model

package
v0.1.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 12, 2024 License: Apache-2.0 Imports: 14 Imported by: 5

Documentation

Index

Constants

View Source
const (
	ObjectNameSeparator       = "^"
	SubjectRelationSeparator  = "#"
	GeneratedPermissionPrefix = "$"
)
View Source
const ModelVersion int = 4

Variables

View Source
var ErrInvalidIdentifier = errors.New("invalid identifier")

Functions

func AllowPermissionInArrowBase added in v0.1.5

func AllowPermissionInArrowBase(opts *validationOptions)

func IsValidIdentifier added in v0.0.5

func IsValidIdentifier(in string) bool

func NormalizeIdentifier added in v0.0.5

func NormalizeIdentifier(in string) (string, error)

func SkipNameValidation added in v0.1.5

func SkipNameValidation(opts *validationOptions)

Types

type ArrowPermission

type ArrowPermission struct {
	Relation   string `json:"relation,omitempty"`
	Permission string `json:"permission,omitempty"`
}

type ExclusionPermission

type ExclusionPermission struct {
	Include *PermissionTerm `json:"include,omitempty"`
	Exclude *PermissionTerm `json:"exclude,omitempty"`
}

type Identifier added in v0.0.5

type Identifier string

Identifier is the string representation of an object, relation and permission type name.

Identifiers are bounded by the underlying defined regex definition (reIdentifier).

An identifier MUST be: - all lowercase characters - have a minimum length of 3 characters - have a maximum length of 64 characters - start with a character (a-z) - end with a character of a digit (a-z0-9) - can contain dots, underscores and dashes, between the first and last position.

func (Identifier) Valid added in v0.0.5

func (i Identifier) Valid() bool

type Metadata added in v0.0.4

type Metadata struct {
	UpdatedAt time.Time `json:"updated_at"`
	ETag      string    `json:"etag"`
}

type Model

type Model struct {
	Version  int                    `json:"version"`
	Objects  map[ObjectName]*Object `json:"types"`
	Metadata *Metadata              `json:"metadata"`
}

func New added in v0.0.3

func New(r io.Reader) (*Model, error)

func (*Model) Invert added in v0.1.4

func (m *Model) Invert() *Model

func (*Model) Reader added in v0.0.3

func (m *Model) Reader() (io.Reader, error)

func (*Model) StepRelation added in v0.1.1

func (m *Model) StepRelation(r *Relation, subjs ...ObjectName) []*RelationRef

func (*Model) Validate added in v0.1.0

func (m *Model) Validate(opts ...ValidationOption) error

Validate enforces the model's internal consistency.

It enforces the following rules:

  • Within an object, a permission cannot share the same name as a relation.
  • Direct relations must reference existing objects .
  • Wildcard relations must reference existing objects.
  • Subject relations must reference existing object#relation pairs.
  • Arrow permissions (relation->rel_or_perm) must reference existing relations/permissions.

func (*Model) ValidateRelation added in v0.1.0

func (m *Model) ValidateRelation(on ObjectName, oid ObjectID, rn RelationName, sn ObjectName, sid ObjectID, srn RelationName) error

func (*Model) Write added in v0.0.4

func (m *Model) Write(w io.Writer) error

type Object

type Object struct {
	Relations   map[RelationName]*Relation   `json:"relations,omitempty"`
	Permissions map[RelationName]*Permission `json:"permissions,omitempty"`
}

func NewObject added in v0.1.4

func NewObject() *Object

func (*Object) HasPermission added in v0.1.0

func (o *Object) HasPermission(name RelationName) bool

func (*Object) HasRelOrPerm added in v0.1.0

func (o *Object) HasRelOrPerm(name RelationName) bool

func (*Object) HasRelation added in v0.1.0

func (o *Object) HasRelation(name RelationName) bool

func (*Object) SubjectTypes added in v0.1.4

func (o *Object) SubjectTypes(name RelationName) []ObjectName

SubjectTypes returns the list of possible subject types for the given relation or permission.

