Documentation ¶
Index ¶
Constants ¶
const ( AccessConsortia = "consortia" AccessInstitution = "institution" AccessRestricted = "restricted" ActionApproveDelete = "ApproveDelete" ActionCreate = "Create" ActionDelete = "Delete" ActionFinishBulkDelete = "FinishBulkDelete" ActionFixityCheck = "Fixity Check" ActionRestoreFile = "Restore File" ActionGlacierRestore = "Glacier Restore" ActionIngest = "Ingest" ActionRead = "Read" ActionRequestDelete = "RequestDelete" ActionRestoreObject = "Restore Object" ActionUpdate = "Update" AlertDeletionCancelled = "Deletion Cancelled" AlertDeletionCompleted = "Deletion Completed" AlertDeletionConfirmed = "Deletion Confirmed" AlertDeletionRequested = "Deletion Requested" AlertFailedFixity = "Failed Fixity Check" AlertPasswordChanged = "Password Changed" AlertPasswordReset = "Password Reset" AlertRestorationCompleted = "Restoration Completed" AlertStalledItems = "Stalled Work Items" AlertWelcome = "Welcome New User" AlgMd5 = "md5" AlgSha1 = "sha1" AlgSha256 = "sha256" AlgSha512 = "sha512" APIUserHeader = "X-Pharos-API-User" APIKeyHeader = "X-Pharos-API-Key" APIPrefixAdmin = "/admin-api/" APIPrefixMember = "/member-api/" BTRProfileIdentifier = "https://github.com/dpscollaborative/btr_bagit_profile/releases/download/1.0/btr-bagit-profile.json" CSRFCookieName = "csrf_token" CSRFHeaderName = "X-CSRF-Token" CSRFTokenName = "csrf_token" DefaultProfileIdentifier = "https://raw.githubusercontent.com/APTrust/preservation-services/master/profiles/aptrust-v2.2.json" EventAccessAssignment = "access assignment" EventCapture = "capture" EventCompression = "compression" EventCreation = "creation" EventDeaccession = "deaccession" EventDecompression = "decompression" EventDecryption = "decryption" EventDeletion = "deletion" EventDigestCalculation = "message digest calculation" EventFixityCheck = "fixity check" EventIdentifierAssignment = "identifier assignment" EventIngestion = "ingestion" EventMigration = "migration" EventNormalization = "normalization" EventReplication = "replication" EventSignatureValidation = "digital signature validation" EventValidation = "validation" EventVirusCheck = "virus check" IngestPreFetch = "ingest01_prefetch" IngestValidation = "ingest02_bag_validation" IngestReingestCheck = "ingest03_reingest_check" IngestStaging = "ingest04_staging" IngestFormatIdentification = "ingest05_format_identification" IngestStorage = "ingest06_storage" IngestStorageValidation = "ingest07_storage_validation" IngestRecord = "ingest08_record" IngestCleanup = "ingest09_cleanup" InstTypeMember = "MemberInstitution" InstTypeSubscriber = "SubscriptionInstitution" MetaSpotTestsRunning = "spot restore is running" MetaSpotTestsLastRun = "spot restore last run" OutcomeFailure = "Failure" OutcomeSuccess = "Success" RoleInstAdmin = "institutional_admin" RoleInstUser = "institutional_user" RoleNone = "none" RoleSysAdmin = "admin" SecondFactorAuthy = "Authy" SecondFactorBackupCode = "Backup Code" SecondFactorSMS = "SMS" StageAvailableInS3 = "Available in S3" StageCleanup = "Cleanup" StageCopyToStaging = "Copy To Staging" StageFetch = "Fetch" StageFormatIdentification = "Format Identification" StagePackage = "Package" StageReceive = "Receive" StageRecord = "Record" StageReingestCheck = "Reingest Check" StageRequested = "Requested" StageResolve = "Resolve" StageRestoring = "Restoring" StageStorageValidation = "Storage Validation" StageStore = "Store" StageUnpack = "Unpack" StageValidate = "Validate" StateActive = "A" StateDeleted = "D" StatusCancelled = "Cancelled" StatusFailed = "Failed" StatusPending = "Pending" StatusStarted = "Started" StatusSuccess = "Success" StatusSuspended = "Suspended" StorageOptionGlacierDeepOH = "Glacier-Deep-OH" StorageOptionGlacierDeepOR = "Glacier-Deep-OR" StorageOptionGlacierDeepVA = "Glacier-Deep-VA" StorageOptionGlacierOH = "Glacier-OH" StorageOptionGlacierOR = "Glacier-OR" StorageOptionGlacierVA = "Glacier-VA" StorageOptionStandard = "Standard" StorageOptionWasabiOR = "Wasabi-OR" StorageOptionWasabiVA = "Wasabi-VA" SystemUser = "system@aptrust.org" TopicDelete = "delete_item" TopicE2EDelete = "e2e_deletion_post_test" TopicE2EFixity = "e2e_fixity_post_test" TopicE2EIngest = "e2e_ingest_post_test" TopicE2EReingest = "e2e_reingest_post_test" TopicE2ERestore = "e2e_restoration_post_test" TopicFileRestore = "restore_file" TopicFixity = "fixity_check" TopicGlacierRestore = "restore_glacier" TopicObjectRestore = "restore_object" TwoFactorAuthy = "onetouch" TwoFactorNone = "none" TwoFactorSMS = "sms" )
const ( AlertCreate = "AlertCreate" AlertDelete = "AlertDelete" AlertRead = "AlertRead" AlertUpdate = "AlertUpdate" BillingReportShow = "BillingReportShow" ChecksumCreate = "ChecksumCreate" ChecksumDelete = "ChecksumDelete" ChecksumRead = "ChecksumRead" ChecksumUpdate = "ChecksumUpdate" DashboardShow = "DashboardShow" DeletionRequestApprove = "DeletionRequestApprove" DeletionRequestList = "DeletionRequestList" DeletionRequestShow = "DeletionRequestShow" DepositReportShow = "DepositReportShow" EventCreate = "EventCreate" EventDelete = "EventDelete" EventRead = "EventRead" EventUpdate = "EventUpdate" FileCreate = "FileCreate" FileDelete = "FileDelete" FileFinishBulkDelete = "FileFinishBulkDelete" FileRead = "FileRead" FileRequestDelete = "FileRequestDelete" FileRestore = "FileRestore" FileUpdate = "FileUpdate" InstitutionCreate = "InstitutionCreate" InstitutionDelete = "InstitutionDelete" InstitutionList = "InstitutionList" InstitutionRead = "InstitutionRead" InstitutionUpdate = "InstitutionUpdate" InstitutionUpdatePrefs = "InstitutionUpdatePrefs" IntellectualObjectCreate = "IntellectualObjectCreate" IntellectualObjectDelete = "IntellectualObjectDelete" IntellectualObjectFinishBulkDelete = "IntellectualObjectFinishBulkDelete" IntellectualObjectRead = "IntellectualObjectRead" IntellectualObjectRequestDelete = "IntellectualObjectRequestDelete" IntellectualObjectRestore = "IntellectualObjectRestore" IntellectualObjectUpdate = "IntellectualObjectUpdate" InternalMetadataRead = "InternalMetadataRead" NsqAdmin = "NsqAdmin" PrepareFileDelete = "PrepareFileDelete" PrepareObjectDelete = "PrepareObjectDelete" ReportRead = "ReportRead" RedisList = "RedisList" RedisRead = "RedisRead" StorageRecordCreate = "StorageRecordCreate" StorageRecordDelete = "StorageRecordDelete" StorageRecordRead = "StorageRecordRead" StorageRecordUpdate = "StorageRecordUpdate" UserComplete2FASetup = "UserComplete2FASetup" UserConfirmPhone = "UserConfirmPhone" UserCreate = "UserCreate" UserDelete = "UserDelete" UserDeleteSelf = "UserDeleteSelf" UserGenerateBackupCodes = "UserGenerateBackupCodes" UserInit2FASetup = "UserInit2FASetup" UserRead = "UserRead" UserReadSelf = "UserReadSelf" UserSignIn = "UserSignIn" UserSignOut = "UserSignOut" UserTwoFactorBackup = "UserTwoFactorBackup" UserTwoFactorChoose = "UserTwoFactorChoose" UserTwoFactorGenerateSMS = "UserTwoFactorGenerateSMS" UserTwoFactorPush = "UserTwoFactorPush" UserTwoFactorResend = "UserTwoFactorResend" UserTwoFactorVerify = "UserTwoFactorVerify" UserUpdate = "UserUpdate" UserUpdateSelf = "UserUpdateSelf" WorkItemCreate = "WorkItemCreate" WorkItemDelete = "WorkItemDelete" WorkItemRead = "WorkItemRead" WorkItemRedisDelete = "WorkItemRedisDelete" WorkItemRequeue = "WorkItemRequeue" WorkItemUpdate = "WorkItemUpdate" )
Variables ¶
var APIPrefixes = []string{ APIPrefixAdmin, APIPrefixMember, }
var AccessSettings = []string{ AccessConsortia, AccessInstitution, AccessRestricted, }
var AlertTypes = []string{ AlertDeletionCancelled, AlertDeletionCompleted, AlertDeletionConfirmed, AlertDeletionRequested, AlertFailedFixity, AlertRestorationCompleted, AlertPasswordChanged, AlertPasswordReset, AlertStalledItems, AlertWelcome, }
var CompletedStatusValues = []string{ StatusCancelled, StatusFailed, StatusSuccess, }
var ErrInvalidRequeue = errors.New("item cannot be requeued to the specified stage")
ErrInvalidRequeue occurs when someone attempts to requeue an item to the wrong stage, or to a stage for which no NSQ topic exists.
var EventOutcomes = []string{ OutcomeFailure, OutcomeSuccess, }
var EventTypes = []string{ EventAccessAssignment, EventCreation, EventDeletion, EventDigestCalculation, EventFixityCheck, EventIdentifierAssignment, EventIngestion, EventReplication, EventValidation, }
var ForbiddenToAll = []Permission{ ChecksumUpdate, ChecksumDelete, EventUpdate, EventDelete, }
var GlacierOnlyOptions = []string{ StorageOptionGlacierDeepOH, StorageOptionGlacierDeepOR, StorageOptionGlacierDeepVA, StorageOptionGlacierOH, StorageOptionGlacierOR, StorageOptionGlacierVA, }
var IncompleteStatusValues = []string{ StatusPending, StatusStarted, }
var IngestStagesInOrder = []string{ StageReceive, StageValidate, StageReingestCheck, StageCopyToStaging, StageFormatIdentification, StageStore, StageStorageValidation, StageRecord, StageCleanup, }
var InstTypes = []string{ InstTypeMember, InstTypeSubscriber, }
var NSQIngestTopicFor = map[string]string{ StageReceive: IngestPreFetch, StageValidate: IngestValidation, StageReingestCheck: IngestReingestCheck, StageCopyToStaging: IngestStaging, StageFormatIdentification: IngestFormatIdentification, StageStore: IngestStorage, StageStorageValidation: IngestStorageValidation, StageRecord: IngestRecord, StageCleanup: IngestCleanup, }
NSQIngestTopicFor maps ingest stage names to NSQ topics.
var NonIngestTopics = []string{ TopicDelete, TopicFileRestore, TopicFixity, TopicGlacierRestore, TopicObjectRestore, }
var Permissions = []Permission{ AlertCreate, AlertDelete, AlertRead, AlertUpdate, BillingReportShow, ChecksumCreate, ChecksumDelete, ChecksumRead, ChecksumUpdate, DashboardShow, DeletionRequestApprove, DeletionRequestList, DeletionRequestShow, DepositReportShow, EventCreate, EventDelete, EventRead, EventUpdate, FileCreate, FileDelete, FileFinishBulkDelete, FileRead, FileRequestDelete, FileRestore, FileUpdate, InstitutionCreate, InstitutionDelete, InstitutionList, InstitutionRead, InstitutionUpdate, InstitutionUpdatePrefs, IntellectualObjectCreate, IntellectualObjectDelete, IntellectualObjectFinishBulkDelete, IntellectualObjectRead, IntellectualObjectRequestDelete, IntellectualObjectRestore, IntellectualObjectUpdate, InternalMetadataRead, NsqAdmin, PrepareFileDelete, PrepareObjectDelete, ReportRead, RedisList, RedisRead, StorageRecordCreate, StorageRecordDelete, StorageRecordRead, StorageRecordUpdate, UserComplete2FASetup, UserConfirmPhone, UserCreate, UserDelete, UserDeleteSelf, UserGenerateBackupCodes, UserInit2FASetup, UserRead, UserReadSelf, UserSignIn, UserSignOut, UserTwoFactorBackup, UserTwoFactorChoose, UserTwoFactorGenerateSMS, UserTwoFactorPush, UserTwoFactorResend, UserTwoFactorVerify, UserUpdate, UserUpdateSelf, WorkItemCreate, WorkItemDelete, WorkItemRead, WorkItemRedisDelete, WorkItemRequeue, WorkItemUpdate, }
var Roles = []string{ RoleInstAdmin, RoleInstUser, RoleNone, RoleSysAdmin, }
var SecondFactorTypes = []string{ SecondFactorAuthy, SecondFactorBackupCode, SecondFactorSMS, }
var SelfAccountPermissions = []Permission{ UserComplete2FASetup, UserConfirmPhone, UserDeleteSelf, UserGenerateBackupCodes, UserInit2FASetup, UserReadSelf, UserUpdateSelf, }
SelfAccountPermissions are those which permit users to modify their own account information (password, email, name, API key, etc.). These are treated specially in the auth middleware because unlike other permissions, which are based on the subject resource's insitution id, these are based on the subject resource's user id. See ResourceAuthorization.checkPermission to understand how this specific set of permissions is used.
var Stages = []string{ StageAvailableInS3, StageCleanup, StageCopyToStaging, StageFormatIdentification, StageFetch, StagePackage, StageReceive, StageRecord, StageReingestCheck, StageRequested, StageResolve, StageRestoring, StageStorageValidation, StageStore, StageUnpack, StageValidate, }
var States = []string{ StateActive, StateDeleted, }
var Statuses = []string{ StatusCancelled, StatusFailed, StatusPending, StatusStarted, StatusSuccess, StatusSuspended, }
var StorageOptions = []string{ StorageOptionGlacierDeepOH, StorageOptionGlacierDeepOR, StorageOptionGlacierDeepVA, StorageOptionGlacierOH, StorageOptionGlacierOR, StorageOptionGlacierVA, StorageOptionStandard, StorageOptionWasabiOR, StorageOptionWasabiVA, }
var UserActions = []string{ ActionCreate, ActionRead, ActionUpdate, ActionDelete, ActionRequestDelete, ActionApproveDelete, ActionFinishBulkDelete, ActionRestoreObject, ActionRestoreFile, }
var WorkItemActions = []string{ ActionDelete, ActionGlacierRestore, ActionIngest, ActionRestoreFile, ActionRestoreObject, }
Functions ¶
func CheckPermission ¶
func CheckPermission(role string, permission Permission) bool
Types ¶
type Permission ¶
type Permission string
Permission is a string that keys into permission maps for different roles. We use string instead of bitmask or array index for a few reasons:
- We may wind up with more than 64 of these, which would be too many for a bitmask.
- Our models need to construct permission names from strings made up of model names and actions. E.g. "User" + "Create" or "Object" + "Read".
- We will likely insert permissions as the application grows, and adding bitmasks and array indices is order-dependent, while adding string keys is value-dependent, which means we can insert them anywhere in the list.