Documentation
¶
Index ¶
- Constants
- Variables
- func CasbinAliases(collection, alias string) string
- func CasbinBackups(class string) string
- func CasbinClusters() string
- func CasbinData(collection, shard, object string) string
- func CasbinGroups(group string, groupType string) string
- func CasbinMcp() string
- func CasbinNamespaces(name string) string
- func CasbinNodes(verbosity, class string) string
- func CasbinPolicies(namespacesEnabled bool, casbinPolicies ...[][]string) (map[string][]authorization.Policy, error)
- func CasbinReplicate(collection, shard string) string
- func CasbinRoles(role string) string
- func CasbinSchema(collection, shard string) string
- func CasbinUsers(user string) string
- func ContainsNamespaceSeparator(resource string) bool
- func GetUserAndPrefix(name string) (string, string, error)
- func NameHasPrefix(name string) bool
- func PathToPermission(verb, path string) (*models.Permission, error)
- func PermissionToPolicies(permissions ...*models.Permission) ([]*authorization.Policy, error)
- func PoliciesToPermission(policies ...authorization.Policy) ([]*models.Permission, error)
- func PrefixGroupName(name string) string
- func PrefixRoleName(name string) string
- func RolesToPolicies(roles ...*models.Role) (map[string][]authorization.Policy, error)
- func TrimRoleNamePrefix(name string) string
- func UserNameWithTypeFromId(username string, authType authentication.AuthType) string
- func UserNameWithTypeFromPrincipal(principal *models.Principal) string
Constants ¶
const ( // https://casbin.org/docs/rbac/#how-to-distinguish-role-from-user // ROLE_NAME_PREFIX to prefix role to help casbin to distinguish on Enforcing ROLE_NAME_PREFIX = "role" + PREFIX_SEPARATOR // OIDC_GROUP_NAME_PREFIX to prefix role to help casbin to distinguish on Enforcing OIDC_GROUP_NAME_PREFIX = "group" + PREFIX_SEPARATOR PREFIX_SEPARATOR = ":" // CRUD allow all actions on a resource // this is internal for casbin to handle admin actions CRUD = "(C)|(R)|(U)|(D)" // CRU allow all actions on a resource except DELETE // this is internal for casbin to handle editor actions CRU = "(C)|(R)|(U)" VALID_VERBS = "(C)|(R)|(U)|(D)|(A)" // InternalPlaceHolder is a place holder to mark empty roles InternalPlaceHolder = "wv_internal_empty" )
Variables ¶
var BuiltInWildcardVerb = map[string]string{ authorization.Admin: VALID_VERBS, authorization.Root: VALID_VERBS, authorization.Viewer: authorization.READ, authorization.ReadOnly: authorization.READ, }
BuiltInWildcardVerb is the wildcard verb pattern Casbin registers for each built-in role: Admin/Root get full CRUD, Viewer/ReadOnly get READ. The matcher specializes namespace-bearing resources at enforce time.
Functions ¶
func CasbinAliases ¶ added in v1.32.0
func CasbinBackups ¶
func CasbinClusters ¶
func CasbinClusters() string
func CasbinData ¶
func CasbinGroups ¶ added in v1.32.5
func CasbinNamespaces ¶ added in v1.38.0
CasbinNamespaces returns the casbin resource string for a namespace name. An empty name expands to the wildcard pattern.
func CasbinNodes ¶
func CasbinPolicies ¶
func CasbinReplicate ¶ added in v1.31.0
func CasbinRoles ¶
func CasbinSchema ¶
func CasbinUsers ¶
func ContainsNamespaceSeparator ¶ added in v1.38.0
ContainsNamespaceSeparator reports whether a casbin resource path contains the namespace separator. The separator never appears in any other valid resource path segment (collection, shard, tenant, role, and user names all forbid it), so a plain byte scan unambiguously detects namespace qualification regardless of the path shape.
func GetUserAndPrefix ¶ added in v1.30.0
GetUserAndPrefix splits an internal casbin user key into the user identifier and its prefix and returns them as (user, prefix). The key is `<prefix>:<user>` where prefix is "db", "oidc", or "group" and `<user>` is itself either a bare name or a namespace-qualified `<namespace>:<name>`. Splitting on the first ":" only is what keeps namespaced principals (e.g. `oidc:customer1:alice`) from being mistaken for malformed input.
func NameHasPrefix ¶ added in v1.30.0
func PathToPermission ¶
func PathToPermission(verb, path string) (*models.Permission, error)
func PermissionToPolicies ¶
func PermissionToPolicies(permissions ...*models.Permission) ([]*authorization.Policy, error)
func PoliciesToPermission ¶
func PoliciesToPermission(policies ...authorization.Policy) ([]*models.Permission, error)
func PrefixGroupName ¶ added in v1.28.5
func PrefixRoleName ¶
func RolesToPolicies ¶
func TrimRoleNamePrefix ¶
func UserNameWithTypeFromId ¶ added in v1.30.0
func UserNameWithTypeFromId(username string, authType authentication.AuthType) string
func UserNameWithTypeFromPrincipal ¶ added in v1.30.0
Types ¶
This section is empty.
Source Files