type ObjectID added in v0.1.0

type ObjectID string

func (ObjectID) IsWildcard added in v0.1.0

func (id ObjectID) IsWildcard() bool

func (ObjectID) String added in v0.1.0

func (id ObjectID) String() string

type ObjectName

type ObjectName Identifier

func (ObjectName) String added in v0.0.14

func (on ObjectName) String() string

func (ObjectName) Valid added in v0.1.5

func (on ObjectName) Valid() bool

type Permission

type Permission struct {
	Union        PermissionTerms      `json:"union,omitempty"`
	Intersection PermissionTerms      `json:"intersection,omitempty"`
	Exclusion    *ExclusionPermission `json:"exclusion,omitempty"`

	SubjectTypes  []ObjectName `json:"subject_types,omitempty"`
	Intermediates RelationRefs `json:"intermediates,omitempty"`
}

func (*Permission) AddTerm added in v0.1.4

func (p *Permission) AddTerm(pt *PermissionTerm)

func (*Permission) IsExclusion added in v0.1.0

func (p *Permission) IsExclusion() bool

func (*Permission) IsIntersection added in v0.1.0

func (p *Permission) IsIntersection() bool

func (*Permission) IsUnion added in v0.1.0

func (p *Permission) IsUnion() bool

func (*Permission) Terms added in v0.1.0

func (p *Permission) Terms() []*PermissionTerm

func (*Permission) Types added in v0.1.5

func (p *Permission) Types() RelationRefs

type PermissionTerm added in v0.1.0

type PermissionTerm struct {
	Base      RelationName `json:"base,omitempty"`
	RelOrPerm RelationName `json:"rel_or_perm"`

	SubjectTypes  []ObjectName `json:"subject_types,omitempty"`
	Intermediates RelationRefs `json:"intermediates,omitempty"`
}

func (*PermissionTerm) IsArrow added in v0.1.0

func (pr *PermissionTerm) IsArrow() bool

func (*PermissionTerm) String added in v0.1.4

func (pr *PermissionTerm) String() string

func (*PermissionTerm) Types added in v0.1.9

func (pr *PermissionTerm) Types() RelationRefs

type PermissionTerms added in v0.1.4

type PermissionTerms []*PermissionTerm

func (PermissionTerms) Contains added in v0.1.4

func (pts PermissionTerms) Contains(pt *PermissionTerm) bool

type Relation

type Relation struct {
	Union         []*RelationRef `json:"union,omitempty"`
	SubjectTypes  []ObjectName   `json:"subject_types,omitempty"`
	Intermediates RelationRefs   `json:"intermediates,omitempty"`
}

func (*Relation) AddRef added in v0.1.4

func (r *Relation) AddRef(rr *RelationRef)

func (*Relation) AllRefs added in v0.1.5

func (r *Relation) AllRefs() []RelationRef

func (*Relation) Types added in v0.1.5

func (r *Relation) Types() RelationRefs

type RelationAssignment added in v0.1.0

type RelationAssignment int
const (
	RelationAssignmentUnknown RelationAssignment = iota
	RelationAssignmentDirect
	RelationAssignmentSubject
	RelationAssignmentWildcard
)

type RelationName

type RelationName Identifier

func InverseRelation added in v0.1.4

func InverseRelation(on ObjectName, rn RelationName, srn ...RelationName) RelationName

func PermForRel added in v0.1.5

func PermForRel(rn RelationName) RelationName

func (RelationName) String added in v0.0.14

func (rn RelationName) String() string

func (RelationName) Valid added in v0.1.5

func (rn RelationName) Valid() bool

type RelationRef added in v0.1.0

type RelationRef struct {
	Object   ObjectName   `json:"object,omitempty"`
	Relation RelationName `json:"relation,omitempty"`
}

func NewRelationRef added in v0.1.0

func NewRelationRef(on ObjectName, rn RelationName) *RelationRef

func (*RelationRef) Assignment added in v0.1.0

func (rr *RelationRef) Assignment() RelationAssignment

func (*RelationRef) IsDirect added in v0.1.0

func (rr *RelationRef) IsDirect() bool

func (*RelationRef) IsSubject added in v0.1.0

func (rr *RelationRef) IsSubject() bool

func (*RelationRef) IsWildcard added in v0.1.0

func (rr *RelationRef) IsWildcard() bool

func (*RelationRef) String added in v0.1.0

func (rr *RelationRef) String() string

type RelationRefs added in v0.1.5

type RelationRefs []RelationRef

type ValidationOption added in v0.1.5

type ValidationOption func(*validationOptions)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL