Documentation
¶
Index ¶
- Constants
- Variables
- func IsValidIdentifier(in string) bool
- func NormalizeIdentifier(in string) (string, error)
- type ArrowPermission
- type ExclusionPermission
- type Identifier
- type Metadata
- type Model
- func (m *Model) Reader() (io.Reader, error)
- func (m *Model) StepRelation(r *Relation, subjs ...ObjectName) []*RelationRef
- func (m *Model) Validate() error
- func (m *Model) ValidateRelation(on ObjectName, oid ObjectID, rn RelationName, sn ObjectName, sid ObjectID, ...) error
- func (m *Model) Write(w io.Writer) error
- type Object
- type ObjectID
- type ObjectName
- type Permission
- type PermissionTerm
- type Relation
- type RelationAssignment
- type RelationName
- type RelationRef
Constants ¶
View Source
const ModelVersion int = 2
Variables ¶
View Source
var ErrInvalidIdentifier = errors.New("invalid identifier")
Functions ¶
func IsValidIdentifier ¶ added in v0.0.5
func NormalizeIdentifier ¶ added in v0.0.5
Types ¶
type ArrowPermission ¶
type ExclusionPermission ¶
type ExclusionPermission struct {
Include *PermissionTerm `json:"include,omitempty"`
Exclude *PermissionTerm `json:"exclude,omitempty"`
}
type Identifier ¶ added in v0.0.5
type Identifier string
Identifier is the string representation of an object, relation and permission type name.
Identifiers are bounded by the underlying defined regex definition (reIdentifier).
An identifier MUST be: - all lowercase characters - have a minimum length of 3 characters - have a maximum length of 64 characters - start with a character (a-z) - end with a character of a digit (a-z0-9) - can contain dots, underscores and dashes, between the first and last position.
func (Identifier) Valid ¶ added in v0.0.5
func (i Identifier) Valid() bool
type Model ¶
type Model struct {
Version int `json:"version"`
Objects map[ObjectName]*Object `json:"types"`
Metadata *Metadata `json:"metadata"`
}
func (*Model) StepRelation ¶ added in v0.1.1
func (m *Model) StepRelation(r *Relation, subjs ...ObjectName) []*RelationRef
func (*Model) Validate ¶ added in v0.1.0
Validate enforces the model's internal consistency.
It enforces the following rules:
- Within an object, a permission cannot share the same name as a relation.
- Direct relations must reference existing objects .
- Wildcard relations must reference existing objects.
- Subject relations must reference existing object#relation pairs.
- Arrow permissions (relation->rel_or_perm) must reference existing relations/permissions.
func (*Model) ValidateRelation ¶ added in v0.1.0
func (m *Model) ValidateRelation(on ObjectName, oid ObjectID, rn RelationName, sn ObjectName, sid ObjectID, srn RelationName) error
type Object ¶
type Object struct {
Relations map[RelationName]*Relation `json:"relations,omitempty"`
Permissions map[RelationName]*Permission `json:"permissions,omitempty"`
}
func (*Object) HasPermission ¶ added in v0.1.0
func (o *Object) HasPermission(name RelationName) bool
func (*Object) HasRelOrPerm ¶ added in v0.1.0
func (o *Object) HasRelOrPerm(name RelationName) bool
func (*Object) HasRelation ¶ added in v0.1.0
func (o *Object) HasRelation(name RelationName) bool
type ObjectName ¶
type ObjectName Identifier
func (ObjectName) String ¶ added in v0.0.14
func (on ObjectName) String() string
type Permission ¶
type Permission struct {
Union []*PermissionTerm `json:"union,omitempty"`
Intersection []*PermissionTerm `json:"intersection,omitempty"`
Exclusion *ExclusionPermission `json:"exclusion,omitempty"`
SubjectTypes []ObjectName `json:"subject_types,omitempty"`
}
func (*Permission) IsExclusion ¶ added in v0.1.0
func (p *Permission) IsExclusion() bool
func (*Permission) IsIntersection ¶ added in v0.1.0
func (p *Permission) IsIntersection() bool
func (*Permission) IsUnion ¶ added in v0.1.0
func (p *Permission) IsUnion() bool
func (*Permission) Terms ¶ added in v0.1.0
func (p *Permission) Terms() []*PermissionTerm
type PermissionTerm ¶ added in v0.1.0
type PermissionTerm struct {
Base RelationName `json:"base,omitempty"`
RelOrPerm RelationName `json:"rel_or_perm"`
SubjectTypes []ObjectName `json:"subject_types,omitempty"`
}
func (*PermissionTerm) IsArrow ¶ added in v0.1.0
func (pr *PermissionTerm) IsArrow() bool
type Relation ¶
type Relation struct {
Union []*RelationRef `json:"union,omitempty"`
SubjectTypes []ObjectName `json:"subject_types,omitempty"`
}
type RelationAssignment ¶ added in v0.1.0
type RelationAssignment int
const ( RelationAssignmentUnknown RelationAssignment = iota RelationAssignmentDirect RelationAssignmentSubject RelationAssignmentWildcard )
type RelationName ¶
type RelationName Identifier
func (RelationName) String ¶ added in v0.0.14
func (rn RelationName) String() string
type RelationRef ¶ added in v0.1.0
type RelationRef struct {
Object ObjectName `json:"object,omitempty"`
Relation RelationName `json:"relation,omitempty"`
}
func NewRelationRef ¶ added in v0.1.0
func NewRelationRef(on ObjectName, rn RelationName) *RelationRef
func (*RelationRef) Assignment ¶ added in v0.1.0
func (rr *RelationRef) Assignment() RelationAssignment
func (*RelationRef) IsDirect ¶ added in v0.1.0
func (rr *RelationRef) IsDirect() bool
func (*RelationRef) IsSubject ¶ added in v0.1.0
func (rr *RelationRef) IsSubject() bool
func (*RelationRef) IsWildcard ¶ added in v0.1.0
func (rr *RelationRef) IsWildcard() bool
func (*RelationRef) String ¶ added in v0.1.0
func (rr *RelationRef) String() string
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.