Documentation ¶
Index ¶
Constants ¶
const ( ReplacesTag = "replaces" ExpiryTag = "expiry" )
Variables ¶
var Kind = kind.ACLEvent
var RoleStrings = []B{ B("owner"), B("admin"), B("writer"), B("reader"), B("denied"), B("none"), }
RoleStrings are the human readable form of the role enums.
Functions ¶
This section is empty.
Types ¶
type Entry ¶
type Entry struct { // EventID is the event ID that creates the Entry. EventID *eventid.T // Role is the role now in force for the pubkey for this Entry. Role Role // Pubkey is the public key that associates with the Role. Pubkey B // AuthKey is the public key of the user with Admin or Owner // that requested the change. AuthKey B // Replaces specifies the event ID (if any) that this entry replaces. Replaces *eventid.T // Created is the created_at field of the event ID of this pubkey being // first added to the ACL Created *timestamp.T // LastModified is the created at of the most recent event that altered // this Entry. LastModified *timestamp.T // Expires is the unix timestamp after which this entry is no longer in // force and in effect reverts to None. Expires *timestamp.T }
Entry is a record of a role in the ACL.
func (*Entry) ToEvent ¶
ToEvent converts an Entry into a raw ACL event.T.
note that these are always generated by the ACL configuration interface in the relay, after first finding any existing entry to replace.
The ACL control will generate the entry after scanning the existing acl.T and then this event will be saved in the database after processing it through FromEvent.
type Role ¶
type Role int
const ( // Owner is the role of a user who has all privileges except for // altering others with the same role. Owner Role = iota // Admin is the role that can change all lower roles except for adding // and removing administrators. Admin // Writer is a user who has the right to add events to the relay. Writer // Reader is a user who may search and retrieve events from the relay. Reader // Denied is a blacklisted user who may not read from or write to the // relay. Denied // None is the tombstone event that puts the user in the same role as an // unauthenticated user (which may mean the same as Denied in effect). None )
ACL roles
type T ¶
T is the state information of the relay's Access Control List (ACL).
func (*T) DeleteEntry ¶
DeleteEntry removes a record from the acl.T.
It is not possible to modify or delete an entry with the Owner role.
This will generally be run in response to an event that reverts a user role to None, to contain the size of the database as the number of formerly privileged users grows in the database. Old records that exceed storage limits can be later garbage collected and the events removed eliminating the record from the initial process of populating the acl.T from Kind events.
func (*T) FromEvent ¶
FromEvent processes an event.T and imports it into the acl.T.
The ACL control system will in fact generate an Entry first, run Entry.ToEvent to derive a properly formatted event, sign it, and then run FromEvent to validate it after which it will then sign it and store the event into the database so it is available for searches and for initializing the acl.T at startup to configure the ACL.