Documentation ¶
Overview ¶
Package permissions provides library functions to determine if a user/service has a particular permission.
A user can be identified by the user ID, or the groups that it belongs to. A service 'user' is identified by a service ID. Users, groups and services are treated the same for permissions purposes, so have the common name Entities.
Entities are associated with permissions/roles via policies. For an entity to have a permission, there must be at least one policy that applies to that entity and permission. Policies can also have conditions that need to be met for the policy to apply. A policy with no conditions is equivalent to a policy where all conditions are met.
Index ¶
- type Cache
- type CachingStore
- func (c *CachingStore) CheckCacheExpiry(ctx context.Context, maxCacheTime time.Duration)
- func (c *CachingStore) Close(_ context.Context) error
- func (c *CachingStore) GetPermissionsBundle(_ context.Context) (permsdk.Bundle, error)
- func (c *CachingStore) HealthCheck(_ context.Context, state *health.CheckState) error
- func (c *CachingStore) StartCacheUpdater(ctx context.Context, updateInterval, maxCacheTime time.Duration)
- func (c *CachingStore) Update(ctx context.Context, maxCacheTime time.Duration) (permsdk.Bundle, error)
- type Checker
- type Store
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Cache ¶
type Cache interface { Store Close(ctx context.Context) error HealthCheck(ctx context.Context, state *health.CheckState) error }
Cache represents a cache of permissions data.
type CachingStore ¶
type CachingStore struct {
// contains filtered or unexported fields
}
CachingStore is a permissions store implementation that caches permission data in memory.
func NewCachingStore ¶
func NewCachingStore(underlyingStore Store) *CachingStore
NewCachingStore constructs a new instance of CachingStore
func (*CachingStore) CheckCacheExpiry ¶
func (c *CachingStore) CheckCacheExpiry(ctx context.Context, maxCacheTime time.Duration)
CheckCacheExpiry clears the cache data it it's gone beyond it's expiry time.
func (*CachingStore) Close ¶
func (c *CachingStore) Close(_ context.Context) error
Close stops go routines and blocks until closed.
func (*CachingStore) GetPermissionsBundle ¶
GetPermissionsBundle returns the cached permission data, or an error if it's not cached.
func (*CachingStore) HealthCheck ¶
func (c *CachingStore) HealthCheck(_ context.Context, state *health.CheckState) error
func (*CachingStore) StartCacheUpdater ¶
func (c *CachingStore) StartCacheUpdater(ctx context.Context, updateInterval, maxCacheTime time.Duration)
StartCacheUpdater starts a go routine to continually update cache data at time intervals.
- updateInterval - how often to update the cache data.
type Checker ¶
type Checker struct {
// contains filtered or unexported fields
}
Checker reads permission data and verifies that a user has a permission
func NewChecker ¶
func NewChecker( ctx context.Context, permissionsAPIHost string, cacheUpdateInterval, maxCacheTime time.Duration) *Checker
NewChecker creates a new Checker instance that uses the permissions API client, wrapped in a CachingStore
func NewCheckerForStore ¶
NewCheckerForStore creates a new Checker instance.
func (Checker) HasPermission ¶
func (c Checker) HasPermission( ctx context.Context, entityData permsdk.EntityData, permission string, attributes map[string]string) (bool, error)
HasPermission returns true if one of the given entities has the given permission.
entityData - ID of the caller (user or service), as well as any associated groups permission - the action or permission the user wants to take, e.g. `datasets:edit` attributes - other key value attributes for use in access control decision, e.g. `collectionID`, `datasetID`, `isPublished`, `roleId`, etc