membership

package

v0.98.0 Latest Latest Go to latest Published: Apr 23, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/raystack/frontier

Links

Documentation ¶

Index ¶

Variables
type AuditRecordRepository
type GroupService
type OrgService
type PolicyService
type ProjectService
type RelationService
type RoleService
type Service
- func NewService(logger log.Logger, policyService PolicyService, ...) *Service
type ServiceuserService
type UserService

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrAlreadyMember        = errors.New("principal is already a member of this resource")
	ErrNotMember            = errors.New("principal is not a member of this resource")
	ErrInvalidOrgRole       = errors.New("role is not valid for organization scope")
	ErrLastOwnerRole        = errors.New("cannot change role: this is the last owner of the organization")
	ErrInvalidPrincipal     = errors.New("invalid principal")
	ErrPrincipalNotInOrg    = errors.New("principal does not belong to this organization")
	ErrInvalidPrincipalType = errors.New("unsupported principal type")
	ErrNotOrgMember         = errors.New("principal is not a member of the organization")
	ErrInvalidProjectRole   = errors.New("role is not valid for project scope")
)

Functions ¶

This section is empty.

Types ¶

type AuditRecordRepository ¶

type AuditRecordRepository interface {
	Create(ctx context.Context, auditRecord auditrecord.AuditRecord) (auditrecord.AuditRecord, error)
}

type GroupService ¶

type GroupService interface {
	Get(ctx context.Context, idOrName string) (group.Group, error)
	List(ctx context.Context, flt group.Filter) ([]group.Group, error)
}

type OrgService ¶

type OrgService interface {
	Get(ctx context.Context, idOrName string) (organization.Organization, error)
}

type PolicyService ¶

type PolicyService interface {
	Create(ctx context.Context, pol policy.Policy) (policy.Policy, error)
	List(ctx context.Context, flt policy.Filter) ([]policy.Policy, error)
	Delete(ctx context.Context, id string) error
}

type ProjectService ¶

type ProjectService interface {
	Get(ctx context.Context, idOrName string) (project.Project, error)
	List(ctx context.Context, flt project.Filter) ([]project.Project, error)
}

type RelationService ¶

type RelationService interface {
	Create(ctx context.Context, rel relation.Relation) (relation.Relation, error)
	Delete(ctx context.Context, rel relation.Relation) error
}

type RoleService ¶

type RoleService interface {
	Get(ctx context.Context, idOrName string) (role.Role, error)
}

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

func NewService ¶

func NewService(
	logger log.Logger,
	policyService PolicyService,
	relationService RelationService,
	roleService RoleService,
	orgService OrgService,
	userService UserService,
	projectService ProjectService,
	groupService GroupService,
	serviceuserService ServiceuserService,
	auditRecordRepository AuditRecordRepository,
) *Service

func (*Service) AddOrganizationMember ¶

func (s *Service) AddOrganizationMember(ctx context.Context, orgID, principalID, principalType, roleID string) error

AddOrganizationMember adds a principal (user or service user) to an organization with an explicit role, bypassing the invitation flow. Returns ErrAlreadyMember if the principal already has a policy on this org.

func (*Service) RemoveOrganizationMember ¶

func (s *Service) RemoveOrganizationMember(ctx context.Context, orgID, principalID, principalType string) error

RemoveOrganizationMember removes a principal from an organization and cascades the removal through all org projects and groups, cleaning up both policies and relations. Returns ErrNotMember if the principal has no policies on this org.

func (*Service) RemoveProjectMember ¶

func (s *Service) RemoveProjectMember(ctx context.Context, projectID, principalID, principalType string) error

RemoveProjectMember removes a principal from a project by deleting all their project-level policies.

func (*Service) SetOrganizationMemberRole ¶

func (s *Service) SetOrganizationMemberRole(ctx context.Context, orgID, principalID, principalType, roleID string) error

SetOrganizationMemberRole changes an existing member's role in an organization. Supports user and service user principals. Skips the write if the member already has exactly the requested role.

func (*Service) SetProjectMemberRole ¶

func (s *Service) SetProjectMemberRole(ctx context.Context, projectID, principalID, principalType, roleID string) error

SetProjectMemberRole sets or changes a principal's role in a project (upsert). It validates the role is project-scoped and the principal is a member of the parent org. No explicit SpiceDB relations are managed — projects use policies only.

type ServiceuserService ¶

type ServiceuserService interface {
	Get(ctx context.Context, id string) (serviceuser.ServiceUser, error)
}

type UserService ¶

type UserService interface {
	GetByID(ctx context.Context, id string) (user.User, error)
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL