engines

package
v1.2.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source
const ALL = "<>"

Variables

This section is empty.

Functions

func ContextToString added in v0.5.5

func ContextToString(context *base.Context) string

ContextToString function takes a Context object and converts it into a string

func ConvertToAnyPB added in v0.5.0

func ConvertToAnyPB(value interface{}) (*anypb.Any, error)

ConvertToAnyPB is a function to convert various basic Go types into *anypb.Any. It supports conversion from bool, int, float64, and string. It uses a type switch to detect the type of the input value. If the type is unsupported or unknown, it returns an error.

func GenerateKey added in v0.5.5

func GenerateKey(key *base.PermissionCheckRequest, isRelational bool) string

GenerateKey function takes a PermissionCheckRequest and generates a unique key Key format: check|{tenant_id}|{schema_version}|{snap_token}|{context}|{entity:id#permission(optional_arguments)@subject:id#optional_relation}

func IsContextRelatedError added in v1.1.4

func IsContextRelatedError(ctx context.Context, err error) bool

IsContextRelatedError checks if the error is due to context cancellation, deadline exceedance, or closed connection

func IsRelational added in v0.5.6

func IsRelational(en *base.EntityDefinition, permission string) bool

IsRelational determines if a given permission corresponds to a relational attribute in the provided entity definition.

Types

type BulkChecker

type BulkChecker struct {

	// RequestChan is the input queue for permission check requests.
	// Incoming requests are received on this channel and processed by the BulkChecker.
	RequestChan chan BulkCheckerRequest
	// contains filtered or unexported fields
}

BulkChecker is a struct for checking permissions in bulk. It processes permission check requests concurrently and maintains a sorted list of these requests.

func NewBulkChecker

func NewBulkChecker(ctx context.Context, checker invoke.Check, typ BulkCheckerType, callback func(entityID, ct string), concurrencyLimit int) *BulkChecker

NewBulkChecker creates a new BulkChecker instance. ctx: context for managing goroutines and cancellation engine: the CheckEngine to use for permission checks callback: a callback function that handles the result of each permission check concurrencyLimit: the maximum number of concurrent permission checks

func (*BulkChecker) CollectAndSortRequests added in v1.0.2

func (bc *BulkChecker) CollectAndSortRequests()

CollectAndSortRequests processes incoming requests and maintains a sorted list.

func (*BulkChecker) ExecuteRequests added in v1.0.2

func (bc *BulkChecker) ExecuteRequests(size uint32) error

ExecuteRequests begins processing permission check requests from the sorted list.

func (*BulkChecker) StopCollectingRequests added in v1.0.2

func (bc *BulkChecker) StopCollectingRequests()

StopCollectingRequests Signal to stop collecting requests and close the channel

type BulkCheckerRequest

type BulkCheckerRequest struct {
	Request *base.PermissionCheckRequest
	Result  base.CheckResult
}

BulkCheckerRequest is a struct for a permission check request and the channel to send the result.

type BulkCheckerType added in v0.5.0

type BulkCheckerType string
const (
	BULK_SUBJECT BulkCheckerType = "subject"
	BULK_ENTITY  BulkCheckerType = "entity"
)

type BulkEntityPublisher added in v0.5.0

type BulkEntityPublisher struct {
	// contains filtered or unexported fields
}

BulkEntityPublisher is a struct for streaming permission check results.

func NewBulkEntityPublisher added in v0.5.0

func NewBulkEntityPublisher(ctx context.Context, request *base.PermissionLookupEntityRequest, bulkChecker *BulkChecker) *BulkEntityPublisher

NewBulkEntityPublisher creates a new BulkStreamer instance.

func (*BulkEntityPublisher) Publish added in v0.5.0

func (s *BulkEntityPublisher) Publish(entity *base.Entity, metadata *base.PermissionCheckRequestMetadata, context *base.Context, result base.CheckResult)

Publish publishes a permission check request to the BulkChecker.

type BulkSubjectPublisher added in v0.5.0

type BulkSubjectPublisher struct {
	// contains filtered or unexported fields
}

BulkSubjectPublisher is a struct for streaming permission check results.

func NewBulkSubjectPublisher added in v0.5.0

func NewBulkSubjectPublisher(ctx context.Context, request *base.PermissionLookupSubjectRequest, bulkChecker *BulkChecker) *BulkSubjectPublisher

NewBulkSubjectPublisher creates a new BulkStreamer instance.

func (*BulkSubjectPublisher) Publish added in v0.5.0

func (s *BulkSubjectPublisher) Publish(subject *base.Subject, metadata *base.PermissionCheckRequestMetadata, context *base.Context, result base.CheckResult)

Publish publishes a permission check request to the BulkChecker.

type CheckCombiner

type CheckCombiner func(ctx context.Context, functions []CheckFunction, limit int) (*base.PermissionCheckResponse, error)

CheckCombiner is a type that represents a function which takes a context, a slice of CheckFunctions, and a limit. It combines the results of multiple CheckFunctions according to a specific strategy and returns a PermissionCheckResponse along with an error.

type CheckEngine

type CheckEngine struct {
	// contains filtered or unexported fields
}

CheckEngine is a core component responsible for performing permission checks. It reads schema and relationship information, and uses the engine key manager to validate permission requests.

func NewCheckEngine

func NewCheckEngine(sr storage.SchemaReader, rr storage.DataReader, opts ...CheckOption) *CheckEngine

NewCheckEngine creates a new CheckEngine instance for performing permission checks. It takes a key manager, schema reader, and relationship reader as parameters. Additionally, it allows for optional configuration through CheckOption function arguments.

func (*CheckEngine) Check added in v0.4.0

func (engine *CheckEngine) Check(ctx context.Context, request *base.PermissionCheckRequest) (response *base.PermissionCheckResponse, err error)

Check executes a permission check based on the provided request. The permission field in the request can either be a relation or an permission. This function performs various checks and returns the permission check response along with any errors that may have occurred.

func (*CheckEngine) SetInvoker added in v0.4.0

func (engine *CheckEngine) SetInvoker(invoker invoke.Check)

SetInvoker sets the delegate for the CheckEngine.

type CheckFunction

type CheckFunction func(ctx context.Context) (*base.PermissionCheckResponse, error)

CheckFunction is a type that represents a function that takes a context and returns a PermissionCheckResponse along with an error. It is used to perform individual permission checks within the CheckEngine.

type CheckOption

type CheckOption func(engine *CheckEngine)

CheckOption - a functional option type for configuring the CheckEngine.

func CheckConcurrencyLimit

func CheckConcurrencyLimit(limit int) CheckOption

CheckConcurrencyLimit - a functional option that sets the concurrency limit for the CheckEngine.

type CheckResponse

type CheckResponse struct {
	// contains filtered or unexported fields
}

CheckResponse - a struct that holds a PermissionCheckResponse and an error for a single check function.

type EntityFilter added in v1.1.0

type EntityFilter struct {
	// contains filtered or unexported fields
}

EntityFilter is a struct that performs permission checks on a set of entities

func NewEntityFilter added in v1.1.0

func NewEntityFilter(dataReader storage.DataReader, sch *base.SchemaDefinition) *EntityFilter

NewEntityFilter creates a new EntityFilter engine

func (*EntityFilter) EntityFilter added in v1.1.0

func (engine *EntityFilter) EntityFilter(
	ctx context.Context,
	request *base.PermissionEntityFilterRequest,
	visits *VisitsMap,
	publisher *BulkEntityPublisher,
) (err error)

EntityFilter is a method of the EntityFilterEngine struct. It executes a permission request for linked entities.

type ExpandCombiner

type ExpandCombiner func(ctx context.Context, entity *base.Entity, permission string, arguments []*base.Argument, functions []ExpandFunction) ExpandResponse

