rbac

package
v1.23.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2025 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package rbac provides role-based access control with permissions, roles, and policy management.

Index

Constants

This section is empty.

Variables

View Source 
var StandardPermissions = struct {
	Read   string
	Write  string
	Delete string
	Admin  string
}{
	Read:   "read",
	Write:  "write",
	Delete: "delete",
	Admin:  "admin",
}

StandardPermissions provides standard permission definitions

View Source 
var StandardRoles = struct {
	Admin  string
	User   string
	Viewer string
	Editor string
	Owner  string
}{
	Admin:  "admin",
	User:   "user",
	Viewer: "viewer",
	Editor: "editor",
	Owner:  "owner",
}

StandardRoles provides standard role definitions

Functions

This section is empty.

Types

type DefaultManager 

type DefaultManager struct {
	// contains filtered or unexported fields
}

DefaultManager implements the Manager interface

func (*DefaultManager) AssignRole 

func (m *DefaultManager) AssignRole(ctx context.Context, userID, roleID, tenantID string) error

AssignRole assigns a role to a user

func (*DefaultManager) CreatePolicy 

func (m *DefaultManager) CreatePolicy(ctx context.Context, policy *Policy) error

CreatePolicy creates a new policy

func (*DefaultManager) CreateRole 

func (m *DefaultManager) CreateRole(ctx context.Context, role *Role) error

CreateRole creates a new role

func (*DefaultManager) DeletePolicy 

func (m *DefaultManager) DeletePolicy(ctx context.Context, policyID string) error

DeletePolicy deletes a policy

func (*DefaultManager) DeleteRole 

func (m *DefaultManager) DeleteRole(ctx context.Context, roleID string) error

DeleteRole deletes a role

func (*DefaultManager) EvaluatePolicy 

func (m *DefaultManager) EvaluatePolicy(ctx context.Context, userID, resource, action, tenantID string) Effect

EvaluatePolicy evaluates policies for a user action

func (*DefaultManager) GetPolicy 

func (m *DefaultManager) GetPolicy(ctx context.Context, policyID string) (*Policy, error)

GetPolicy retrieves a policy by ID

func (*DefaultManager) GetRole 

func (m *DefaultManager) GetRole(ctx context.Context, roleID string) (*Role, error)

GetRole retrieves a role by ID

func (*DefaultManager) GetUserPermissions 

func (m *DefaultManager) GetUserPermissions(ctx context.Context, userID, tenantID string) ([]Permission, error)

GetUserPermissions gets all permissions for a user

func (*DefaultManager) GetUserRoles 

func (m *DefaultManager) GetUserRoles(ctx context.Context, userID, tenantID string) ([]*Role, error)

GetUserRoles gets all roles assigned to a user

func (*DefaultManager) HasPermission 

func (m *DefaultManager) HasPermission(ctx context.Context, userID, resource, action, tenantID string) bool

HasPermission checks if a user has a specific permission

func (*DefaultManager) HasRole 

func (m *DefaultManager) HasRole(ctx context.Context, userID, roleID, tenantID string) bool

HasRole checks if a user has a specific role

func (*DefaultManager) ListRoles 

func (m *DefaultManager) ListRoles(ctx context.Context, tenantID string) ([]*Role, error)

ListRoles lists all roles for a tenant

func (*DefaultManager) RevokeRole 

func (m *DefaultManager) RevokeRole(ctx context.Context, userID, roleID, tenantID string) error

RevokeRole revokes a role from a user

func (*DefaultManager) UpdatePolicy 

func (m *DefaultManager) UpdatePolicy(ctx context.Context, policy *Policy) error

UpdatePolicy updates an existing policy

func (*DefaultManager) UpdateRole 

func (m *DefaultManager) UpdateRole(ctx context.Context, role *Role) error

UpdateRole updates an existing role

type Effect 

type Effect string

Effect represents the effect of a policy rule 

const (
	EffectAllow Effect = "allow"
	EffectDeny  Effect = "deny"
)

type Manager 

type Manager interface {
	// Role management
	CreateRole(ctx context.Context, role *Role) error
	GetRole(ctx context.Context, roleID string) (*Role, error)
	UpdateRole(ctx context.Context, role *Role) error
	DeleteRole(ctx context.Context, roleID string) error
	ListRoles(ctx context.Context, tenantID string) ([]*Role, error)

	// User-Role assignment
	AssignRole(ctx context.Context, userID, roleID, tenantID string) error
	RevokeRole(ctx context.Context, userID, roleID, tenantID string) error
	GetUserRoles(ctx context.Context, userID, tenantID string) ([]*Role, error)
	HasRole(ctx context.Context, userID, roleID, tenantID string) bool

	// Permission checking
	HasPermission(ctx context.Context, userID, resource, action, tenantID string) bool
	GetUserPermissions(ctx context.Context, userID, tenantID string) ([]Permission, error)

	// Policy management
	CreatePolicy(ctx context.Context, policy *Policy) error
	GetPolicy(ctx context.Context, policyID string) (*Policy, error)
	UpdatePolicy(ctx context.Context, policy *Policy) error
	DeletePolicy(ctx context.Context, policyID string) error
	EvaluatePolicy(ctx context.Context, userID, resource, action, tenantID string) Effect
}

Manager handles RBAC operations

func NewManager 

func NewManager() Manager

NewManager creates a new RBAC manager

type Permission 

type Permission struct {
	ID          string `json:"id" datastore:"id"`
	Name        string `json:"name" datastore:"name"`
	Resource    string `json:"resource" datastore:"resource"`
	Action      string `json:"action" datastore:"action"`
	Description string `json:"description" datastore:"description,noindex"`
}

Permission represents a single permission

type Policy 

type Policy struct {
	ID          string                 `json:"id" datastore:"id"`
	Name        string                 `json:"name" datastore:"name"`
	Description string                 `json:"description" datastore:"description,noindex"`
	Rules       []PolicyRule           `json:"rules" datastore:"rules"`
	TenantID    string                 `json:"tenant_id" datastore:"tenant_id"`
	Priority    int                    `json:"priority" datastore:"priority"`
	Enabled     bool                   `json:"enabled" datastore:"enabled"`
	Conditions  map[string]interface{} `json:"conditions" datastore:"conditions,noindex"`
}

Policy represents an access control policy

type PolicyRule 

type PolicyRule struct {
	Resource   string   `json:"resource"`
	Actions    []string `json:"actions"`
	Effect     Effect   `json:"effect"`
	Principals []string `json:"principals"` // User IDs or role IDs
}

PolicyRule represents a single rule in a policy

type Role 

type Role struct {
	ID          string       `json:"id" datastore:"id"`
	Name        string       `json:"name" datastore:"name"`
	Description string       `json:"description" datastore:"description,noindex"`
	Permissions []Permission `json:"permissions" datastore:"permissions"`
	IsSystem    bool         `json:"is_system" datastore:"is_system"`
	TenantID    string       `json:"tenant_id" datastore:"tenant_id"`
	CreatedAt   time.Time    `json:"created_at" datastore:"created_at"`
	UpdatedAt   time.Time    `json:"updated_at" datastore:"updated_at"`
}

Role represents a role with a set of permissions

type UserRole 

type UserRole struct {
	UserID    string     `json:"user_id" datastore:"user_id"`
	RoleID    string     `json:"role_id" datastore:"role_id"`
	TenantID  string     `json:"tenant_id" datastore:"tenant_id"`
	GrantedBy string     `json:"granted_by" datastore:"granted_by"`
	GrantedAt time.Time  `json:"granted_at" datastore:"granted_at"`
	ExpiresAt *time.Time `json:"expires_at,omitempty" datastore:"expires_at"`
}

UserRole represents the assignment of a role to a user

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.