Documentation
¶
Index ¶
- Constants
- func DefaultAuthorizationRules() map[HTTPRoute]AuthorizationRule
- func PathParamsFromContext(ctx context.Context) map[string]string
- func SetOrgExperimentalFeatureCache(orgID uuid.UUID, featureID string, enabled bool)
- func WithPathParams(ctx context.Context, pathParams map[string]string) context.Context
- type AuthService
- func (a *AuthService) AddUserToGroup(domainID string, domainType string, userID string, group string) error
- func (a *AuthService) AssignRole(userID, role, domainID string, domainType string) error
- func (a *AuthService) CheckOrganizationPermission(ctx context.Context, userID, orgID, resource, action string) (bool, error)
- func (a *AuthService) CreateCustomRole(domainID string, roleDefinition *RoleDefinition) error
- func (a *AuthService) CreateGroup(domainID string, domainType string, groupName string, role string, ...) error
- func (a *AuthService) DeleteCustomRole(domainID string, domainType string, roleName string) error
- func (a *AuthService) DeleteGroup(domainID string, domainType string, groupName string) error
- func (a *AuthService) DestroyOrganization(tx *gorm.DB, orgID string) error
- func (a *AuthService) GetAllRoleDefinitions(ctx context.Context, domainType string, domainID string) ([]*RoleDefinition, error)
- func (a *AuthService) GetGroupRole(ctx context.Context, domainID string, domainType string, group string) (string, error)
- func (a *AuthService) GetGroupUsers(ctx context.Context, domainID string, domainType string, group string) ([]string, error)
- func (a *AuthService) GetGroups(ctx context.Context, domainID string, domainType string) ([]string, error)
- func (a *AuthService) GetOrgUsersForRole(ctx context.Context, role string, orgID string) ([]string, error)
- func (a *AuthService) GetRoleDefinition(ctx context.Context, roleName string, domainType string, domainID string) (*RoleDefinition, error)
- func (a *AuthService) GetRoleHierarchy(ctx context.Context, roleName string, domainType string, domainID string) ([]string, error)
- func (a *AuthService) GetRolePermissions(ctx context.Context, roleName string, domainType string, domainID string) ([]*Permission, error)
- func (a *AuthService) GetUserGroups(ctx context.Context, domainID string, domainType string, userID string) ([]string, error)
- func (a *AuthService) GetUserRolesForOrg(ctx context.Context, userID string, orgID string) ([]*RoleDefinition, error)
- func (a *AuthService) IsDefaultRole(roleName string, domainType string) bool
- func (a *AuthService) IsValidPermission(domainType string, permission *Permission) bool
- func (a *AuthService) RemoveRole(userID, role, domainID string, domainType string) error
- func (a *AuthService) RemoveUserFromGroup(domainID string, domainType string, userID string, group string) error
- func (a *AuthService) SetupOrganization(tx *gorm.DB, orgID, ownerID string) error
- func (a *AuthService) UpdateCustomRole(domainID string, roleDefinition *RoleDefinition) error
- func (a *AuthService) UpdateGroup(domainID string, domainType string, groupName string, newRole string, ...) error
- type Authorization
- type AuthorizationRule
- type AuthorizationSetup
- type CustomRoleManager
- type GatewayAuthorizer
- type GroupManager
- type HTTPRoute
- type Permission
- type PermissionChecker
- type RoleDefinition
- type RoleDefinitionQuery
- type RoleManager
- type UserAccessQuery
Constants ¶
View Source
const CanvasIDPathParam = "canvas_id"
View Source
const DomainIdContextKey contextKey = "domainId"
View Source
const DomainTypeContextKey contextKey = "domainType"
View Source
const IDPathParam = "id"
View Source
const (
OrgIDTemplate = "{ORG_ID}"
)
View Source
const OrganizationContextKey contextKey = "organization"
Variables ¶
This section is empty.
Functions ¶
func DefaultAuthorizationRules ¶ added in v0.26.0
func DefaultAuthorizationRules() map[HTTPRoute]AuthorizationRule
func PathParamsFromContext ¶ added in v0.26.0
func SetOrgExperimentalFeatureCache ¶ added in v0.26.0
SetOrgExperimentalFeatureCache records whether a feature is enabled for an organization in the authorization cache. Entries expire after 15 minutes.
