authz

package
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 27, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// AllowedActionsQuery represents the authorization's policy query used to
	// get the actions a given user is allowed to perform.
	AllowedActionsQuery = "data.artifacthub.authz.allowed_actions"
)

Variables

View Source
var (
	// AllowedActionsQueryRef represents a reference to AllowedActionsQuery.
	AllowedActionsQueryRef = ast.MustParseRef(AllowedActionsQuery)
)

Functions

func AreActionsAllowed added in v0.7.0

func AreActionsAllowed(allowedActions, actions []hub.Action) bool

AreActionsAllowed checks if a given list of actions are allowed checking against the list of allowed actions provided.

func IsActionAllowed added in v0.7.0

func IsActionAllowed(allowedActions []hub.Action, action hub.Action) bool

IsActionAllowed checks if a given action is allowed checking against the list of allowed actions provided.

func IsPredefinedPolicyValid

func IsPredefinedPolicyValid(predefinedPolicy string) bool

IsPredefinedPolicyValid checks if the provided predefined policy is valid.

Types

type Authorizer

type Authorizer struct {
	// contains filtered or unexported fields
}

Authorizer is in charge of authorizing actions that users intend to perform.

func NewAuthorizer

func NewAuthorizer(db hub.DB) (*Authorizer, error)

NewAuthorizer creates a new Authorizer instance.

func (*Authorizer) Authorize

func (a *Authorizer) Authorize(ctx context.Context, input *hub.AuthorizeInput) error

Authorize allows or denies if an action can be performed based on the input provided and the organization authorization policy. It queries the policy for all the actions the user is allowed to perform and checks if the action provided in the input is in that list.

func (*Authorizer) GetAllowedActions

func (a *Authorizer) GetAllowedActions(ctx context.Context, userID, orgName string) ([]hub.Action, error)

GetAllowedActions returns the actions a given user is allowed to perform in the provided organization. We'll obtain them querying the organization authorization policy.

func (*Authorizer) WillUserBeLockedOut added in v0.7.0

func (a *Authorizer) WillUserBeLockedOut(
	ctx context.Context,
	newPolicy *hub.AuthorizationPolicy,
	userID string,
) (bool, error)

WillUserBeLockedOut checks if the user will be locked out if the new policy provided is applied to the organization.

type AuthorizerMock

type AuthorizerMock struct {
	mock.Mock
}

AuthorizerMock is a mock implementation of the hub Authorizer interface.

func (*AuthorizerMock) Authorize

func (m *AuthorizerMock) Authorize(ctx context.Context, input *hub.AuthorizeInput) error

Authorize implements the Authorizer interface.

func (*AuthorizerMock) GetAllowedActions

func (m *AuthorizerMock) GetAllowedActions(ctx context.Context, userID, orgName string) ([]hub.Action, error)

GetAllowedActions implements the Authorizer interface.

func (*AuthorizerMock) WillUserBeLockedOut added in v0.7.0

func (m *AuthorizerMock) WillUserBeLockedOut(
	ctx context.Context,
	newPolicy *hub.AuthorizationPolicy,
	userID string,
) (bool, error)

WillUserBeLockedOut implements the Authorizer interface.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL