authz

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultAuthorizer = "casbin"
	Noop              = "noop"
	Casbin            = "casbin"
)
View Source 
const (
	ActionRead   = "read"
	ActionCreate = "create"
	ActionUpdate = "update" // Corrected from "create" to "update"
	ActionDelete = "delete"
)

Define standard authorization actions as constants.

Variables

This section is empty.

Functions

func Register 

func Register(name string, factory Factory)

Register registers a new authorizer provider factory. This function is intended to be called from the init() function of each provider implementation.

Types

type Authorizer 

type Authorizer interface {
	// Authorized individual rule specifications are checked.
	Authorized(ctx context.Context, p security.Principal, spec RuleSpec) (bool, error)
}

The Authorizer defines the core authorization interface for validating individual requests. It is often used as a "goalkeeper" in middleware.

func New 

func New(cfg *authzv1.Authorizer, opts ...options.Option) (Authorizer, error)

New creates a new authorizer provider instance based on the given configuration. It looks up the appropriate factory using the type specified in the config and invokes it. The returned Provider instance is NOT stored globally; it is the caller's responsibility to manage its lifecycle and inject it where needed.

type Factory 

type Factory interface {
	NewAuthorizer(config *authzv1.Authorizer, opts ...options.Option) (Authorizer, error)
}

type FactoryFunc 

type FactoryFunc func(config *authzv1.Authorizer, opts ...options.Option) (Authorizer, error)

FactoryFunc is a function type that creates a Provider instance.

func (FactoryFunc) NewAuthorizer 

func (f FactoryFunc) NewAuthorizer(config *authzv1.Authorizer, opts ...options.Option) (Authorizer, error)

type FilterQuerier 

type FilterQuerier interface {
	// FilterAuthorized is the generic and powerful core method of this interface.
	// It filters a list of RuleSpecs and returns the subset for which the principal is authorized.
	// It is useful for complex, non-standard batch filtering scenarios.
	FilterAuthorized(ctx context.Context, p security.Principal, specs []RuleSpec) ([]RuleSpec, error)

	// FilterAuthorizedResources is a convenience method for the common use case of filtering a list of resource IDs.
	// It abstracts away the complexity of creating and parsing RuleSpecs.
	// The specTemplate provides a template for the check, where its Resource field is ignored.
	FilterAuthorizedResources(ctx context.Context, p security.Principal, specTemplate RuleSpec, resources []string) ([]string, error)

	// FilterAuthorizedActions is a convenience method to determine which actions a principal can perform on a given resource.
	// The specTemplate provides a template for the check, where its Action field is ignored.
	FilterAuthorizedActions(ctx context.Context, p security.Principal, specTemplate RuleSpec, actions []string) ([]string, error)

	// FilterAuthorizedDomains is a convenience method to determine which domains a principal has access to.
	// The specTemplate provides a template for the check, where its Domain field is ignored.
	FilterAuthorizedDomains(ctx context.Context, p security.Principal, specTemplate RuleSpec, domains []string) ([]string, error)
}

FilterQuerier defines the interface for querying permissions in batches. Its primary consumer is API endpoints that need to perform bulk permission checks, for example, to filter a list of items based on the user's access rights.

type RuleSpec 

type RuleSpec struct {
	Domain   string // Represent the project or tenant. It can be empty.
	Resource string // The resource being accessed.
	Action   string // Actions to be performed on the resource.
	// Attributes contain additional attributes related to this rule, such as the owner of the resource, status, and so on.
	// This allows RuleSpec to carry more complex contextual information to support ABAC.
	Attributes security.Claims
}

RuleSpec encapsulates the specification of an authorization rule to be checked. It is a pure data container that describes the core elements required for authorization checks.

func NewRuleSpec 

func NewRuleSpec(p security.Principal, req security.Request) RuleSpec

NewRuleSpec creates an authz.RuleSpec from a principal and a security.Request. It maps HTTP methods to standard authorization actions (read, create, update, delete).

Source Files

View all Source files

Directories

Path Synopsis
adapter
Package adapter implements the functions, types, and interfaces for the module.
 Package adapter implements the functions, types, and interfaces for the module.
internal/model
Package model embedding the model files for Casbin.
 Package model embedding the model files for Casbin.
internal/policy
Package policy embedding the policy files for Casbin.
 Package policy embedding the policy files for Casbin.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.