Documentation
¶
Overview ¶
Package ash implements a highly configurable and callback based ACL that can be used to authorize controller actions in a declarative way.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Authorizer ¶
An Authorizer should inspect the specified context and asses if it is able to enforce authorization with the data that is available. If yes, the authorizer should return an Enforcer that will enforce the authorization.
func And ¶
func And(a, b Authorizer) Authorizer
And will run the callbacks and return immediately if one does not return an enforcer. Two successfully returned enforcer ar wrapped in one that executes both.
func L ¶
func L(cbs ...Authorizer) []Authorizer
L as short-hand function to create a list of authorizers.
func Or ¶
func Or(a, b Authorizer) Authorizer
Or will run the first callback and return its enforcer on success. If no enforcer is returned it will run the second callback and return its result.
func (Authorizer) And ¶
func (a Authorizer) And(b Authorizer) Authorizer
And will run And() with the current and specified authorizer.
func (Authorizer) Or ¶
func (a Authorizer) Or(b Authorizer) Authorizer
Or will run Or() with the current and specified authorizer.
type Enforcer ¶
An Enforcer is returned by an Authorizer to enforce the previously inspected Authorization.
Enforcers should only return errors if the request is clearly not allowed for the presented candidate and that this information is general knowledge (e.g. API documentation). In order to prevent the leakage of implementation details the enforcer should mutate the context's Query field to hide existing data from the candidate.
func AccessDenied ¶
func AccessDenied() Enforcer
AccessDenied will enforce the authorization by directly returning an access denied error. It should be used if the request should not be authorized in any case (.e.g a candidate accessing a resource he has clearly no access to).
func AccessGranted ¶
func AccessGranted() Enforcer
AccessGranted will enforce the authorization without any changes to the context. It should be used if the presented candidate has full access to the data (.e.g a superuser).
func HideFilter ¶
func HideFilter() Enforcer
HideFilter will enforce the authorization by manipulating the Query property of the context in such a way, that no records will be returned. It should be used if the requested resource should be hidden from the candidate.
func QueryFilter ¶
QueryFilter will enforce the authorization by manipulating the Query property of the context. It should be used if the candidate is allowed to access the resource in general, but some records should remain hidden.
type Strategy ¶
type Strategy struct {
// The list action.
List []Authorizer
// The find action.
Find []Authorizer
// The create action.
Create []Authorizer
// The update action.
Update []Authorizer
// The delete action.
Delete []Authorizer
// Read is the for List and Find.
Read []Authorizer
// Write is the fallback for Create, Update and Delete.
Write []Authorizer
// All is a fallback for Read and Write.
All []Authorizer
// If Bubble is set to true the Read, Write and All callback is run also if
// the previous callback fails.
Bubble bool
// If Debugger is set it will be run with the chosen authorizers and
// enforcers name.
Debugger func(string, string)
}
Strategy contains lists of authorizers that are used to authorize the request.
Source Files