelete,
		AssignmentRulesRead, AssignmentRulesWrite, AssignmentRulesDelete,

		IntegrationsRead, IntegrationsManage,
		SCMConnectionsRead, SCMConnectionsWrite, SCMConnectionsDelete,
		NotificationsRead, NotificationsWrite, NotificationsDelete,
		WebhooksRead, WebhooksWrite, WebhooksDelete,
		APIKeysRead, APIKeysWrite, APIKeysDelete,
		PipelinesRead, PipelinesWrite, PipelinesDelete, PipelinesExecute,

		BillingRead,
		SLARead, SLAWrite, SLADelete,

		ScopeRead, ScopeWrite, ScopeDelete,

		ValidationRead, ValidationWrite,

		PentestCampaignsRead, PentestCampaignsWrite, PentestCampaignsDelete,
		PentestFindingsRead, PentestFindingsWrite, PentestFindingsDelete,
		PentestRetestsRead, PentestRetestsWrite,
		PentestTemplatesRead, PentestTemplatesWrite,
		PentestReportsWrite,

		ComplianceFrameworksRead, ComplianceFrameworksWrite,
		ComplianceAssessmentsRead, ComplianceAssessmentsWrite,
		ComplianceMappingsRead, ComplianceMappingsWrite,
		ComplianceReportsRead,

		ReportsRead, ReportsWrite,

		ThreatIntelRead, ThreatIntelWrite,

		AITriageRead, AITriageTrigger,
	},

	tenant.RoleMember: {

		DashboardRead,
		AuditRead,
		SettingsRead,

		AssetsRead, AssetsWrite,
		AssetGroupsRead, AssetGroupsWrite,
		ComponentsRead, ComponentsWrite,

		FindingsRead, FindingsWrite,
		FindingsTriage, FindingsStatus, FindingsFixApply,
		ExposuresRead, ExposuresWrite,
		SuppressionsRead,
		VulnerabilitiesRead,
		CredentialsRead,
		RemediationRead, RemediationWrite,
		WorkflowsRead,
		PoliciesRead,

		ScansRead, ScansWrite, ScansExecute,
		ScanProfilesRead, ScanProfilesWrite,
		SourcesRead, SourcesWrite,
		ToolsRead,
		TenantToolsRead, TenantToolsWrite,
		ScannerTemplatesRead, ScannerTemplatesWrite,
		SecretStoreRead, SecretStoreWrite,

		AgentsRead, AgentsWrite,
		CommandsRead, CommandsWrite,

		TeamRead,
		MembersRead,
		GroupsRead,
		RolesRead,
		PermissionSetsRead,

		IntegrationsRead,
		SCMConnectionsRead, SCMConnectionsWrite,
		NotificationsRead,
		WebhooksRead,
		APIKeysRead,
		PipelinesRead, PipelinesWrite,

		BillingRead,
		SLARead,

		ScopeRead, ScopeWrite,

		ValidationRead, ValidationWrite,

		PentestCampaignsRead, PentestCampaignsWrite,
		PentestFindingsRead, PentestFindingsWrite,
		PentestRetestsRead, PentestRetestsWrite,
		PentestTemplatesRead, PentestTemplatesWrite,
		PentestReportsWrite,

		ComplianceFrameworksRead,
		ComplianceAssessmentsRead, ComplianceAssessmentsWrite,
		ComplianceMappingsRead, ComplianceMappingsWrite,
		ComplianceReportsRead,

		ReportsRead, ReportsWrite,

		ThreatIntelRead,

		AITriageRead, AITriageTrigger,
	},

	tenant.RoleViewer: {

		DashboardRead,
		AuditRead,
		SettingsRead,

		AssetsRead,
		AssetGroupsRead,
		ComponentsRead,

		FindingsRead,
		ExposuresRead,
		SuppressionsRead,
		VulnerabilitiesRead,
		CredentialsRead,
		RemediationRead,
		WorkflowsRead,
		PoliciesRead,

		ScansRead,
		ScanProfilesRead,
		SourcesRead,
		ToolsRead,
		TenantToolsRead,
		ScannerTemplatesRead,
		SecretStoreRead,

		AgentsRead,
		CommandsRead,

		TeamRead,
		MembersRead,
		GroupsRead,
		RolesRead,
		PermissionSetsRead,

		IntegrationsRead,
		SCMConnectionsRead,
		NotificationsRead,
		WebhooksRead,
		APIKeysRead,
		PipelinesRead,

		BillingRead,
		SLARead,

		ScopeRead,

		ValidationRead,

		PentestCampaignsRead, PentestFindingsRead, PentestRetestsRead, PentestTemplatesRead,

		ComplianceFrameworksRead, ComplianceAssessmentsRead, ComplianceMappingsRead, ComplianceReportsRead,

		ReportsRead,

		ThreatIntelRead,

		AITriageRead,
	},
}

RolePermissions defines the default permissions for each role. This mapping can be overridden by configuration if needed.

Permission hierarchy:

  • Owner: Full access including team deletion and billing
  • Admin: Full resource access + member management (no billing/team delete)
  • Member: Read + Write access to resources (no delete, no member management)
  • Viewer: Read-only access to resources

Functions

func CanDelete 

func CanDelete(role tenant.Role, resource string) bool

CanDelete checks if a role has delete permission for a resource.

func CanRead 

func CanRead(role tenant.Role, resource string) bool

CanRead checks if a role has read permission for a resource.

func CanWrite 

func CanWrite(role tenant.Role, resource string) bool

CanWrite checks if a role has write permission for a resource.

func Contains 

func Contains(perms []Permission, target Permission) bool

Contains checks if a permission slice contains a specific permission.

func ContainsAll 

func ContainsAll(perms []Permission, targets ...Permission) bool

ContainsAll checks if a permission slice contains all of the target permissions.

func ContainsAny 

func ContainsAny(perms []Permission, targets ...Permission) bool

ContainsAny checks if a permission slice contains any of the target permissions.

func GetPermissionStringsForRole 

func GetPermissionStringsForRole(role tenant.Role) []string

GetPermissionStringsForRole returns the permissions as strings for a given role. This is useful for JWT token generation.

func HasAllPermissions 

func HasAllPermissions(role tenant.Role, perms ...Permission) bool

HasAllPermissions checks if a role has all of the specified permissions.

func HasAnyPermission 

func HasAnyPermission(role tenant.Role, perms ...Permission) bool

HasAnyPermission checks if a role has any of the specified permissions.

func HasPermission 

func HasPermission(role tenant.Role, perm Permission) bool

HasPermission checks if a role has a specific permission.

func ToStrings 

func ToStrings(perms []Permission) []string

ToStrings converts a slice of Permissions to a slice of strings.

Types

type Permission 

type Permission string

Permission represents a granular permission for a specific action on a resource. 

const (
	// Dashboard permissions
	DashboardRead Permission = "dashboard:read"

	// Audit log permissions
	AuditRead Permission = "audit:read"

	// Settings permissions (settings:*)
	SettingsRead  Permission = "settings:read"
	SettingsWrite Permission = "settings:write"
)
const (
	// Asset permissions (top-level)
	AssetsRead   Permission = "assets:read"
	AssetsWrite  Permission = "assets:write"
	AssetsDelete Permission = "assets:delete"

	// Asset import/export
	AssetsImport Permission = "assets:import"
	AssetsExport Permission = "assets:export"

	// Asset Groups permissions (assets:groups:*)
	AssetGroupsRead   Permission = "assets:groups:read"
	AssetGroupsWrite  Permission = "assets:groups:write"
	AssetGroupsDelete Permission = "assets:groups:delete"

	// Component permissions (assets:components:*)
	// Note: Components (SBOM) is a separate module with its own permissions
	ComponentsRead   Permission = "assets:components:read"
	ComponentsWrite  Permission = "assets:components:write"
	ComponentsDelete Permission = "assets:components:delete"
)
const (
	// Finding permissions (findings:*)
	FindingsRead       Permission = "findings:read"
	FindingsWrite      Permission = "findings:write"
	FindingsDelete     Permission = "findings:delete"
	FindingsAssign     Permission = "findings:assign"
	FindingsTriage     Permission = "findings:triage"
	FindingsStatus     Permission = "findings:status"
	FindingsExport     Permission = "findings:export"
	FindingsBulkUpdate Permission = "findings:bulk_update"
	FindingsApprove    Permission = "findings:approve"
	FindingsFixApply   Permission = "findings:fix_apply" // in_progress → fix_applied (dev/owner action)
	FindingsVerify     Permission = "findings:verify"    // fix_applied → resolved (security/scanner action)

	// Exposure permissions (findings:exposures:*)
	ExposuresRead   Permission = "findings:exposures:read"
	ExposuresWrite  Permission = "findings:exposures:write"
	ExposuresDelete Permission = "findings:exposures:delete"
	ExposuresTriage Permission = "findings:exposures:triage"

	// Suppression permissions (findings:suppressions:*)
	SuppressionsRead    Permission = "findings:suppressions:read"
	SuppressionsWrite   Permission = "findings:suppressions:write"
	SuppressionsDelete  Permission = "findings:suppressions:delete"
	SuppressionsApprove Permission = "findings:suppressions:approve"

	// Vulnerability permissions (findings:vulnerabilities:*)
	VulnerabilitiesRead   Permission = "findings:vulnerabilities:read"
	VulnerabilitiesWrite  Permission = "findings:vulnerabilities:write"
	VulnerabilitiesDelete Permission = "findings:vulnerabilities:delete"

	// Credential leak permissions (findings:credentials:*)
	CredentialsRead  Permission = "findings:credentials:read"
	CredentialsWrite Permission = "findings:credentials:write"

	// Remediation permissions (findings:remediation:*)
	RemediationRead  Permission = "findings:remediation:read"
	RemediationWrite Permission = "findings:remediation:write"

	// Workflow permissions (findings:workflows:*)
	WorkflowsRead  Permission = "findings:workflows:read"
	WorkflowsWrite Permission = "findings:workflows:write"

	// Policies permissions (findings:policies:*)
	PoliciesRead   Permission = "findings:policies:read"
	PoliciesWrite  Permission = "findings:policies:write"
	PoliciesDelete Permission = "findings:policies:delete"
)
const (
	// Scan permissions (scans:*)
	ScansRead    Permission = "scans:read"
	ScansWrite   Permission = "scans:write"
	ScansDelete  Permission = "scans:delete"
	ScansExecute Permission = "scans:execute"

	// Scan Profile permissions (scans:profiles:*)
	ScanProfilesRead   Permission = "scans:profiles:read"
	ScanProfilesWrite  Permission = "scans:profiles:write"
	ScanProfilesDelete Permission = "scans:profiles:delete"

	// Source permissions (scans:sources:*)
	SourcesRead   Permission = "scans:sources:read"
	SourcesWrite  Permission = "scans:sources:write"
	SourcesDelete Permission = "scans:sources:delete"

	// Tool Registry permissions (scans:tools:*)
	ToolsRead   Permission = "scans:tools:read"
	ToolsWrite  Permission = "scans:tools:write"
	ToolsDelete Permission = "scans:tools:delete"

	// Tenant Tool Config permissions (scans:tenant_tools:*)
	TenantToolsRead   Permission = "scans:tenant_tools:read"
	TenantToolsWrite  Permission = "scans:tenant_tools:write"
	TenantToolsDelete Permission = "scans:tenant_tools:delete"

	// Scanner Template permissions (scans:templates:*)
	ScannerTemplatesRead   Permission = "scans:templates:read"
	ScannerTemplatesWrite  Permission = "scans:templates:write"
	ScannerTemplatesDelete Permission = "scans:templates:delete"

	// Secret Store permissions (scans:secret_store:*)
	SecretStoreRead   Permission = "scans:secret_store:read"
	SecretStoreWrite  Permission = "scans:secret_store:write"
	SecretStoreDelete Permission = "scans:secret_store:delete"
)
const (
	// Agent permissions (agents:*)
	AgentsRead   Permission = "agents:read"
	AgentsWrite  Permission = "agents:write"
	AgentsDelete Permission = "agents:delete"

	// Command permissions (agents:commands:*)
	CommandsRead   Permission = "agents:commands:read"
	CommandsWrite  Permission = "agents:commands:write"
	CommandsDelete Permission = "agents:commands:delete"
)
const (
	// Team settings permissions (team:*)
	TeamRead   Permission = "team:read"
	TeamUpdate Permission = "team:update"
	TeamDelete Permission = "team:delete"

	// Member management permissions (team:members:*)
	MembersRead   Permission = "team:members:read"
	MembersInvite Permission = "team:members:invite"
	MembersWrite  Permission = "team:members:write"

	// Group permissions (team:groups:*)
	GroupsRead    Permission = "team:groups:read"
	GroupsWrite   Permission = "team:groups:write"
	GroupsDelete  Permission = "team:groups:delete"
	GroupsMembers Permission = "team:groups:members"
	GroupsAssets  Permission = "team:groups:assets"

	// Role permissions (team:roles:*)
	RolesRead   Permission = "team:roles:read"
	RolesWrite  Permission = "team:roles:write"
	RolesDelete Permission = "team:roles:delete"
	RolesAssign Permission = "team:roles:assign"

	// Permission Set permissions (team:permission_sets:*)
	PermissionSetsRead   Permission = "team:permission_sets:read"
	PermissionSetsWrite  Permission = "team:permission_sets:write"
	PermissionSetsDelete Permission = "team:permission_sets:delete"

	// Assignment Rules permissions (team:assignment_rules:*)
	AssignmentRulesRead   Permission = "team:assignment_rules:read"
	AssignmentRulesWrite  Permission = "team:assignment_rules:write"
	AssignmentRulesDelete Permission = "team:assignment_rules:delete"
)
const (
	// Integration permissions (integrations:*)
	IntegrationsRead   Permission = "integrations:read"
	IntegrationsManage Permission = "integrations:manage"

	// SCM Connection permissions (integrations:scm:*)
	SCMConnectionsRead   Permission = "integrations:scm:read"
	SCMConnectionsWrite  Permission = "integrations:scm:write"
	SCMConnectionsDelete Permission = "integrations:scm:delete"

	// Notification permissions (integrations:notifications:*)
	NotificationsRead   Permission = "integrations:notifications:read"
	NotificationsWrite  Permission = "integrations:notifications:write"
	NotificationsDelete Permission = "integrations:notifications:delete"

	// Webhook permissions (integrations:webhooks:*)
	WebhooksRead   Permission = "integrations:webhooks:read"
	WebhooksWrite  Permission = "integrations:webhooks:write"
	WebhooksDelete Permission = "integrations:webhooks:delete"

	// API Keys permissions (integrations:api_keys:*)
	APIKeysRead   Permission = "integrations:api_keys:read"
	APIKeysWrite  Permission = "integrations:api_keys:write"
	APIKeysDelete Permission = "integrations:api_keys:delete"

	// Pipeline permissions (integrations:pipelines:*)
	PipelinesRead    Permission = "integrations:pipelines:read"
	PipelinesWrite   Permission = "integrations:pipelines:write"
	PipelinesDelete  Permission = "integrations:pipelines:delete"
	PipelinesExecute Permission = "integrations:pipelines:execute"
)
const (
	// Billing permissions (settings:billing:*)
	BillingRead  Permission = "settings:billing:read"
	BillingWrite Permission = "settings:billing:write"

	// SLA permissions (settings:sla:*)
	SLARead   Permission = "settings:sla:read"
	SLAWrite  Permission = "settings:sla:write"
	SLADelete Permission = "settings:sla:delete"
)
const (
	// Scope permissions (attack_surface:scope:*)
	ScopeRead   Permission = "attack_surface:scope:read"
	ScopeWrite  Permission = "attack_surface:scope:write"
	ScopeDelete Permission = "attack_surface:scope:delete"
)
const (
	// Pentest/Validation permissions (validation:* - legacy)
	ValidationRead  Permission = "validation:read"
	ValidationWrite Permission = "validation:write"

	// Granular pentest permissions (pentest:*)
	PentestCampaignsRead   Permission = "pentest:campaigns:read"
	PentestCampaignsWrite  Permission = "pentest:campaigns:write"
	PentestCampaignsDelete Permission = "pentest:campaigns:delete"
	PentestFindingsRead    Permission = "pentest:findings:read"
	PentestFindingsWrite   Permission = "pentest:findings:write"
	PentestFindingsDelete  Permission = "pentest:findings:delete"
	PentestRetestsRead     Permission = "pentest:retests:read"
	PentestRetestsWrite    Permission = "pentest:retests:write"
	PentestTemplatesRead   Permission = "pentest:templates:read"
	PentestTemplatesWrite  Permission = "pentest:templates:write"
	PentestReportsWrite    Permission = "pentest:reports:write"
)
const (
	ComplianceFrameworksRead   Permission = "compliance:frameworks:read"
	ComplianceFrameworksWrite  Permission = "compliance:frameworks:write"
	ComplianceAssessmentsRead  Permission = "compliance:assessments:read"
	ComplianceAssessmentsWrite Permission = "compliance:assessments:write"
	ComplianceMappingsRead     Permission = "compliance:mappings:read"
	ComplianceMappingsWrite    Permission = "compliance:mappings:write"
	ComplianceReportsRead      Permission = "compliance:reports:read"
)
const (
	// Report permissions (reports:*)
	ReportsRead  Permission = "reports:read"
	ReportsWrite Permission = "reports:write"
)
const (
	// Threat Intel permissions (threat_intel:*)
	ThreatIntelRead  Permission = "threat_intel:read"
	ThreatIntelWrite Permission = "threat_intel:write"
)
const (
	// AI Triage permissions (ai_triage:*)
	AITriageRead    Permission = "ai_triage:read"
	AITriageTrigger Permission = "ai_triage:trigger"
)
const (
	// MembersManage is an alias for MembersWrite (team:members:write)
	MembersManage Permission = "team:members:write"

	// BillingManage is an alias for BillingWrite (settings:billing:write)
	BillingManage Permission = "settings:billing:write"

	// PentestRead/Write are aliases for ValidationRead/Write
	PentestRead  Permission = "validation:read"
	PentestWrite Permission = "validation:write"

	// GroupsPermissions is an alias for GroupsWrite (team:groups:write)
	GroupsPermissions Permission = "team:groups:write"

	// TemplateSources are aliases for Sources (same permission strings)
	TemplateSourcesRead   Permission = "scans:sources:read"
	TemplateSourcesWrite  Permission = "scans:sources:write"
	TemplateSourcesDelete Permission = "scans:sources:delete"
)

func AllPermissions 

func AllPermissions() []Permission

AllPermissions returns all defined permissions. Useful for validation and documentation.

func FromStrings 

func FromStrings(strs []string) []Permission

FromStrings converts a slice of strings to a slice of Permissions. Invalid permissions are skipped.

func GetPermissionsForRole 

func GetPermissionsForRole(role tenant.Role) []Permission

GetPermissionsForRole returns the permissions for a given role. Returns empty slice if role is not found.

func ParsePermission 

func ParsePermission(s string) (Permission, bool)

ParsePermission parses a string to a Permission.

func (Permission) IsValid 

func (p Permission) IsValid() bool

IsValid checks if the permission is a known permission.

func (Permission) String 

func (p Permission) String() string

String returns the string representation of the permission.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.