Documentation
¶
Index ¶
Constants ¶
View Source
const ( AccessConsortia = "consortia" AccessInstitution = "institution" AccessRestricted = "restricted" ActionApproveDelete = "ApproveDelete" ActionCreate = "Create" ActionDelete = "Delete" ActionFinishBulkDelete = "FinishBulkDelete" ActionFixityCheck = "Fixity Check" ActionRestoreFile = "Restore File" ActionGlacierRestore = "Glacier Restore" ActionIngest = "Ingest" ActionRead = "Read" ActionRequestDelete = "RequestDelete" ActionRestoreObject = "Restore Object" ActionUpdate = "Update" AlertDeletionCancelled = "Deletion Cancelled" AlertDeletionCompleted = "Deletion Completed" AlertDeletionConfirmed = "Deletion Confirmed" AlertDeletionRequested = "Deletion Requested" AlertFailedFixity = "Failed Fixity Check" AlertPasswordChanged = "Password Changed" AlertPasswordReset = "Password Reset" AlertRestorationCompleted = "Restoration Completed" AlertStalledItems = "Stalled Work Items" AlertWelcome = "Welcome New User" AlgMd5 = "md5" AlgSha1 = "sha1" AlgSha256 = "sha256" AlgSha512 = "sha512" APIUserHeader = "X-Pharos-API-User" APIKeyHeader = "X-Pharos-API-Key" APIPrefixAdmin = "/admin-api/" APIPrefixMember = "/member-api/" BTRProfileIdentifier = "https://github.com/dpscollaborative/btr_bagit_profile/releases/download/1.0/btr-bagit-profile.json" CSRFCookieName = "csrf_token" CSRFHeaderName = "X-CSRF-Token" CSRFTokenName = "csrf_token" DefaultProfileIdentifier = "https://raw.githubusercontent.com/APTrust/preservation-services/master/profiles/aptrust-v2.2.json" EventAccessAssignment = "access assignment" EventCapture = "capture" EventCompression = "compression" EventCreation = "creation" EventDeaccession = "deaccession" EventDecompression = "decompression" EventDecryption = "decryption" EventDeletion = "deletion" EventDigestCalculation = "message digest calculation" EventFixityCheck = "fixity check" EventIdentifierAssignment = "identifier assignment" EventIngestion = "ingestion" EventMigration = "migration" EventNormalization = "normalization" EventReplication = "replication" EventSignatureValidation = "digital signature validation" EventValidation = "validation" EventVirusCheck = "virus check" IngestPreFetch = "ingest01_prefetch" IngestValidation = "ingest02_bag_validation" IngestReingestCheck = "ingest03_reingest_check" IngestStaging = "ingest04_staging" IngestFormatIdentification = "ingest05_format_identification" IngestStorage = "ingest06_storage" IngestStorageValidation = "ingest07_storage_validation" IngestRecord = "ingest08_record" IngestCleanup = "ingest09_cleanup" InstTypeMember = "MemberInstitution" InstTypeSubscriber = "SubscriptionInstitution" MetaSpotTestsRunning = "spot restore is running" MetaSpotTestsLastRun = "spot restore last run" OutcomeFailure = "Failure" OutcomeSuccess = "Success" RoleInstAdmin = "institutional_admin" RoleInstUser = "institutional_user" RoleNone = "none" RoleSysAdmin = "admin" SecondFactorAuthy = "Authy" SecondFactorBackupCode = "Backup Code" SecondFactorSMS = "SMS" StageAvailableInS3 = "Available in S3" StageCleanup = "Cleanup" StageCopyToStaging = "Copy To Staging" StageFetch = "Fetch" StageFormatIdentification = "Format