Documentation
¶
Index ¶
- type BulkChecker
- type BulkCheckerRequest
- type BulkPublisher
- type CheckCombiner
- type CheckEngine
- type CheckFunction
- type CheckOption
- type CheckResponse
- type ERMap
- type ExpandCombiner
- type ExpandEngine
- type ExpandFunction
- type ExpandResponse
- type LinkedEntityEngine
- type LookupEntityEngine
- type LookupEntityOption
- type LookupSchemaEngine
- type SchemaLookupCombiner
- type SchemaLookupDecision
- type SchemaLookupFunction
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BulkChecker ¶
type BulkChecker struct {
// input queue for permission check requests
RequestChan chan BulkCheckerRequest
// contains filtered or unexported fields
}
BulkChecker is a struct for checking permissions in bulk.
func NewBulkChecker ¶
func NewBulkChecker(ctx context.Context, engine *CheckEngine, callback func(entityID string, result base.PermissionCheckResponse_Result), concurrencyLimit int) *BulkChecker
NewBulkChecker creates a new BulkChecker instance. ctx: context for managing goroutines and cancellation engine: the CheckEngine to use for permission checks callback: a callback function that handles the result of each permission check concurrencyLimit: the maximum number of concurrent permission checks
func (*BulkChecker) Start ¶
func (c *BulkChecker) Start()
Start begins processing permission check requests from the RequestChan. It starts an errgroup that manages multiple goroutines for performing permission checks.
func (*BulkChecker) Stop ¶
func (c *BulkChecker) Stop()
Stop stops input by closing the RequestChan.
func (*BulkChecker) Wait ¶
func (c *BulkChecker) Wait() error
Wait waits for all goroutines in the errgroup to finish. Returns an error if any of the goroutines encounter an error.
type BulkCheckerRequest ¶
type BulkCheckerRequest struct {
Request *base.PermissionCheckRequest
Result base.PermissionCheckResponse_Result
}
BulkCheckerRequest is a struct for a permission check request and the channel to send the result.
type BulkPublisher ¶
type BulkPublisher struct {
// contains filtered or unexported fields
}
BulkPublisher is a struct for streaming permission check results.
func NewBulkPublisher ¶
func NewBulkPublisher(ctx context.Context, request *base.PermissionLookupEntityRequest, bulkChecker *BulkChecker) *BulkPublisher
NewBulkPublisher creates a new BulkStreamer instance.
func (*BulkPublisher) Publish ¶
func (s *BulkPublisher) Publish(entity *base.Entity, metadata *base.PermissionCheckRequestMetadata, result base.PermissionCheckResponse_Result)
Publish publishes a permission check request to the BulkChecker.
type CheckCombiner ¶
type CheckCombiner func(ctx context.Context, functions []CheckFunction, limit int) (*base.PermissionCheckResponse, error)
CheckCombiner is a type that represents a function which takes a context, a slice of CheckFunctions, and a limit. It combines the results of multiple CheckFunctions according to a specific strategy and returns a PermissionCheckResponse along with an error.
type CheckEngine ¶
type CheckEngine struct {
// contains filtered or unexported fields
}
CheckEngine is a core component responsible for performing permission checks. It reads schema and relationship information, and uses the engine key manager to validate permission requests.
func NewCheckEngine ¶
func NewCheckEngine(km keys.EngineKeyManager, sr repositories.SchemaReader, rr repositories.RelationshipReader, opts ...CheckOption) *CheckEngine
NewCheckEngine creates a new CheckEngine instance for performing permission checks. It takes a key manager, schema reader, and relationship reader as parameters. Additionally, it allows for optional configuration through CheckOption function arguments.
func (*CheckEngine) Run ¶
func (engine *CheckEngine) Run(ctx context.Context, request *base.PermissionCheckRequest) (response *base.PermissionCheckResponse, err error)
Run executes a permission check based on the provided request. The permission field in the request can either be a relation or an permission. This function performs various checks and returns the permission check response along with any errors that may have occurred.
type CheckFunction ¶
type CheckFunction func(ctx context.Context) (*base.PermissionCheckResponse, error)
CheckFunction is a type that represents a function that takes a context and returns a PermissionCheckResponse along with an error. It is used to perform individual permission checks within the CheckEngine.
type CheckOption ¶
type CheckOption func(engine *CheckEngine)
CheckOption - a functional option type for configuring the CheckEngine.
func CheckConcurrencyLimit ¶
func CheckConcurrencyLimit(limit int) CheckOption
CheckConcurrencyLimit - a functional option that sets the concurrency limit for the CheckEngine.
type CheckResponse ¶
type CheckResponse struct {
// contains filtered or unexported fields
}
CheckResponse - a struct that holds a PermissionCheckResponse and an error for a single check function.
type ERMap ¶
type ERMap struct {
// contains filtered or unexported fields
}
ERMap - a thread-safe map of ENR records.
type ExpandCombiner ¶
type ExpandCombiner func(ctx context.Context, functions []ExpandFunction) ExpandResponse
ExpandCombiner represents a function that combines the results of multiple ExpandFunction calls into a single ExpandResponse.
type ExpandEngine ¶
type ExpandEngine struct {
// contains filtered or unexported fields
}
ExpandEngine - This comment is describing a type called ExpandEngine. The ExpandEngine type contains two fields: schemaReader, which is a repositories.SchemaReader object, and relationshipReader, which is a repositories.RelationshipReader object. The ExpandEngine type is used to expand permission scopes based on a given user ID and a set of permission requirements.
func NewExpandEngine ¶
func NewExpandEngine(sr repositories.SchemaReader, rr repositories.RelationshipReader) *ExpandEngine
NewExpandEngine - This function creates a new instance of ExpandEngine by taking a SchemaReader and a RelationshipReader as parameters and returning a pointer to the created instance. The SchemaReader is used to read schema definitions, while the RelationshipReader is used to read relationship definitions.
func (*ExpandEngine) Run ¶
func (command *ExpandEngine) Run(ctx context.Context, request *base.PermissionExpandRequest) (response *base.PermissionExpandResponse, err error)
Run - This is the Run function of the ExpandEngine type, which takes a context, a PermissionExpandRequest, and returns a PermissionExpandResponse and an error. The function begins by starting a new OpenTelemetry span, with the name "permissions.expand.execute". It then checks if a snap token and schema version are included in the request. If not, it retrieves the head snapshot and head schema version, respectively, from the appropriate repository.
Finally, the function calls the expand function of the ExpandEngine type with the context, PermissionExpandRequest, and false value, and returns the resulting PermissionExpandResponse and error. If there is an error, the span records the error and sets the status to indicate an error.
type ExpandFunction ¶
type ExpandFunction func(ctx context.Context, expandChain chan<- ExpandResponse)
ExpandFunction represents a function that expands the schema and relationships of a request and sends the response through the provided channel.
type ExpandResponse ¶
type ExpandResponse struct {
Response *base.PermissionExpandResponse
Err error
}
ExpandResponse is a struct that contains the response and error returned from the expand function in the ExpandEngine. It is used to return the response and error together as a single object.
type LinkedEntityEngine ¶
type LinkedEntityEngine struct {
// contains filtered or unexported fields
}
LinkedEntityEngine is responsible for executing linked entity operations
func NewLinkedEntityEngine ¶
func NewLinkedEntityEngine(schemaReader repositories.SchemaReader, relationshipReader repositories.RelationshipReader) *LinkedEntityEngine
NewLinkedEntityEngine creates a new LinkedEntity engine
func (*LinkedEntityEngine) Run ¶
func (engine *LinkedEntityEngine) Run( ctx context.Context, request *base.PermissionLinkedEntityRequest, visits *ERMap, publisher *BulkPublisher, ) (err error)
Run is a method of the LinkedEntityEngine struct. It executes a permission request for linked entities.
type LookupEntityEngine ¶
type LookupEntityEngine struct {
// contains filtered or unexported fields
}
LookupEntityEngine is a struct that performs permission checks on a set of entities and returns the entities that have the requested permission.
func NewLookupEntityEngine ¶
func NewLookupEntityEngine(check *CheckEngine, linked *LinkedEntityEngine, opts ...LookupEntityOption) *LookupEntityEngine
NewLookupEntityEngine creates a new LookupEntityEngine instance. engine: the CheckEngine to use for permission checks reader: the RelationshipReader to retrieve entity relationships
func (*LookupEntityEngine) Run ¶
func (engine *LookupEntityEngine) Run(ctx context.Context, request *base.PermissionLookupEntityRequest) (response *base.PermissionLookupEntityResponse, err error)
Run performs a permission check on a set of entities and returns a response containing the IDs of the entities that have the requested permission.
func (*LookupEntityEngine) Stream ¶
func (engine *LookupEntityEngine) Stream(ctx context.Context, request *base.PermissionLookupEntityRequest, server base.Permission_LookupEntityStreamServer) (err error)
Stream performs a permission check on a set of entities and streams the results containing the IDs of the entities that have the requested permission.
type LookupEntityOption ¶
type LookupEntityOption func(engine *LookupEntityEngine)
LookupEntityOption - a functional option type for configuring the LookupEntityEngine.
func LookupEntityConcurrencyLimit ¶
func LookupEntityConcurrencyLimit(limit int) LookupEntityOption
LookupEntityConcurrencyLimit - a functional option that sets the concurrency limit for the LookupEntityEngine.
type LookupSchemaEngine ¶
type LookupSchemaEngine struct {
// contains filtered or unexported fields
}
LookupSchemaEngine represents an engine used for looking up schemas. It is used to find a schema from a given entity type.
func NewLookupSchemaEngine ¶
func NewLookupSchemaEngine(schemaReader repositories.SchemaReader) *LookupSchemaEngine
NewLookupSchemaEngine returns a new instance of LookupSchemaEngine with the provided SchemaReader.
func (*LookupSchemaEngine) Run ¶
func (command *LookupSchemaEngine) Run(ctx context.Context, request *base.PermissionLookupSchemaRequest) (*base.PermissionLookupSchemaResponse, error)
Run method executes the lookup schema engine by taking the context and a lookup schema request and returning the lookup schema response or an error. It starts an OpenTelemetry span, initializes the response and determines the schema version for the request. It then retrieves the entity definition from the schema reader and iterates over each permission within it, checking if the request has the necessary permissions to execute the permission. The allowed permission names are added to the response and returned, or an error is returned if encountered.
type SchemaLookupCombiner ¶
type SchemaLookupCombiner func(ctx context.Context, functions []SchemaLookupFunction) SchemaLookupDecision
SchemaLookupCombiner represents a function that takes a slice of SchemaLookupFunctions and combines their results to produce a single SchemaLookupDecision result. The result is a SchemaLookupDecision that contains a boolean value indicating if the lookup operation was successful or not and an error in case there was an issue with the lookup operation.
type SchemaLookupDecision ¶
SchemaLookupDecision - This is a type definition for a decision made during a schema lookup operation. It contains a boolean flag indicating whether the operation is permitted or not, and an error object in case of any errors encountered during the operation.
type SchemaLookupFunction ¶
type SchemaLookupFunction func(ctx context.Context, lookupChan chan<- SchemaLookupDecision)
SchemaLookupFunction represents a function that performs a schema lookup operation and sends the result via a channel The result is a SchemaLookupDecision that contains a boolean value indicating if the lookup operation was successful or not and an error in case there was an issue with the lookup operation.
Source Files