Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
func New ¶ added in v1.18.0
func New(db storage.DBTX) Authorizer
func (Authorizer) Authorize ¶
func (a Authorizer) Authorize(ctx context.Context, orgID uuid.UUID, ancestor uuid.UUID, objects []uuid.UUID) error
Authorize reports whether the caller in ctx may write objects in orgID. It returns nil when allowed and a PermissionDenied status otherwise; it never returns InvalidArgument. Writing the organization resource (an object equal to orgID) is owner-only and must be the sole object in the batch; a batch that mixes the org resource with other objects is denied here as defense-in-depth. The handler validates batch shape first and surfaces that case as InvalidArgument, so in normal operation a mixed batch never reaches this deny path. A non-owner caller is allowed when it holds a relationships-admin grant on the ancestor, or on every object in the batch.