Identification" StagePackage = "Package" StageReceive = "Receive" StageRecord = "Record" StageReingestCheck = "Reingest Check" StageRequested = "Requested" StageResolve = "Resolve" StageRestoring = "Restoring" StageStorageValidation = "Storage Validation" StageStore = "Store" StageUnpack = "Unpack" StageValidate = "Validate" StateActive = "A" StateDeleted = "D" StatusCancelled = "Cancelled" StatusFailed = "Failed" StatusPending = "Pending" StatusStarted = "Started" StatusSuccess = "Success" StatusSuspended = "Suspended" StorageOptionGlacierDeepOH = "Glacier-Deep-OH" StorageOptionGlacierDeepOR = "Glacier-Deep-OR" StorageOptionGlacierDeepVA = "Glacier-Deep-VA" StorageOptionGlacierOH = "Glacier-OH" StorageOptionGlacierOR = "Glacier-OR" StorageOptionGlacierVA = "Glacier-VA" StorageOptionStandard = "Standard" StorageOptionWasabiOR = "Wasabi-OR" StorageOptionWasabiVA = "Wasabi-VA" SystemUser = "system@aptrust.org" TopicDelete = "delete_item" TopicE2EDelete = "e2e_deletion_post_test" TopicE2EFixity = "e2e_fixity_post_test" TopicE2EIngest = "e2e_ingest_post_test" TopicE2EReingest = "e2e_reingest_post_test" TopicE2ERestore = "e2e_restoration_post_test" TopicFileRestore = "restore_file" TopicFixity = "fixity_check" TopicGlacierRestore = "restore_glacier" TopicObjectRestore = "restore_object" TwoFactorAuthy = "onetouch" TwoFactorNone = "none" TwoFactorSMS = "sms" )
View Source
const ( AlertCreate = "AlertCreate" AlertDelete = "AlertDelete" AlertRead = "AlertRead" AlertUpdate = "AlertUpdate" BillingReportShow = "BillingReportShow" ChecksumCreate = "ChecksumCreate" ChecksumDelete = "ChecksumDelete" ChecksumRead = "ChecksumRead" ChecksumUpdate = "ChecksumUpdate" DashboardShow = "DashboardShow" DeletionRequestApprove = "DeletionRequestApprove" DeletionRequestList = "DeletionRequestList" DeletionRequestShow = "DeletionRequestShow" DepositReportShow = "DepositReportShow" EventCreate = "EventCreate" EventDelete = "EventDelete" EventRead = "EventRead" EventUpdate = "EventUpdate" FileCreate = "FileCreate" FileDelete = "FileDelete" FileFinishBulkDelete = "FileFinishBulkDelete" FileRead = "FileRead" FileRequestDelete = "FileRequestDelete" FileRestore = "FileRestore" FileUpdate = "FileUpdate" InstitutionCreate = "InstitutionCreate" InstitutionDelete = "InstitutionDelete" InstitutionList = "InstitutionList" InstitutionRead = "InstitutionRead" InstitutionUpdate = "InstitutionUpdate" InstitutionUpdatePrefs = "InstitutionUpdatePrefs" IntellectualObjectCreate = "IntellectualObjectCreate" IntellectualObjectDelete = "IntellectualObjectDelete" IntellectualObjectFinishBulkDelete = "IntellectualObjectFinishBulkDelete" IntellectualObjectRead = "IntellectualObjectRead" IntellectualObjectRequestDelete = "IntellectualObjectRequestDelete" IntellectualObjectRestore = "IntellectualObjectRestore" IntellectualObjectUpdate = "IntellectualObjectUpdate" InternalMetadataRead = "InternalMetadataRead" NsqAdmin = "NsqAdmin" PrepareFileDelete = "PrepareFileDelete" PrepareObjectDelete = "PrepareObjectDelete" ReportRead = "ReportRead" RedisList = "RedisList" RedisRead = "RedisRead" StorageRecordCreate = "StorageRecordCreate" StorageRecordDelete = "StorageRecordDelete" StorageRecordRead = "StorageRecordRead" StorageRecordUpdate = "StorageRecordUpdate" UserComplete2FASetup = "UserComplete2FASetup" UserConfirmPhone = "UserConfirmPhone" UserCreate = "UserCreate" UserDelete = "UserDelete" UserDeleteSelf = "UserDeleteSelf" UserGenerateBackupCodes = "UserGenerateBackupCodes" UserInit2FASetup = "UserInit2FASetup" UserRead = "UserRead" UserReadSelf = "UserReadSelf" UserSignIn = "UserSignIn" UserSignOut = "UserSignOut" UserTwoFactorBackup = "UserTwoFactorBackup" UserTwoFactorChoose = "UserTwoFactorChoose" UserTwoFactorGenerateSMS = "UserTwoFactorGenerateSMS" UserTwoFactorPush = "UserTwoFactorPush" UserTwoFactorResend = "UserTwoFactorResend" UserTwoFactorVerify = "UserTwoFactorVerify" UserUpdate = "UserUpdate" UserUpdateSelf = "UserUpdateSelf" WorkItemCreate = "WorkItemCreate" WorkItemDelete = "WorkItemDelete" WorkItemRead = "WorkItemRead" WorkItemRedisDelete = "WorkItemRedisDelete" WorkItemRequeue = "WorkItemRequeue" WorkItemUpdate = "WorkItemUpdate" )
Variables ¶
View Source
var APIPrefixes = []string{ APIPrefixAdmin, APIPrefixMember, }
View Source
var AccessSettings = []string{ AccessConsortia, AccessInstitution, AccessRestricted, }
View Source
var AlertTypes = []string{ AlertDeletionCancelled, AlertDeletionCompleted, AlertDeletionConfirmed, AlertDeletionRequested, AlertFailedFixity, AlertRestorationCompleted, AlertPasswordChanged, AlertPasswordReset, AlertStalledItems, AlertWelcome, }
View Source
var CompletedStatusValues = []string{ StatusCancelled, StatusFailed, StatusSuccess, }
View Source
var ErrInvalidRequeue = errors.New("item cannot be requeued to the specified stage")
ErrInvalidRequeue occurs when someone attempts to requeue an item to the wrong stage, or to a stage for which no NSQ topic exists.
View Source
var EventOutcomes = []string{ OutcomeFailure, OutcomeSuccess, }
View Source
var EventTypes = []string{ EventAccessAssignment, EventCreation, EventDeletion, EventDigestCalculation, EventFixityCheck, EventIdentifierAssignment, EventIngestion, EventReplication, EventValidation, }
View Source
var ForbiddenToAll = []Permission{ ChecksumUpdate, ChecksumDelete, EventUpdate, EventDelete, }
View Source
var GlacierOnlyOptions = []string{ StorageOptionGlacierDeepOH, StorageOptionGlacierDeepOR, StorageOptionGlacierDeepVA, StorageOptionGlacierOH, StorageOptionGlacierOR, StorageOptionGlacierVA, }
View Source
var IncompleteStatusValues = []string{ StatusPending, StatusStarted, }
View Source
var IngestStagesInOrder = []string{ StageReceive, StageValidate, StageReingestCheck, StageCopyToStaging, StageFormatIdentification, StageStore, StageStorageValidation, StageRecord, StageCleanup, }
View Source
var InstTypes = []string{ InstTypeMember, InstTypeSubscriber, }
View Source
var NSQIngestTopicFor = map[string]string{ StageReceive: IngestPreFetch, StageValidate: IngestValidation, StageReingestCheck: IngestReingestCheck, StageCopyToStaging: IngestStaging, StageFormatIdentification: IngestFormatIdentification, StageStore: IngestStorage, StageStorageValidation: IngestStorageValidation, StageRecord: IngestRecord, StageCleanup: IngestCleanup, }
NSQIngestTopicFor maps ingest stage names to NSQ topics.
View Source
var NonIngestTopics = []string{ TopicDelete, TopicFileRestore, TopicFixity, TopicGlacierRestore, TopicObjectRestore, }
View Source
var Permissions = []Permission{ AlertCreate, AlertDelete, AlertRead, AlertUpdate, BillingReportShow, ChecksumCreate, ChecksumDelete, ChecksumRead, ChecksumUpdate, DashboardShow, DeletionRequestApprove, DeletionRequestList, DeletionRequestShow, DepositReportShow, EventCreate, EventDelete, EventRead, EventUpdate, FileCreate, FileDelete, FileFinishBulkDelete, FileRead, FileRequestDelete, FileRestore, FileUpdate, InstitutionCreate, InstitutionDelete, InstitutionList, InstitutionRead, InstitutionUpdate, InstitutionUpdatePrefs, IntellectualObjectCreate, IntellectualObjectDelete, IntellectualObjectFinishBulkDelete, IntellectualObjectRead, IntellectualObjectRequestDelete, IntellectualObjectRestore, IntellectualObjectUpdate, InternalMetadataRead, NsqAdmin, PrepareFileDelete, PrepareObjectDelete, ReportRead, RedisList, RedisRead, StorageRecordCreate, StorageRecordDelete, StorageRecordRead, StorageRecordUpdate, UserComplete2FASetup, UserConfirmPhone, UserCreate, UserDelete, UserDeleteSelf, UserGenerateBackupCodes, UserInit2FASetup, UserRead, UserReadSelf, UserSignIn, UserSignOut, UserTwoFactorBackup, UserTwoFactorChoose, UserTwoFactorGenerateSMS, UserTwoFactorPush, UserTwoFactorResend, UserTwoFactorVerify, UserUpdate, UserUpdateSelf, WorkItemCreate, WorkItemDelete, WorkItemRead, WorkItemRedisDelete, WorkItemRequeue, WorkItemUpdate, }
View Source
var Roles = []string{ RoleInstAdmin, RoleInstUser, RoleNone, RoleSysAdmin, }
View Source
var SecondFactorTypes = []string{ SecondFactorAuthy, SecondFactorBackupCode, SecondFactorSMS, }
View Source
var SelfAccountPermissions = []Permission{ UserComplete2FASetup, UserConfirmPhone, UserDeleteSelf, UserGenerateBackupCodes, UserInit2FASetup, UserReadSelf, UserUpdateSelf, }
SelfAccountPermissions are those which permit users to modify their own account information (password, email, name, API key, etc.). These are treated specially in the auth middleware because unlike other permissions, which are based on the subject resource's insitution id, these are based on the subject resource's user id. See ResourceAuthorization.checkPermission to understand how this specific set of permissions is used.
View Source
var Stages = []string{ StageAvailableInS3, StageCleanup, StageCopyToStaging, StageFormatIdentification, StageFetch, StagePackage, StageReceive, StageRecord, StageReingestCheck, StageRequested, StageResolve, StageRestoring, StageStorageValidation, StageStore, StageUnpack, StageValidate, }
View Source
var States = []string{ StateActive, StateDeleted, }
View Source
var Statuses = []string{ StatusCancelled, StatusFailed, StatusPending, StatusStarted, StatusSuccess, StatusSuspended, }
View Source
var StorageOptions = []string{ StorageOptionGlacierDeepOH, StorageOptionGlacierDeepOR, StorageOptionGlacierDeepVA, StorageOptionGlacierOH, StorageOptionGlacierOR, StorageOptionGlacierVA, StorageOptionStandard, StorageOptionWasabiOR, StorageOptionWasabiVA, }
View Source
var UserActions = []string{ ActionCreate, ActionRead, ActionUpdate, ActionDelete, ActionRequestDelete, ActionApproveDelete, ActionFinishBulkDelete, ActionRestoreObject, ActionRestoreFile, }
View Source
var WorkItemActions = []string{ ActionDelete, ActionGlacierRestore, ActionIngest, ActionRestoreFile, ActionRestoreObject, }
Functions ¶
func CheckPermission ¶
func CheckPermission(role string, permission Permission) bool
Types ¶
type Permission ¶
type Permission string
Permission is a string that keys into permission maps for different roles. We use string instead of bitmask or array index for a few reasons:
- We may wind up with more than 64 of these, which would be too many for a bitmask.
- Our models need to construct permission names from strings made up of model names and actions. E.g. "User" + "Create" or "Object" + "Read".
- We will likely insert permissions as the application grows, and adding bitmasks and array indices is order-dependent, while adding string keys is value-dependent, which means we can insert them anywhere in the list.
Source Files
Click to show internal directories.
Click to hide internal directories.