policies

package
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2024 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Overview

Package policies contains SuperMQ policy definitions.

Index

Constants

View Source 
const (
	TokenKind      = "token"
	GroupsKind     = "groups"
	NewGroupKind   = "new_group"
	ChannelsKind   = "channels"
	NewChannelKind = "new_channel"
	ClientsKind    = "clients"
	NewClientKind  = "new_client"
	UsersKind      = "users"
	DomainsKind    = "domains"
	PlatformKind   = "platform"
)
View Source 
const (
	RoleType     = "role"
	GroupType    = "group"
	ClientType   = "client"
	ChannelType  = "channel"
	UserType     = "user"
	DomainType   = "domain"
	PlatformType = "platform"
)
View Source 
const (
	AdministratorRelation = "administrator"
	EditorRelation        = "editor"
	ContributorRelation   = "contributor"
	MemberRelation        = "member"
	DomainRelation        = "domain"
	ParentGroupRelation   = "parent_group"
	RoleGroupRelation     = "role_group"
	GroupRelation         = "group"
	PlatformRelation      = "platform"
	GuestRelation         = "guest"
)
View Source 
const (
	AdminPermission      = "admin"
	DeletePermission     = "delete"
	EditPermission       = "edit"
	ViewPermission       = "view"
	MembershipPermission = "membership"
	SharePermission      = "share"
	PublishPermission    = "publish"
	SubscribePermission  = "subscribe"
	CreatePermission     = "create"
)
View Source 
const SuperMQObject = "supermq"

Variables

This section is empty.

Functions

func EncodeDomainUserID 

func EncodeDomainUserID(domainID, userID string) string

Types

type Evaluator 

type Evaluator interface {
	// CheckPolicy checks if the subject has a relation on the object.
	// It returns a non-nil error if the subject has no relation on
	// the object (which simply means the operation is denied).
	CheckPolicy(ctx context.Context, pr Policy) error
}

type Permissions 

type Permissions []string

type Policy 

type Policy struct {
	// Domain contains the domain ID.
	Domain string `json:"domain,omitempty"`

	// Subject contains the subject ID or Token.
	Subject string `json:"subject"`

	// SubjectType contains the subject type. Supported subject types are
	// platform, group, domain, client, users.
	SubjectType string `json:"subject_type"`

	// SubjectKind contains the subject kind. Supported subject kinds are
	// token, users, platform, clients,  channels, groups, domain.
	SubjectKind string `json:"subject_kind"`

	// SubjectRelation contains subject relations.
	SubjectRelation string `json:"subject_relation,omitempty"`

	// ObjectPrefix contains the Optional Object Prefix which is used for delete with filter.
	ObjectPrefix string `json:"object_prefix"`

	// Object contains the object ID.
	Object string `json:"object"`

	// ObjectKind contains the object kind. Supported object kinds are
	// users, platform, clients,  channels, groups, domain.
	ObjectKind string `json:"object_kind"`

	// ObjectType contains the object type. Supported object types are
	// platform, group, domain, client, users.
	ObjectType string `json:"object_type"`

	// Relation contains the relation. Supported relations are administrator, editor, contributor, member, guest, parent_group,group,domain.
	Relation string `json:"relation,omitempty"`

	// Permission contains the permission. Supported permissions are admin, delete, edit, share, view,
	// membership, create, admin_only, edit_only, view_only, membership_only, ext_admin, ext_edit, ext_view.
	Permission string `json:"permission,omitempty"`
}

func (Policy) String 

func (pr Policy) String() string

type PolicyPage 

type PolicyPage struct {
	Policies      []string
	NextPageToken string
}

type Service 

type Service interface {
	// AddPolicy creates a policy for the given subject, so that, after
	// AddPolicy, `subject` has a `relation` on `object`. Returns a non-nil
	// error in case of failures.
	AddPolicy(ctx context.Context, pr Policy) error

	// AddPolicies adds new policies for given subjects. This method is
	// only allowed to use as an admin.
	AddPolicies(ctx context.Context, prs []Policy) error

	// DeletePolicyFilter removes policy for given policy filter request.
	DeletePolicyFilter(ctx context.Context, pr Policy) error

	// DeletePolicies deletes policies for given subjects. This method is
	// only allowed to use as an admin.
	DeletePolicies(ctx context.Context, prs []Policy) error

	// ListObjects lists policies based on the given Policy structure.
	ListObjects(ctx context.Context, pr Policy, nextPageToken string, limit uint64) (PolicyPage, error)

	// ListAllObjects lists all policies based on the given Policy structure.
	ListAllObjects(ctx context.Context, pr Policy) (PolicyPage, error)

	// CountObjects count policies based on the given Policy structure.
	CountObjects(ctx context.Context, pr Policy) (uint64, error)

	// ListSubjects lists subjects based on the given Policy structure.
	ListSubjects(ctx context.Context, pr Policy, nextPageToken string, limit uint64) (PolicyPage, error)

	// ListAllSubjects lists all subjects based on the given Policy structure.
	ListAllSubjects(ctx context.Context, pr Policy) (PolicyPage, error)

	// CountSubjects count policies based on the given Policy structure.
	CountSubjects(ctx context.Context, pr Policy) (uint64, error)

	// ListPermissions lists permission betweeen given subject and object .
	ListPermissions(ctx context.Context, pr Policy, permissionsFilter []string) (Permissions, error)
}

PolicyService facilitates the communication to authorization services and implements Authz functionalities for spicedb

Source Files

View all Source files

Directories

Path Synopsis
Package server contains the HTTP, gRPC and CoAP server implementation.
 Package server contains the HTTP, gRPC and CoAP server implementation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.