ExpandCombiner represents a function that combines the results of multiple ExpandFunction calls into a single ExpandResponse.

type ExpandEngine

type ExpandEngine struct {
	// contains filtered or unexported fields
}

ExpandEngine - This comment is describing a type called ExpandEngine. The ExpandEngine type contains two fields: schemaReader, which is a storage.SchemaReader object, and relationshipReader, which is a storage.RelationshipReader object. The ExpandEngine type is used to expand permission scopes based on a given user ID and a set of permission requirements.

func NewExpandEngine

func NewExpandEngine(sr storage.SchemaReader, rr storage.DataReader) *ExpandEngine

NewExpandEngine - This function creates a new instance of ExpandEngine by taking a SchemaReader and a RelationshipReader as parameters and returning a pointer to the created instance. The SchemaReader is used to read schema definitions, while the RelationshipReader is used to read relationship definitions.

func (*ExpandEngine) Expand added in v0.4.0

func (engine *ExpandEngine) Expand(ctx context.Context, request *base.PermissionExpandRequest) (response *base.PermissionExpandResponse, err error)

Expand - This is the Run function of the ExpandEngine type, which takes a context, a PermissionExpandRequest, and returns a PermissionExpandResponse and an error. The function begins by starting a new OpenTelemetry span, with the name "permissions.expand.execute". It then checks if a snap token and schema version are included in the request. If not, it retrieves the head snapshot and head schema version, respectively, from the appropriate repository.

Finally, the function calls the expand function of the ExpandEngine type with the context, PermissionExpandRequest, and false value, and returns the resulting PermissionExpandResponse and error. If there is an error, the span records the error and sets the status to indicate an error.

type ExpandFunction

type ExpandFunction func(ctx context.Context, expandChain chan<- ExpandResponse)

ExpandFunction represents a function that expands the schema and relationships of a request and sends the response through the provided channel.

type ExpandResponse

type ExpandResponse struct {
	Response *base.PermissionExpandResponse
	Err      error
}

ExpandResponse is a struct that contains the response and error returned from the expand function in the ExpandEngine. It is used to return the response and error together as a single object.

type LookupEngine added in v0.5.0

type LookupEngine struct {
	// contains filtered or unexported fields
}

func NewLookupEngine added in v0.5.0

func NewLookupEngine(
	check invoke.Check,
	schemaReader storage.SchemaReader,
	dataReader storage.DataReader,
	opts ...LookupOption,
) *LookupEngine

func (*LookupEngine) LookupEntity added in v0.5.0

func (engine *LookupEngine) LookupEntity(ctx context.Context, request *base.PermissionLookupEntityRequest) (response *base.PermissionLookupEntityResponse, err error)

LookupEntity performs a permission check on a set of entities and returns a response containing the IDs of the entities that have the requested permission.

func (*LookupEngine) LookupEntityStream added in v0.5.0

func (engine *LookupEngine) LookupEntityStream(ctx context.Context, request *base.PermissionLookupEntityRequest, server base.Permission_LookupEntityStreamServer) (err error)

LookupEntityStream performs a permission check on a set of entities and streams the results containing the IDs of the entities that have the requested permission.

func (*LookupEngine) LookupSubject added in v0.5.0

func (engine *LookupEngine) LookupSubject(ctx context.Context, request *base.PermissionLookupSubjectRequest) (response *base.PermissionLookupSubjectResponse, err error)

LookupSubject checks if a subject has a particular permission based on the schema and version. It returns a list of subjects that have the given permission.

type LookupOption added in v0.5.0

type LookupOption func(engine *LookupEngine)

func LookupConcurrencyLimit added in v0.5.0

func LookupConcurrencyLimit(limit int) LookupOption

type SubjectFilter added in v1.1.4

type SubjectFilter struct {
	// contains filtered or unexported fields
}

func NewSubjectFilter added in v1.1.4

func NewSubjectFilter(schemaReader storage.SchemaReader, dataReader storage.DataReader, opts ...SubjectFilterOption) *SubjectFilter

func (*SubjectFilter) SubjectFilter added in v1.1.4

func (engine *SubjectFilter) SubjectFilter(ctx context.Context, request *base.PermissionLookupSubjectRequest) (response []string, err error)

SubjectFilter is a method for the SubjectFilterEngine struct. It takes a context and a pointer to a PermissionSubjectFilterRequest and returns a pointer to a PermissionSubjectFilterResponse and an error.

type SubjectFilterCombiner added in v0.5.0

type SubjectFilterCombiner func(ctx context.Context, functions []SubjectFilterFunction, limit int) ([]string, error)

SubjectFilterCombiner defines the type for a function that takes a context, a slice of SubjectFilterFunctions, an integer as a limit and returns a pointer to a PermissionSubjectFilterResponse and an error. This type is useful when you want to define a function that can execute multiple SubjectFilterFunctions in a specific way (like concurrently with a limit or sequentially) and combine their results into a single PermissionSubjectFilterResponse.

type SubjectFilterFunction added in v0.5.0

type SubjectFilterFunction func(ctx context.Context) ([]string, error)

SubjectFilterFunction defines the type for a function that takes a context and returns a pointer to a PermissionSubjectFilterResponse and an error. This type is often used when you want to pass around functions with this specific signature.

type SubjectFilterOption added in v1.1.4

type SubjectFilterOption func(engine *SubjectFilter)

SubjectFilterOption - a functional option type for configuring the LookupSubjectEngine.

func SubjectFilterConcurrencyLimit added in v1.1.4

func SubjectFilterConcurrencyLimit(limit int) SubjectFilterOption

SubjectFilterConcurrencyLimit - a functional option that sets the concurrency limit for the LookupSubjectEngine.

type SubjectFilterResponse added in v0.5.0

type SubjectFilterResponse struct {
	// contains filtered or unexported fields
}

SubjectFilterResponse -

type SubjectPermissionEngine added in v0.4.7

type SubjectPermissionEngine struct {
	// contains filtered or unexported fields
}

func NewSubjectPermission added in v0.4.7

func NewSubjectPermission(checker invoke.Check, sr storage.SchemaReader, opts ...SubjectPermissionOption) *SubjectPermissionEngine

func (*SubjectPermissionEngine) SubjectPermission added in v0.4.7

SubjectPermission is a method on the SubjectPermissionEngine struct. It checks permissions for a given subject based on the supplied request and context.

type SubjectPermissionOption added in v0.4.7

type SubjectPermissionOption func(engine *SubjectPermissionEngine)

SubjectPermissionOption - a functional option type for configuring the SubjectPermissionEngine.

func SubjectPermissionConcurrencyLimit added in v0.4.7

func SubjectPermissionConcurrencyLimit(limit int) SubjectPermissionOption

SubjectPermissionConcurrencyLimit - a functional option that sets the concurrency limit for the SubjectPermissionEngine.

type SubjectPermissionResponse added in v0.4.7

type SubjectPermissionResponse struct {
	// contains filtered or unexported fields
}

SubjectPermissionResponse - a struct that holds a SubjectPermissionResponse and an error for a single subject permission check result.

type VisitsMap added in v1.1.0

type VisitsMap struct {
	// contains filtered or unexported fields
}

VisitsMap - a thread-safe map of ENR records.

func (*VisitsMap) AddEA added in v1.1.4

func (s *VisitsMap) AddEA(entityType, attribute string) bool

func (*VisitsMap) AddER added in v1.1.0

func (s *VisitsMap) AddER(entity *base.Entity, relation string) bool

func (*VisitsMap) AddPublished added in v1.1.0

func (s *VisitsMap) AddPublished(entity *base.Entity) bool

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL