role

package

v0.107.0 Latest Latest Go to latest Published: Jun 18, 2026 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/raystack/frontier

Links

Documentation ¶

Index ¶

Variables
type AuditRecordRepository
type Filter
type PermissionService
type RelationService
type Repository
type Role
type Service
- func NewService(repository Repository, relationService RelationService, ...) *Service
type State
- func (s State) String() string

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrNotExist      = errors.New("role doesn't exist")
	ErrInvalidID     = errors.New("role id is invalid")
	ErrConflict      = errors.New("role name already exist")
	ErrInvalidDetail = errors.New("invalid role detail")
	ErrRoleInUse     = errors.New("role is in use by one or more policies")
)

Functions ¶

This section is empty.

Types ¶

type AuditRecordRepository ¶ added in v0.78.0

type AuditRecordRepository interface {
	Create(ctx context.Context, auditRecord models.AuditRecord) (models.AuditRecord, error)
}

type Filter ¶

type Filter struct {
	OrgID  string
	Scopes []string
	IDs    []string
}

type PermissionService ¶

type PermissionService interface {
	Get(ctx context.Context, id string) (permission.Permission, error)
}

type RelationService ¶

type RelationService interface {
	Create(ctx context.Context, rel relation.Relation) (relation.Relation, error)
	Delete(ctx context.Context, rel relation.Relation) error
}

type Repository ¶

type Repository interface {
	Get(ctx context.Context, id string) (Role, error)
	GetByName(ctx context.Context, orgID, name string) (Role, error)
	List(ctx context.Context, f Filter) ([]Role, error)
	Upsert(ctx context.Context, role Role) (Role, error)
	Update(ctx context.Context, toUpdate Role) (Role, error)
	Delete(ctx context.Context, roleID string) error
	RemovePermissionFromRoles(ctx context.Context, slug string) error
}

type Role ¶

type Role struct {
	ID          string
	OrgID       string
	Name        string
	Title       string
	Permissions []string
	State       State
	Scopes      []string // used for filtering
	Metadata    metadata.Metadata
	CreatedAt   time.Time
	UpdatedAt   time.Time
}

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

func NewService ¶

func NewService(repository Repository, relationService RelationService, permissionService PermissionService,
	auditRecordRepository AuditRecordRepository, patDeniedPerms map[string]struct{}) *Service

func (Service) Delete ¶

func (s Service) Delete(ctx context.Context, id string) error

func (Service) Get ¶

func (s Service) Get(ctx context.Context, id string) (Role, error)

func (Service) List ¶

func (s Service) List(ctx context.Context, f Filter) ([]Role, error)

func (Service) RemovePermissionFromRoles ¶ added in v0.107.0

func (s Service) RemovePermissionFromRoles(ctx context.Context, slug string) error

RemovePermissionFromRoles removes a permission from every role's list. Called when a permission is deleted so no role keeps a permission that no longer exists.

It deliberately does not go through Update. Update deletes and recreates a role's entire set of permission tuples in SpiceDB (and writes an audit record), so every other permission the role keeps would get its tuples rewritten for no reason. All we need here is to drop one name from the list — a single small DB update that touches no SpiceDB tuples.

func (Service) Update ¶

func (s Service) Update(ctx context.Context, toUpdate Role) (Role, error)

func (Service) Upsert ¶

func (s Service) Upsert(ctx context.Context, toCreate Role) (Role, error)

type State ¶

type State string

const (
	Enabled  State = "enabled"
	Disabled State = "disabled"
)

func (State) String ¶

func (s State) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL