Documentation ¶
Index ¶
- Constants
- func ContextToString(context *base.Context) string
- func ConvertToAnyPB(value interface{}) (*anypb.Any, error)
- func GenerateKey(key *base.PermissionCheckRequest, isRelational bool) string
- func IsContextRelatedError(ctx context.Context, err error) bool
- func IsRelational(en *base.EntityDefinition, permission string) bool
- type BulkChecker
- type BulkCheckerRequest
- type BulkCheckerType
- type BulkEntityPublisher
- type BulkSubjectPublisher
- type CheckCombiner
- type CheckEngine
- type CheckFunction
- type CheckOption
- type CheckResponse
- type EntityFilter
- type ExpandCombiner
- type ExpandEngine
- type ExpandFunction
- type ExpandResponse
- type LookupEngine
- func (engine *LookupEngine) LookupEntity(ctx context.Context, request *base.PermissionLookupEntityRequest) (response *base.PermissionLookupEntityResponse, err error)
- func (engine *LookupEngine) LookupEntityStream(ctx context.Context, request *base.PermissionLookupEntityRequest, ...) (err error)
- func (engine *LookupEngine) LookupSubject(ctx context.Context, request *base.PermissionLookupSubjectRequest) (response *base.PermissionLookupSubjectResponse, err error)
- type LookupOption
- type SubjectFilter
- type SubjectFilterCombiner
- type SubjectFilterFunction
- type SubjectFilterOption
- type SubjectFilterResponse
- type SubjectPermissionEngine
- type SubjectPermissionOption
- type SubjectPermissionResponse
- type VisitsMap
Constants ¶
const ALL = "<>"
Variables ¶
This section is empty.
Functions ¶
func ContextToString ¶ added in v0.5.5
ContextToString function takes a Context object and converts it into a string
func ConvertToAnyPB ¶ added in v0.5.0
ConvertToAnyPB is a function to convert various basic Go types into *anypb.Any. It supports conversion from bool, int, float64, and string. It uses a type switch to detect the type of the input value. If the type is unsupported or unknown, it returns an error.
func GenerateKey ¶ added in v0.5.5
func GenerateKey(key *base.PermissionCheckRequest, isRelational bool) string
GenerateKey function takes a PermissionCheckRequest and generates a unique key Key format: check|{tenant_id}|{schema_version}|{snap_token}|{context}|{entity:id#permission(optional_arguments)@subject:id#optional_relation}
func IsContextRelatedError ¶ added in v1.1.4
IsContextRelatedError checks if the error is due to context cancellation, deadline exceedance, or closed connection
func IsRelational ¶ added in v0.5.6
func IsRelational(en *base.EntityDefinition, permission string) bool
IsRelational determines if a given permission corresponds to a relational attribute in the provided entity definition.
Types ¶
type BulkChecker ¶
type BulkChecker struct { // RequestChan is the input queue for permission check requests. // Incoming requests are received on this channel and processed by the BulkChecker. RequestChan chan BulkCheckerRequest // contains filtered or unexported fields }
BulkChecker is a struct for checking permissions in bulk. It processes permission check requests concurrently and maintains a sorted list of these requests.
func NewBulkChecker ¶
func NewBulkChecker(ctx context.Context, checker invoke.Check, typ BulkCheckerType, callback func(entityID, ct string), concurrencyLimit int) *BulkChecker
NewBulkChecker creates a new BulkChecker instance. ctx: context for managing goroutines and cancellation engine: the CheckEngine to use for permission checks callback: a callback function that handles the result of each permission check concurrencyLimit: the maximum number of concurrent permission checks
func (*BulkChecker) CollectAndSortRequests ¶ added in v1.0.2
func (bc *BulkChecker) CollectAndSortRequests()
CollectAndSortRequests processes incoming requests and maintains a sorted list.
func (*BulkChecker) ExecuteRequests ¶ added in v1.0.2
func (bc *BulkChecker) ExecuteRequests(size uint32) error
ExecuteRequests begins processing permission check requests from the sorted list.
func (*BulkChecker) StopCollectingRequests ¶ added in v1.0.2
func (bc *BulkChecker) StopCollectingRequests()
StopCollectingRequests Signal to stop collecting requests and close the channel
type BulkCheckerRequest ¶
type BulkCheckerRequest struct { Request *base.PermissionCheckRequest Result base.CheckResult }
BulkCheckerRequest is a struct for a permission check request and the channel to send the result.
type BulkCheckerType ¶ added in v0.5.0
type BulkCheckerType string
const ( BULK_SUBJECT BulkCheckerType = "subject" BULK_ENTITY BulkCheckerType = "entity" )
type BulkEntityPublisher ¶ added in v0.5.0
type BulkEntityPublisher struct {
// contains filtered or unexported fields
}
BulkEntityPublisher is a struct for streaming permission check results.
func NewBulkEntityPublisher ¶ added in v0.5.0
func NewBulkEntityPublisher(ctx context.Context, request *base.PermissionLookupEntityRequest, bulkChecker *BulkChecker) *BulkEntityPublisher
NewBulkEntityPublisher creates a new BulkStreamer instance.
func (*BulkEntityPublisher) Publish ¶ added in v0.5.0
func (s *BulkEntityPublisher) Publish(entity *base.Entity, metadata *base.PermissionCheckRequestMetadata, context *base.Context, result base.CheckResult)
Publish publishes a permission check request to the BulkChecker.
type BulkSubjectPublisher ¶ added in v0.5.0
type BulkSubjectPublisher struct {
// contains filtered or unexported fields
}
BulkSubjectPublisher is a struct for streaming permission check results.
func NewBulkSubjectPublisher ¶ added in v0.5.0
func NewBulkSubjectPublisher(ctx context.Context, request *base.PermissionLookupSubjectRequest, bulkChecker *BulkChecker) *BulkSubjectPublisher
NewBulkSubjectPublisher creates a new BulkStreamer instance.
func (*BulkSubjectPublisher) Publish ¶ added in v0.5.0
func (s *BulkSubjectPublisher) Publish(subject *base.Subject, metadata *base.PermissionCheckRequestMetadata, context *base.Context, result base.CheckResult)
Publish publishes a permission check request to the BulkChecker.
type CheckCombiner ¶
type CheckCombiner func(ctx context.Context, functions []CheckFunction, limit int) (*base.PermissionCheckResponse, error)
CheckCombiner is a type that represents a function which takes a context, a slice of CheckFunctions, and a limit. It combines the results of multiple CheckFunctions according to a specific strategy and returns a PermissionCheckResponse along with an error.
type CheckEngine ¶
type CheckEngine struct {
// contains filtered or unexported fields
}
CheckEngine is a core component responsible for performing permission checks. It reads schema and relationship information, and uses the engine key manager to validate permission requests.
func NewCheckEngine ¶
func NewCheckEngine(sr storage.SchemaReader, rr storage.DataReader, opts ...CheckOption) *CheckEngine
NewCheckEngine creates a new CheckEngine instance for performing permission checks. It takes a key manager, schema reader, and relationship reader as parameters. Additionally, it allows for optional configuration through CheckOption function arguments.
func (*CheckEngine) Check ¶ added in v0.4.0
func (engine *CheckEngine) Check(ctx context.Context, request *base.PermissionCheckRequest) (response *base.PermissionCheckResponse, err error)
Check executes a permission check based on the provided request. The permission field in the request can either be a relation or an permission. This function performs various checks and returns the permission check response along with any errors that may have occurred.
func (*CheckEngine) SetInvoker ¶ added in v0.4.0
func (engine *CheckEngine) SetInvoker(invoker invoke.Check)
SetInvoker sets the delegate for the CheckEngine.
type CheckFunction ¶
type CheckFunction func(ctx context.Context) (*base.PermissionCheckResponse, error)
CheckFunction is a type that represents a function that takes a context and returns a PermissionCheckResponse along with an error. It is used to perform individual permission checks within the CheckEngine.
type CheckOption ¶
type CheckOption func(engine *CheckEngine)
CheckOption - a functional option type for configuring the CheckEngine.
func CheckConcurrencyLimit ¶
func CheckConcurrencyLimit(limit int) CheckOption
CheckConcurrencyLimit - a functional option that sets the concurrency limit for the CheckEngine.
type CheckResponse ¶
type CheckResponse struct {
// contains filtered or unexported fields
}
CheckResponse - a struct that holds a PermissionCheckResponse and an error for a single check function.
type EntityFilter ¶ added in v1.1.0
type EntityFilter struct {
// contains filtered or unexported fields
}
EntityFilter is a struct that performs permission checks on a set of entities
func NewEntityFilter ¶ added in v1.1.0
func NewEntityFilter(dataReader storage.DataReader, sch *base.SchemaDefinition) *EntityFilter
NewEntityFilter creates a new EntityFilter engine
func (*EntityFilter) EntityFilter ¶ added in v1.1.0
func (engine *EntityFilter) EntityFilter( ctx context.Context, request *base.PermissionEntityFilterRequest, visits *VisitsMap, publisher *BulkEntityPublisher, ) (err error)
EntityFilter is a method of the EntityFilterEngine struct. It executes a permission request for linked entities.
type ExpandCombiner ¶
type ExpandCombiner func(ctx context.Context, entity *base.Entity, permission string, arguments []*base.Argument, functions []ExpandFunction) ExpandResponse
ExpandCombiner represents a function that combines the results of multiple ExpandFunction calls into a single ExpandResponse.
type ExpandEngine ¶
type ExpandEngine struct {
// contains filtered or unexported fields
}
ExpandEngine - This comment is describing a type called ExpandEngine. The ExpandEngine type contains two fields: schemaReader, which is a storage.SchemaReader object, and relationshipReader, which is a storage.RelationshipReader object. The ExpandEngine type is used to expand permission scopes based on a given user ID and a set of permission requirements.
func NewExpandEngine ¶
func NewExpandEngine(sr storage.SchemaReader, rr storage.DataReader) *ExpandEngine
NewExpandEngine - This function creates a new instance of ExpandEngine by taking a SchemaReader and a RelationshipReader as parameters and returning a pointer to the created instance. The SchemaReader is used to read schema definitions, while the RelationshipReader is used to read relationship definitions.
func (*ExpandEngine) Expand ¶ added in v0.4.0
func (engine *ExpandEngine) Expand(ctx context.Context, request *base.PermissionExpandRequest) (response *base.PermissionExpandResponse, err error)
Expand - This is the Run function of the ExpandEngine type, which takes a context, a PermissionExpandRequest, and returns a PermissionExpandResponse and an error. The function begins by starting a new OpenTelemetry span, with the name "permissions.expand.execute". It then checks if a snap token and schema version are included in the request. If not, it retrieves the head snapshot and head schema version, respectively, from the appropriate repository.
Finally, the function calls the expand function of the ExpandEngine type with the context, PermissionExpandRequest, and false value, and returns the resulting PermissionExpandResponse and error. If there is an error, the span records the error and sets the status to indicate an error.
type ExpandFunction ¶
type ExpandFunction func(ctx context.Context, expandChain chan<- ExpandResponse)
ExpandFunction represents a function that expands the schema and relationships of a request and sends the response through the provided channel.
type ExpandResponse ¶
type ExpandResponse struct { Response *base.PermissionExpandResponse Err error }
ExpandResponse is a struct that contains the response and error returned from the expand function in the ExpandEngine. It is used to return the response and error together as a single object.
type LookupEngine ¶ added in v0.5.0
type LookupEngine struct {
// contains filtered or unexported fields
}
func NewLookupEngine ¶ added in v0.5.0
func NewLookupEngine( check invoke.Check, schemaReader storage.SchemaReader, dataReader storage.DataReader, opts ...LookupOption, ) *LookupEngine
func (*LookupEngine) LookupEntity ¶ added in v0.5.0
func (engine *LookupEngine) LookupEntity(ctx context.Context, request *base.PermissionLookupEntityRequest) (response *base.PermissionLookupEntityResponse, err error)
LookupEntity performs a permission check on a set of entities and returns a response containing the IDs of the entities that have the requested permission.
func (*LookupEngine) LookupEntityStream ¶ added in v0.5.0
func (engine *LookupEngine) LookupEntityStream(ctx context.Context, request *base.PermissionLookupEntityRequest, server base.Permission_LookupEntityStreamServer) (err error)
LookupEntityStream performs a permission check on a set of entities and streams the results containing the IDs of the entities that have the requested permission.
func (*LookupEngine) LookupSubject ¶ added in v0.5.0
func (engine *LookupEngine) LookupSubject(ctx context.Context, request *base.PermissionLookupSubjectRequest) (response *base.PermissionLookupSubjectResponse, err error)
LookupSubject checks if a subject has a particular permission based on the schema and version. It returns a list of subjects that have the given permission.
type LookupOption ¶ added in v0.5.0
type LookupOption func(engine *LookupEngine)
func LookupConcurrencyLimit ¶ added in v0.5.0
func LookupConcurrencyLimit(limit int) LookupOption
type SubjectFilter ¶ added in v1.1.4
type SubjectFilter struct {
// contains filtered or unexported fields
}
func NewSubjectFilter ¶ added in v1.1.4
func NewSubjectFilter(schemaReader storage.SchemaReader, dataReader storage.DataReader, opts ...SubjectFilterOption) *SubjectFilter
func (*SubjectFilter) SubjectFilter ¶ added in v1.1.4
func (engine *SubjectFilter) SubjectFilter(ctx context.Context, request *base.PermissionLookupSubjectRequest) (response []string, err error)
SubjectFilter is a method for the SubjectFilterEngine struct. It takes a context and a pointer to a PermissionSubjectFilterRequest and returns a pointer to a PermissionSubjectFilterResponse and an error.
type SubjectFilterCombiner ¶ added in v0.5.0
type SubjectFilterCombiner func(ctx context.Context, functions []SubjectFilterFunction, limit int) ([]string, error)
SubjectFilterCombiner defines the type for a function that takes a context, a slice of SubjectFilterFunctions, an integer as a limit and returns a pointer to a PermissionSubjectFilterResponse and an error. This type is useful when you want to define a function that can execute multiple SubjectFilterFunctions in a specific way (like concurrently with a limit or sequentially) and combine their results into a single PermissionSubjectFilterResponse.
type SubjectFilterFunction ¶ added in v0.5.0
SubjectFilterFunction defines the type for a function that takes a context and returns a pointer to a PermissionSubjectFilterResponse and an error. This type is often used when you want to pass around functions with this specific signature.
type SubjectFilterOption ¶ added in v1.1.4
type SubjectFilterOption func(engine *SubjectFilter)
SubjectFilterOption - a functional option type for configuring the LookupSubjectEngine.
func SubjectFilterConcurrencyLimit ¶ added in v1.1.4
func SubjectFilterConcurrencyLimit(limit int) SubjectFilterOption
SubjectFilterConcurrencyLimit - a functional option that sets the concurrency limit for the LookupSubjectEngine.
type SubjectFilterResponse ¶ added in v0.5.0
type SubjectFilterResponse struct {
// contains filtered or unexported fields
}
SubjectFilterResponse -
type SubjectPermissionEngine ¶ added in v0.4.7
type SubjectPermissionEngine struct {
// contains filtered or unexported fields
}
func NewSubjectPermission ¶ added in v0.4.7
func NewSubjectPermission(checker invoke.Check, sr storage.SchemaReader, opts ...SubjectPermissionOption) *SubjectPermissionEngine
func (*SubjectPermissionEngine) SubjectPermission ¶ added in v0.4.7
func (engine *SubjectPermissionEngine) SubjectPermission(ctx context.Context, request *base.PermissionSubjectPermissionRequest) (*base.PermissionSubjectPermissionResponse, error)
SubjectPermission is a method on the SubjectPermissionEngine struct. It checks permissions for a given subject based on the supplied request and context.
type SubjectPermissionOption ¶ added in v0.4.7
type SubjectPermissionOption func(engine *SubjectPermissionEngine)
SubjectPermissionOption - a functional option type for configuring the SubjectPermissionEngine.
func SubjectPermissionConcurrencyLimit ¶ added in v0.4.7
func SubjectPermissionConcurrencyLimit(limit int) SubjectPermissionOption
SubjectPermissionConcurrencyLimit - a functional option that sets the concurrency limit for the SubjectPermissionEngine.
type SubjectPermissionResponse ¶ added in v0.4.7
type SubjectPermissionResponse struct {
// contains filtered or unexported fields
}
SubjectPermissionResponse - a struct that holds a SubjectPermissionResponse and an error for a single subject permission check result.