authorization

package
v0.28.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 9, 2026 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source
const CanvasIDPathParam = "canvas_id"
View Source
const DomainIdContextKey contextKey = "domainId"
View Source
const DomainTypeContextKey contextKey = "domainType"
View Source
const IDPathParam = "id"
View Source
const (
	OrgIDTemplate = "{ORG_ID}"
)
View Source
const OrganizationContextKey contextKey = "organization"

Variables

This section is empty.

Functions

func DefaultAuthorizationRules added in v0.26.0

func DefaultAuthorizationRules() map[HTTPRoute]AuthorizationRule

func PathParamsFromContext added in v0.26.0

func PathParamsFromContext(ctx context.Context) map[string]string

func SetOrgExperimentalFeatureCache added in v0.26.0

func SetOrgExperimentalFeatureCache(orgID uuid.UUID, featureID string, enabled bool)

SetOrgExperimentalFeatureCache records whether a feature is enabled for an organization in the authorization cache. Entries expire after 15 minutes.

func WithPathParams added in v0.26.0

func WithPathParams(ctx context.Context, pathParams map[string]string) context.Context

Types

type AuthService

type AuthService struct {
	// contains filtered or unexported fields
}

func NewAuthService

func NewAuthService() (*AuthService, error)

func (*AuthService) AddUserToGroup

func (a *AuthService) AddUserToGroup(domainID string, domainType string, userID string, group string) error

func (*AuthService) AssignRole

func (a *AuthService) AssignRole(userID, role, domainID string, domainType string) error

func (*AuthService) CheckOrganizationPermission

func (a *AuthService) CheckOrganizationPermission(ctx context.Context, userID, orgID, resource, action string) (bool, error)

func (*AuthService) CreateCustomRole

func (a *AuthService) CreateCustomRole(domainID string, roleDefinition *RoleDefinition) error

func (*AuthService) CreateGroup

func (a *AuthService) CreateGroup(domainID string, domainType string, groupName string, role string, displayName string, description string) error

func (*AuthService) DeleteCustomRole

func (a *AuthService) DeleteCustomRole(domainID string, domainType string, roleName string) error

func (*AuthService) DeleteGroup

func (a *AuthService) DeleteGroup(domainID string, domainType string, groupName string) error

func (*AuthService) DestroyOrganization

func (a *AuthService) DestroyOrganization(tx *gorm.DB, orgID string) error

func (*AuthService) GetAllRoleDefinitions

func (a *AuthService) GetAllRoleDefinitions(ctx context.Context, domainType string, domainID string) ([]*RoleDefinition, error)

func (*AuthService) GetGroupRole

func (a *AuthService) GetGroupRole(ctx context.Context, domainID string, domainType string, group string) (string, error)

func (*AuthService) GetGroupUsers

func (a *AuthService) GetGroupUsers(ctx context.Context, domainID string, domainType string, group string) ([]string, error)

func (*AuthService) GetGroups

func (a *AuthService) GetGroups(ctx context.Context, domainID string, domainType string) ([]string, error)

func (*AuthService) GetOrgUsersForRole

func (a *AuthService) GetOrgUsersForRole(ctx context.Context, role string, orgID string) ([]string, error)

func (*AuthService) GetRoleDefinition

func (a *AuthService) GetRoleDefinition(ctx context.Context, roleName string, domainType string, domainID string) (*RoleDefinition, error)

func (*AuthService) GetRoleHierarchy

func (a *AuthService) GetRoleHierarchy(ctx context.Context, roleName string, domainType string, domainID string) ([]string, error)

func (*AuthService) GetRolePermissions

func (a *AuthService) GetRolePermissions(ctx context.Context, roleName string, domainType string, domainID string) ([]*Permission, error)

func (*AuthService) GetUserGroups added in v0.16.0

func (a *AuthService) GetUserGroups(ctx context.Context, domainID string, domainType string, userID string) ([]string, error)

func (*AuthService) GetUserRolesForOrg

func (a *AuthService) GetUserRolesForOrg(ctx context.Context, userID string, orgID string) ([]*RoleDefinition, error)

func (*AuthService) IsDefaultRole

func (a *AuthService) IsDefaultRole(roleName string, domainType string) bool

func (*AuthService) IsValidPermission added in v0.7.0

func (a *AuthService) IsValidPermission(domainType string, permission *Permission) bool

func (*AuthService) RemoveRole

func (a *AuthService) RemoveRole(userID, role, domainID string, domainType string) error

func (*AuthService) RemoveUserFromGroup

func (a *AuthService) RemoveUserFromGroup(domainID string, domainType string, userID string, group string) error

func (*AuthService) SetupOrganization

func (a *AuthService) SetupOrganization(tx *gorm.DB, orgID, ownerID string) error

func (*AuthService) UpdateCustomRole

func (a *AuthService) UpdateCustomRole(domainID string, roleDefinition *RoleDefinition) error

func (*AuthService) UpdateGroup

func (a *AuthService) UpdateGroup(domainID string, domainType string, groupName string, newRole string, displayName string, description string) error

type AuthorizationRule

type AuthorizationRule struct {
	Resource                     string
	Action                       string
	DomainType                   string
	ResourcePathParams           []string
	RequiredExperimentalFeatures []string
}

* Path parameter keys used to resolve the resource ID referenced by a request. * This is used when scoped-tokens are used for authentication / authorization.

type AuthorizationSetup

type AuthorizationSetup interface {
	SetupOrganization(tx *gorm.DB, orgID, ownerID string) error
	DestroyOrganization(tx *gorm.DB, orgID string) error
}

Setup and initialization interface

type CustomRoleManager

type CustomRoleManager interface {
	CreateCustomRole(domainID string, roleDefinition *RoleDefinition) error
	UpdateCustomRole(domainID string, roleDefinition *RoleDefinition) error
	DeleteCustomRole(domainID string, domainType string, roleName string) error
	IsDefaultRole(roleName string, domainType string) bool
}

Custom role management interface

type GatewayAuthorizer added in v0.26.0

type GatewayAuthorizer struct {
	// contains filtered or unexported fields
}

func NewGatewayAuthorizer added in v0.26.0

func NewGatewayAuthorizer(auth organizationPermissionChecker) *GatewayAuthorizer

func (*GatewayAuthorizer) AuthorizeHTTP added in v0.26.0

func (a *GatewayAuthorizer) AuthorizeHTTP(
	ctx context.Context,
	r *http.Request,
	route HTTPRoute,
	pathParams map[string]string,
) (context.Context, error)

func (*GatewayAuthorizer) RouteFromRequest added in v0.26.0

func (a *GatewayAuthorizer) RouteFromRequest(r *http.Request) (HTTPRoute, bool)

func (*GatewayAuthorizer) Rule added in v0.26.0

type GroupManager

type GroupManager interface {
	CreateGroup(domainID string, domainType string, groupName string, role string, displayName string, description string) error
	DeleteGroup(domainID string, domainType string, groupName string) error
	UpdateGroup(domainID string, domainType string, groupName string, newRole string, displayName string, description string) error
	AddUserToGroup(domainID string, domainType string, userID string, group string) error
	RemoveUserFromGroup(domainID string, domainType string, userID string, group string) error
	GetGroupUsers(ctx context.Context, domainID string, domainType string, group string) ([]string, error)
	GetUserGroups(ctx context.Context, domainID string, domainType string, userID string) ([]string, error)
	GetGroups(ctx context.Context, domainID string, domainType string) ([]string, error)
	GetGroupRole(ctx context.Context, domainID string, domainType string, group string) (string, error)
}

Group management interface

type HTTPRoute added in v0.26.0

type HTTPRoute struct {
	Method  string
	Pattern string
}

func MatchHTTPRoute added in v0.26.0

func MatchHTTPRoute(method, path string, rules map[HTTPRoute]AuthorizationRule) (HTTPRoute, bool)

func (HTTPRoute) String added in v0.26.0

func (route HTTPRoute) String() string

type Permission

type Permission struct {
	Resource   string
	Action     string
	DomainType string
}

type PermissionChecker

type PermissionChecker interface {
	CheckOrganizationPermission(ctx context.Context, userID, orgID, resource, action string) (bool, error)
	IsValidPermission(domainType string, permission *Permission) bool
}

type RoleDefinition

type RoleDefinition struct {
	Name         string
	DisplayName  string
	DomainType   string
	Description  string
	Permissions  []*Permission
	InheritsFrom *RoleDefinition
	Readonly     bool
}

type RoleDefinitionQuery

type RoleDefinitionQuery interface {
	GetRoleDefinition(ctx context.Context, roleName string, domainType string, domainID string) (*RoleDefinition, error)
	GetAllRoleDefinitions(ctx context.Context, domainType string, domainID string) ([]*RoleDefinition, error)
	GetRolePermissions(ctx context.Context, roleName string, domainType string, domainID string) ([]*Permission, error)
	GetRoleHierarchy(ctx context.Context, roleName string, domainType string, domainID string) ([]string, error)
}

Role definition and hierarchy interface

type RoleManager

type RoleManager interface {
	AssignRole(userID, role, domainID string, domainType string) error
	RemoveRole(userID, role, domainID string, domainType string) error
	GetOrgUsersForRole(ctx context.Context, role string, orgID string) ([]string, error)
}

Role management interface

type UserAccessQuery

type UserAccessQuery interface {
	GetUserRolesForOrg(ctx context.Context, userID string, orgID string) ([]*RoleDefinition, error)
}

User access and role query interface

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL