Documentation
¶
Index ¶
- Constants
- func MatchGlob(appPathGlob string, app types.AppPathDomain) (bool, error)
- func ParseGlob(appPathGlob string, apps []types.AppPathDomain) ([]types.AppPathDomain, error)
- func ParseGlobFromInfo(appPathGlob string, apps []types.AppInfo) ([]types.AppInfo, error)
- type RBACAPI
- type RBACManager
- func (h *RBACManager) Authorize(ctx context.Context, permission types.RBACPermission, isCustomPermission bool) (bool, error)
- func (h *RBACManager) AuthorizeAny(ctx context.Context, permissions []string) (bool, error)
- func (h *RBACManager) AuthorizeInt(user string, appPathDomain types.AppPathDomain, appAuthSetting string, ...) (bool, error)
- func (h *RBACManager) GetCustomPermissions(ctx context.Context) ([]string, error)
- func (h *RBACManager) GetCustomPermissionsInt(user string, appPathDomain types.AppPathDomain, appAuthSetting string, ...) ([]string, error)
- func (h *RBACManager) IsAppRBACEnabled(ctx context.Context) bool
- func (h *RBACManager) UpdateRBACConfig(rbacConfig *types.RBACConfig) error
Constants ¶
View Source
const RBAC_AUTH_PREFIX = "rbac:"
View Source
const RBAC_CUSTOM_PREFIX = "custom:" // used for app level custom permissions
View Source
const RBAC_GROUP_PREFIX = "group:"
View Source
const RBAC_REGEX_PREFIX = "regex:" // used for regex matching in users list
View Source
const RBAC_ROLE_PREFIX = "role:"
Variables ¶
This section is empty.
Functions ¶
func ParseGlob ¶
func ParseGlob(appPathGlob string, apps []types.AppPathDomain) ([]types.AppPathDomain, error)
ParseGlob parses a path spec in the format of domain:path. If domain is not specified, it will match empty domain. glob patters are supported, *:** matches all apps.
Types ¶
type RBACAPI ¶
type RBACAPI interface {
AuthorizeAny(ctx context.Context, permissions []string) (bool, error)
Authorize(ctx context.Context, permission types.RBACPermission, isAppLevelPermission bool) (bool, error)
GetCustomPermissions(ctx context.Context) ([]string, error)
IsAppRBACEnabled(ctx context.Context) bool
}
type RBACManager ¶
type RBACManager struct {
*types.Logger
RbacConfig *types.RBACConfig
// contains filtered or unexported fields
}
func NewRBACHandler ¶
func NewRBACHandler(logger *types.Logger, rbacConfig *types.RBACConfig, serverConfig *types.ServerConfig) (*RBACManager, error)
func (*RBACManager) Authorize ¶
func (h *RBACManager) Authorize(ctx context.Context, permission types.RBACPermission, isCustomPermission bool) (bool, error)
Authorize checks if the user has access to the specified permission
func (*RBACManager) AuthorizeAny ¶
AuthorizeAny checks if the user has access to any of the specified custom permissions Used for app level permissions, like actions access
func (*RBACManager) AuthorizeInt ¶
func (h *RBACManager) AuthorizeInt(user string, appPathDomain types.AppPathDomain, appAuthSetting string, permission types.RBACPermission, groups []string, isAppLevelPermission bool) (bool, error)
func (*RBACManager) GetCustomPermissions ¶
func (h *RBACManager) GetCustomPermissions(ctx context.Context) ([]string, error)
GetCustomPermissions returns the custom permissions for the user on the current app
func (*RBACManager) GetCustomPermissionsInt ¶
func (h *RBACManager) GetCustomPermissionsInt(user string, appPathDomain types.AppPathDomain, appAuthSetting string, groups []string) ([]string, error)
GetCustomPermissions returns the custom permissions set for the user for the given app path domain and app auth setting Values in returned list do not have the custom: prefix
func (*RBACManager) IsAppRBACEnabled ¶
func (h *RBACManager) IsAppRBACEnabled(ctx context.Context) bool
IsAppRBACEnabled checks if the RBAC is enabled for the current app
func (*RBACManager) UpdateRBACConfig ¶
func (h *RBACManager) UpdateRBACConfig(rbacConfig *types.RBACConfig) error
Source Files
Click to show internal directories.
Click to hide internal directories.