typesystem

package
v0.2.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2022 License: Apache-2.0 Imports: 4 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	SchemaVersion1_0 = "1.0"
	SchemaVersion1_1 = "1.1"
)

Variables

View Source 
var (
	ErrDuplicateTypes       = errors.New("an authorization model cannot contain duplicate types")
	ErrInvalidSchemaVersion = errors.New("invalid schema version")
)

Functions

func AssignableRelationError 

func AssignableRelationError(objectType, relation string) error

func ComputedUserset added in v0.2.4 

func ComputedUserset(relation string) *openfgapb.Userset

func ContainsSelf 

func ContainsSelf(rewrite *openfgapb.Userset) bool

func Difference added in v0.2.4 

func Difference(base *openfgapb.Userset, sub *openfgapb.Userset) *openfgapb.Userset

func Intersection added in v0.2.4 

func Intersection(children ...*openfgapb.Userset) *openfgapb.Userset

func InvalidRelationError 

func InvalidRelationError(objectType, relation string) error

func InvalidRelationTypeError 

func InvalidRelationTypeError(objectType, relation, relatedObjectType, relatedRelation string) error

func NonAssignableRelationError 

func NonAssignableRelationError(objectType, relation string) error

func ObjectTypeDoesNotExistError 

func ObjectTypeDoesNotExistError(objectType string) error

func RelationDoesNotExistError 

func RelationDoesNotExistError(objectType, relation string) error

RelationDoesNotExistError may have an empty objectType, but must have a relation (otherwise the error won't make much sense).

func RelationReference added in v0.2.4 

func RelationReference(objectType, relation string) *openfgapb.RelationReference

func This added in v0.2.4 

func This() *openfgapb.Userset

func TupleToUserset added in v0.2.4 

func TupleToUserset(tuplesetRelation, targetRelation string) *openfgapb.Userset

func Union added in v0.2.4 

func Union(children ...*openfgapb.Userset) *openfgapb.Userset

func Validate 

func Validate(model *openfgapb.AuthorizationModel) error

Validate validates an *openfgapb.AuthorizationModel according to the following rules:

  1. Checks that the model have a valid schema version.
  2. For every rewrite the relations in the rewrite must: a. Be valid relations on the same type in the authorization model (in cases of computedUserset) b. Be valid relations on another existing type (in cases of tupleToUserset)
  3. Do not allow duplicate types or duplicate relations (only need to check types as relations are in a map so cannot contain duplicates)

If the authorization model has a v1.1 schema version (with types on relations), then additionally validate the type system according to the following rules:

  1. Every type restriction on a relation must be a valid type: a. For a type (e.g. user) this means checking that this type is in the TypeSystem b. For a type#relation this means checking that this type with this relation is in the TypeSystem
  2. Check that a relation is assignable if and only if it has a non-zero list of types

Types

type TypeSystem 

type TypeSystem struct {
	// contains filtered or unexported fields
}

func New 

func New(model *openfgapb.AuthorizationModel) *TypeSystem

New creates a *TypeSystem from an *openfgapb.AuthorizationModel. New assumes that the model has already been validated.

func (*TypeSystem) GetDirectlyRelatedUserTypes added in v0.2.4 

func (t *TypeSystem) GetDirectlyRelatedUserTypes(objectType, relation string) []*openfgapb.RelationReference

func (*TypeSystem) GetRelation 

func (t *TypeSystem) GetRelation(objectType, relation string) (*openfgapb.Relation, bool)

func (*TypeSystem) GetRelations 

func (t *TypeSystem) GetRelations(objectType string) (map[string]*openfgapb.Relation, bool)

func (*TypeSystem) GetSchemaVersion 

func (t *TypeSystem) GetSchemaVersion() string

func (*TypeSystem) GetTypeDefinition 

func (t *TypeSystem) GetTypeDefinition(objectType string) (*openfgapb.TypeDefinition, bool)

func (*TypeSystem) GetTypeDefinitions 

func (t *TypeSystem) GetTypeDefinitions() map[string]*openfgapb.TypeDefinition

func (*TypeSystem) IsDirectlyAssignable 

func (t *TypeSystem) IsDirectlyAssignable(relation *openfgapb.Relation) bool

func (*TypeSystem) IsDirectlyRelated added in v0.2.4 

func (t *TypeSystem) IsDirectlyRelated(target *openfgapb.RelationReference, source *openfgapb.RelationReference) bool

IsDirectlyRelated determines whether the type of the target RelationReference contains the source RelationReference.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.