authorization

package

v0.3.0 Latest Latest Go to latest Published: Mar 1, 2026 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

gitlab.com/bitval/go-bootstrapify-modules

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func WithPolicy(policy Policy) modules.Option
type Authorizer
type LocalAuthorizer
- func NewLocalAuthorizer(policy Policy) *LocalAuthorizer
- func (l *LocalAuthorizer) CanPerform(_ context.Context, user User, permission Permission) error
- func (l *LocalAuthorizer) CanPerformOwned(_ context.Context, user User, permission Permission, ownerID uuid.UUID) error
type Module
- func New() *Module
type OwnershipConstraint
type Permission
type Policy
type User

Constants ¶

View Source

const ModuleName string = "authorization"

Variables ¶

View Source

var ErrForbidden = fmt.Errorf("forbidden")

Functions ¶

func WithPolicy ¶

func WithPolicy(policy Policy) modules.Option

WithPolicy sets the role-to-permission policy for this service. It must be called during module configuration; the LocalAuthorizer is built from it.

Types ¶

type Authorizer ¶

type Authorizer interface {
	// CanPerform checks whether the user holds any role that grants permission.
	CanPerform(context.Context, User, Permission) error

	// CanPerformOwned checks whether the user holds permission unconditionally,
	// or — when ownership is required — whether user.GetID() == ownerID.
	CanPerformOwned(context.Context, User, Permission, uuid.UUID) error
}

Authorizer checks whether a user is permitted to perform an action.

type LocalAuthorizer ¶

type LocalAuthorizer struct {
	// contains filtered or unexported fields
}

LocalAuthorizer evaluates permissions against a static, in-process Policy. It is the standard implementation for services that define policy at startup.

func NewLocalAuthorizer ¶

func NewLocalAuthorizer(policy Policy) *LocalAuthorizer

func (*LocalAuthorizer) CanPerform ¶

func (l *LocalAuthorizer) CanPerform(_ context.Context, user User, permission Permission) error

func (*LocalAuthorizer) CanPerformOwned ¶

func (l *LocalAuthorizer) CanPerformOwned(
	_ context.Context,
	user User,
	permission Permission,
	ownerID uuid.UUID,
) error

type Module ¶

type Module struct {
	modules.Base
	// contains filtered or unexported fields
}

func New ¶

func New() *Module

func (*Module) Authorizer ¶

func (m *Module) Authorizer() Authorizer

Authorizer returns the configured Authorizer for use in route registration and use cases. Call this after the module has been configured.

func (*Module) Configure ¶

func (m *Module) Configure(opts ...modules.Option) error

func (*Module) Shutdown ¶

func (m *Module) Shutdown() error

func (*Module) Start ¶

func (m *Module) Start() error

type OwnershipConstraint ¶

type OwnershipConstraint bool

OwnershipConstraint controls whether a permission requires the subject to own the resource being acted upon.

const (
	OwnershipRequired   OwnershipConstraint = true
	NoOwnershipRequired OwnershipConstraint = false
)

type Permission ¶

type Permission string

Permission is a named action that can be granted to a role.

type Policy ¶

type Policy map[string]map[Permission]OwnershipConstraint

Policy maps role names to the set of permissions granted to that role, along with the ownership constraint for each permission. Each service defines its own policy as a package-level variable and passes it to WithPolicy.

type User ¶

type User interface {
	GetRoles() []string
	GetID() uuid.UUID
}

User is implemented by each service's concrete user entity, allowing the authorization package to remain decoupled from any specific user type.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
contextkey

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL