Documentation
¶
Index ¶
- Variables
- func AddNamespaceIfRequired(namespace string, name string) string
- func ParsePermissionName(s string) string
- type Filter
- type Permission
- type RelationService
- type Repository
- type RoleService
- type Service
- func (s Service) Delete(ctx context.Context, id string) error
- func (s Service) Get(ctx context.Context, id string) (Permission, error)
- func (s Service) List(ctx context.Context, flt Filter) ([]Permission, error)
- func (s *Service) SetRoleService(roleService RoleService)
- func (s Service) Update(ctx context.Context, perm Permission) (Permission, error)
- func (s Service) Upsert(ctx context.Context, perm Permission) (Permission, error)
Constants ¶
This section is empty.
Variables ¶
Functions ¶
func AddNamespaceIfRequired ¶ added in v0.7.5
func ParsePermissionName ¶
Types ¶
type Permission ¶
type Permission struct {
ID string
Name string
Slug string
NamespaceID string
Metadata metadata.Metadata
CreatedAt time.Time
UpdatedAt time.Time
}
func (Permission) GenerateSlug ¶
func (p Permission) GenerateSlug() string
type RelationService ¶ added in v0.107.0
RelationService is used to delete the SpiceDB tuples that grant a permission, so deleting a permission doesn't leave them behind.
type Repository ¶
type Repository interface {
Get(ctx context.Context, id string) (Permission, error)
GetBySlug(ctx context.Context, id string) (Permission, error)
Upsert(ctx context.Context, action Permission) (Permission, error)
List(ctx context.Context, flt Filter) ([]Permission, error)
Update(ctx context.Context, action Permission) (Permission, error)
Delete(ctx context.Context, id string) error
}
type RoleService ¶ added in v0.107.0
type RoleService interface {
// RemovePermissionFromRoles removes a deleted permission from each role's list.
RemovePermissionFromRoles(ctx context.Context, slug string) error
}
RoleService is implemented by role.Service and injected via SetRoleService (not the constructor) because the role and permission services depend on each other.
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
func NewService ¶
func NewService(logger *slog.Logger, repository Repository, relationService RelationService) *Service
func (Service) Delete ¶
Delete removes a permission and everything that points to it:
- the SpiceDB tuples that let roles grant it (app/role:<role>#<slug>@<principal>:*, one per principal type),
- the permission from every role's list, and
- the permission row itself.
These steps span SpiceDB and two DB writes with no shared transaction, so a failure partway leaves a partial state. The order puts the grant-tuple removal (the one that actually revokes access) first, and each later step logs what was already done if it fails, so the leftover can be cleaned up.
func (*Service) SetRoleService ¶ added in v0.107.0
func (s *Service) SetRoleService(roleService RoleService)
SetRoleService wires in the role service used to remove a deleted permission from role lists. Set after construction because the permission and role services depend on each other.
func (Service) Update ¶
func (s Service) Update(ctx context.Context, perm Permission) (Permission, error)
func (Service) Upsert ¶
func (s Service) Upsert(ctx context.Context, perm Permission) (Permission, error)
Source Files
Directories