Types ¶
type AuthService ¶
type AuthService struct {
// contains filtered or unexported fields
}
func NewAuthService ¶
func NewAuthService() (*AuthService, error)
func (*AuthService) AddUserToGroup ¶
func (*AuthService) AssignRole ¶
func (a *AuthService) AssignRole(userID, role, domainID string, domainType string) error
func (*AuthService) CheckOrganizationPermission ¶
func (*AuthService) CreateCustomRole ¶
func (a *AuthService) CreateCustomRole(domainID string, roleDefinition *RoleDefinition) error
func (*AuthService) CreateGroup ¶
func (*AuthService) DeleteCustomRole ¶
func (a *AuthService) DeleteCustomRole(domainID string, domainType string, roleName string) error
func (*AuthService) DeleteGroup ¶
func (a *AuthService) DeleteGroup(domainID string, domainType string, groupName string) error
func (*AuthService) DestroyOrganization ¶
func (a *AuthService) DestroyOrganization(tx *gorm.DB, orgID string) error
func (*AuthService) GetAllRoleDefinitions ¶
func (a *AuthService) GetAllRoleDefinitions(ctx context.Context, domainType string, domainID string) ([]*RoleDefinition, error)
func (*AuthService) GetGroupRole ¶
func (*AuthService) GetGroupUsers ¶
func (*AuthService) GetOrgUsersForRole ¶
func (*AuthService) GetRoleDefinition ¶
func (a *AuthService) GetRoleDefinition(ctx context.Context, roleName string, domainType string, domainID string) (*RoleDefinition, error)
func (*AuthService) GetRoleHierarchy ¶
func (*AuthService) GetRolePermissions ¶
func (a *AuthService) GetRolePermissions(ctx context.Context, roleName string, domainType string, domainID string) ([]*Permission, error)
func (*AuthService) GetUserGroups ¶ added in v0.16.0
func (*AuthService) GetUserRolesForOrg ¶
func (a *AuthService) GetUserRolesForOrg(ctx context.Context, userID string, orgID string) ([]*RoleDefinition, error)
func (*AuthService) IsDefaultRole ¶
func (a *AuthService) IsDefaultRole(roleName string, domainType string) bool
func (*AuthService) IsValidPermission ¶ added in v0.7.0
func (a *AuthService) IsValidPermission(domainType string, permission *Permission) bool
func (*AuthService) RemoveRole ¶
func (a *AuthService) RemoveRole(userID, role, domainID string, domainType string) error
func (*AuthService) RemoveUserFromGroup ¶
func (*AuthService) SetupOrganization ¶
func (a *AuthService) SetupOrganization(tx *gorm.DB, orgID, ownerID string) error
func (*AuthService) UpdateCustomRole ¶
func (a *AuthService) UpdateCustomRole(domainID string, roleDefinition *RoleDefinition) error
func (*AuthService) UpdateGroup ¶
type Authorization ¶
type Authorization interface {
PermissionChecker
GroupManager
RoleManager
AuthorizationSetup
UserAccessQuery
RoleDefinitionQuery
CustomRoleManager
}
Authorization interface
type AuthorizationRule ¶
type AuthorizationRule struct {
Resource string
Action string
DomainType string
ResourcePathParams []string
RequiredExperimentalFeatures []string
}
* Path parameter keys used to resolve the resource ID referenced by a request. * This is used when scoped-tokens are used for authentication / authorization.
type AuthorizationSetup ¶
type AuthorizationSetup interface {
SetupOrganization(tx *gorm.DB, orgID, ownerID string) error
DestroyOrganization(tx *gorm.DB, orgID string) error
}
Setup and initialization interface
type CustomRoleManager ¶
type CustomRoleManager interface {
CreateCustomRole(domainID string, roleDefinition *RoleDefinition) error
UpdateCustomRole(domainID string, roleDefinition *RoleDefinition) error
DeleteCustomRole(domainID string, domainType string, roleName string) error
IsDefaultRole(roleName string, domainType string) bool
}
Custom role management interface
type GatewayAuthorizer ¶ added in v0.26.0
type GatewayAuthorizer struct {
// contains filtered or unexported fields
}
func NewGatewayAuthorizer ¶ added in v0.26.0
func NewGatewayAuthorizer(auth organizationPermissionChecker) *GatewayAuthorizer
func (*GatewayAuthorizer) AuthorizeHTTP ¶ added in v0.26.0
func (*GatewayAuthorizer) RouteFromRequest ¶ added in v0.26.0
func (a *GatewayAuthorizer) RouteFromRequest(r *http.Request) (HTTPRoute, bool)
func (*GatewayAuthorizer) Rule ¶ added in v0.26.0
func (a *GatewayAuthorizer) Rule(route HTTPRoute) (AuthorizationRule, bool)
type GroupManager ¶
type GroupManager interface {
CreateGroup(domainID string, domainType string, groupName string, role string, displayName string, description string) error
DeleteGroup(domainID string, domainType string, groupName string) error
UpdateGroup(domainID string, domainType string, groupName string, newRole string, displayName string, description string) error
AddUserToGroup(domainID string, domainType string, userID string, group string) error
RemoveUserFromGroup(domainID string, domainType string, userID string, group string) error
GetGroupUsers(ctx context.Context, domainID string, domainType string, group string) ([]string, error)
GetUserGroups(ctx context.Context, domainID string, domainType string, userID string) ([]string, error)
GetGroups(ctx context.Context, domainID string, domainType string) ([]string, error)
GetGroupRole(ctx context.Context, domainID string, domainType string, group string) (string, error)
}
Group management interface
type HTTPRoute ¶ added in v0.26.0
func MatchHTTPRoute ¶ added in v0.26.0
func MatchHTTPRoute(method, path string, rules map[HTTPRoute]AuthorizationRule) (HTTPRoute, bool)
type Permission ¶
type PermissionChecker ¶
type RoleDefinition ¶
type RoleDefinition struct {
Name string
DisplayName string
DomainType string
Description string
Permissions []*Permission
InheritsFrom *RoleDefinition
Readonly bool
}
type RoleDefinitionQuery ¶
type RoleDefinitionQuery interface {
GetRoleDefinition(ctx context.Context, roleName string, domainType string, domainID string) (*RoleDefinition, error)
GetAllRoleDefinitions(ctx context.Context, domainType string, domainID string) ([]*RoleDefinition, error)
GetRolePermissions(ctx context.Context, roleName string, domainType string, domainID string) ([]*Permission, error)
GetRoleHierarchy(ctx context.Context, roleName string, domainType string, domainID string) ([]string, error)
}
Role definition and hierarchy interface
type RoleManager ¶
type RoleManager interface {
AssignRole(userID, role, domainID string, domainType string) error
RemoveRole(userID, role, domainID string, domainType string) error
GetOrgUsersForRole(ctx context.Context, role string, orgID string) ([]string, error)
}
Role management interface
type UserAccessQuery ¶
type UserAccessQuery interface {
GetUserRolesForOrg(ctx context.Context, userID string, orgID string) ([]*RoleDefinition, error)
}
User access and role query interface
Click to show internal directories.
Click to hide internal directories.