Documentation ¶
Index ¶
- Constants
- type Action
- type Enforcer
- type Permissions
- func (p *Permissions) AddPermission(user, resource string, action Action) (bool, *ign.ErrMsg)
- func (p *Permissions) AddRoleForUser(user, role string) (bool, *ign.ErrMsg)
- func (p *Permissions) AddUserGroupRole(user, group string, role Role) (bool, *ign.ErrMsg)
- func (p *Permissions) AddUserGroupRoleString(user, group, role string) (bool, *ign.ErrMsg)
- func (p *Permissions) CompareRoles(role1, role2 Role) int
- func (p *Permissions) DBTable() *gormadapter.CasbinRule
- func (p *Permissions) GetGroupsAndRolesForUser(user string) map[string]string
- func (p *Permissions) GetGroupsForUser(user string) []string
- func (p *Permissions) GetUserRoleForGroup(user, group string) (Role, *ign.ErrMsg)
- func (p *Permissions) GetUsersForGroup(group string) []string
- func (p *Permissions) HasRoleForUser(user, role string) bool
- func (p *Permissions) Init(db *gorm.DB, sysAdmin string) error
- func (p *Permissions) InitWithEnforcerAndAdapter(e Enforcer, a *gormadapter.Adapter, sysAdmin string) error
- func (p *Permissions) IsAuthorized(user, resource string, action Action) (bool, *ign.ErrMsg)
- func (p *Permissions) IsAuthorizedForRole(user, group string, role Role) (bool, *ign.ErrMsg)
- func (p *Permissions) IsSystemAdmin(user string) bool
- func (p *Permissions) Reload(sysAdmin string) error
- func (p *Permissions) RemoveGroup(group string) (bool, *ign.ErrMsg)
- func (p *Permissions) RemovePermission(user, resource string, action Action) (bool, *ign.ErrMsg)
- func (p *Permissions) RemoveResource(resource string) (bool, *ign.ErrMsg)
- func (p *Permissions) RemoveRole(role string) (bool, *ign.ErrMsg)
- func (p *Permissions) RemoveRoleForUser(user, role string) (bool, *ign.ErrMsg)
- func (p *Permissions) RemoveRolePermissions(group string) (bool, *ign.ErrMsg)
- func (p *Permissions) RemoveUser(user string) (bool, *ign.ErrMsg)
- func (p *Permissions) RemoveUserFromGroup(user, group string) (bool, *ign.ErrMsg)
- func (p *Permissions) RemoveUserGroupRole(user, group string, role Role) (bool, *ign.ErrMsg)
- func (p *Permissions) SetRolePermissions(group string) (bool, *ign.ErrMsg)
- func (p *Permissions) UserBelongsToGroup(user, group string) bool
- type Role
Constants ¶
const ( // PolicyUser is the index of 'user' in a casbin policy tuple PolicyUser = iota // PolicyResource is the index of 'resource' in a casbin policy tuple PolicyResource // PolicyAction is the index of 'action' in a casbin policy tuple PolicyAction )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action int
Action - type int
func ActionFrom ¶
ActionFrom returns the Action value corresponding to the given string. It will return -1 if not found.
type Enforcer ¶
type Enforcer interface { LoadPolicy() error Enforce(rvals ...interface{}) bool DeleteUser(user string) bool DeleteRole(role string) DeletePermission(permission ...string) bool DeleteRolesForUser(user string) bool DeleteRoleForUser(user string, role string) bool AddRoleForUser(user string, role string) bool AddPermissionForUser(user string, permission ...string) bool DeletePermissionForUser(user string, permission ...string) bool DeletePermissionsForUser(user string) bool GetUsersForRole(name string) []string GetRolesForUser(name string) []string HasRoleForUser(name string, role string) bool HasPermissionForUser(user string, permission ...string) bool RemoveFilteredPolicy(fieldIndex int, fieldValues ...string) bool }
Enforcer is the interface that matches all casbin enforcer implementations used by ign. It was created to allow other backends to use Permissions passing their own Enforcer.
type Permissions ¶
type Permissions struct {
// contains filtered or unexported fields
}
Permissions struct contains a data object for interfacing with permissions db
func (*Permissions) AddPermission ¶
func (p *Permissions) AddPermission(user, resource string, action Action) (bool, *ign.ErrMsg)
AddPermission adds a user (or group) permission on a resource
func (*Permissions) AddRoleForUser ¶
func (p *Permissions) AddRoleForUser(user, role string) (bool, *ign.ErrMsg)
AddRoleForUser adds a role for a user
func (*Permissions) AddUserGroupRole ¶
func (p *Permissions) AddUserGroupRole(user, group string, role Role) (bool, *ign.ErrMsg)
AddUserGroupRole adds a role for a user in a group
func (*Permissions) AddUserGroupRoleString ¶
func (p *Permissions) AddUserGroupRoleString(user, group, role string) (bool, *ign.ErrMsg)
AddUserGroupRoleString is same as AddUserGroupRole but receives a role name as a string. It will fail if the role name is not 'owner', 'admin' or 'member'.
func (*Permissions) CompareRoles ¶
func (p *Permissions) CompareRoles(role1, role2 Role) int
CompareRoles compares the the given roles following this order: SystemAdmin > Owner > Admin > Member. It returns a positive number if role1 has more privileges than role2. A zero value if they are equal, and a negative value otherwise.
func (*Permissions) DBTable ¶
func (p *Permissions) DBTable() *gormadapter.CasbinRule
DBTable returns the DB table used by casbin
func (*Permissions) GetGroupsAndRolesForUser ¶
func (p *Permissions) GetGroupsAndRolesForUser(user string) map[string]string
GetGroupsAndRolesForUser gets the groups and roles that a user has, in the form of a map with groups as keys and the user role in those groups as values.
func (*Permissions) GetGroupsForUser ¶
func (p *Permissions) GetGroupsForUser(user string) []string
GetGroupsForUser returns the list of groups a user belongs to.
func (*Permissions) GetUserRoleForGroup ¶
func (p *Permissions) GetUserRoleForGroup(user, group string) (Role, *ign.ErrMsg)
GetUserRoleForGroup returns the role of a user in a group. If the user does not belong to the group then returns an error.
func (*Permissions) GetUsersForGroup ¶
func (p *Permissions) GetUsersForGroup(group string) []string
GetUsersForGroup gets the users that belong to a group.
func (*Permissions) HasRoleForUser ¶
func (p *Permissions) HasRoleForUser(user, role string) bool
HasRoleForUser checks and see if a user has the specified role
func (*Permissions) Init ¶
func (p *Permissions) Init(db *gorm.DB, sysAdmin string) error
Init initializes permissions with an existing database connection
func (*Permissions) InitWithEnforcerAndAdapter ¶
func (p *Permissions) InitWithEnforcerAndAdapter(e Enforcer, a *gormadapter.Adapter, sysAdmin string) error
InitWithEnforcerAndAdapter initializes permissions with a given pair of enforcer and adapter.
func (*Permissions) IsAuthorized ¶
func (p *Permissions) IsAuthorized(user, resource string, action Action) (bool, *ign.ErrMsg)
IsAuthorized checks if user has the permission to perform an action on a resource
func (*Permissions) IsAuthorizedForRole ¶
func (p *Permissions) IsAuthorizedForRole(user, group string, role Role) (bool, *ign.ErrMsg)
IsAuthorizedForRole returns true if the user is authorized to act as the given role (or above) in the group. Eg. A group Owner can act as Admin. But a Member cannot.
func (*Permissions) IsSystemAdmin ¶
func (p *Permissions) IsSystemAdmin(user string) bool
IsSystemAdmin returns a bool indicating if the given user is a system admin.
func (*Permissions) Reload ¶
func (p *Permissions) Reload(sysAdmin string) error
Reload reloads all casbin data sysAdmin argument can contain a list of usernames separated by comma.
func (*Permissions) RemoveGroup ¶
func (p *Permissions) RemoveGroup(group string) (bool, *ign.ErrMsg)
RemoveGroup removes a role in a group. This should remove all policies involving the role
func (*Permissions) RemovePermission ¶
func (p *Permissions) RemovePermission(user, resource string, action Action) (bool, *ign.ErrMsg)
RemovePermission removes a user (or group) permission on a resource
func (*Permissions) RemoveResource ¶
func (p *Permissions) RemoveResource(resource string) (bool, *ign.ErrMsg)
RemoveResource removes a resource and all policies involving the resource
func (*Permissions) RemoveRole ¶
func (p *Permissions) RemoveRole(role string) (bool, *ign.ErrMsg)
RemoveRole removes all policies involving the role
func (*Permissions) RemoveRoleForUser ¶
func (p *Permissions) RemoveRoleForUser(user, role string) (bool, *ign.ErrMsg)
RemoveRoleForUser removes a role from a user
func (*Permissions) RemoveRolePermissions ¶
func (p *Permissions) RemoveRolePermissions(group string) (bool, *ign.ErrMsg)
RemoveRolePermissions removes role permissions associated with a group
func (*Permissions) RemoveUser ¶
func (p *Permissions) RemoveUser(user string) (bool, *ign.ErrMsg)
RemoveUser removes all policies involving the user
func (*Permissions) RemoveUserFromGroup ¶
func (p *Permissions) RemoveUserFromGroup(user, group string) (bool, *ign.ErrMsg)
RemoveUserFromGroup removes all roles from a user in a group
func (*Permissions) RemoveUserGroupRole ¶
func (p *Permissions) RemoveUserGroupRole(user, group string, role Role) (bool, *ign.ErrMsg)
RemoveUserGroupRole removes a role from a user in a group
func (*Permissions) SetRolePermissions ¶
func (p *Permissions) SetRolePermissions(group string) (bool, *ign.ErrMsg)
SetRolePermissions sets up role permissions for a group
func (*Permissions) UserBelongsToGroup ¶
func (p *Permissions) UserBelongsToGroup(user, group string) bool
UserBelongsToGroup returns true if the user belongs to the group.