Documentation ¶
Index ¶
- Constants
- Variables
- func AllowPermissionInArrowBase(opts *validationOptions)
- func IsValidIdentifier(in string) bool
- func NormalizeIdentifier(in string) (string, error)
- func SkipNameValidation(opts *validationOptions)
- type ArrowPermission
- type ExclusionPermission
- type Identifier
- type Metadata
- type Model
- func (m *Model) Invert() *Model
- func (m *Model) Reader() (io.Reader, error)
- func (m *Model) StepRelation(r *Relation, subjs ...ObjectName) []*RelationRef
- func (m *Model) Validate(opts ...ValidationOption) error
- func (m *Model) ValidateRelation(on ObjectName, oid ObjectID, rn RelationName, sn ObjectName, sid ObjectID, ...) error
- func (m *Model) Write(w io.Writer) error
- type Object
- type ObjectID
- type ObjectName
- type Permission
- type PermissionTerm
- type PermissionTerms
- type Relation
- type RelationAssignment
- type RelationName
- type RelationRef
- type RelationRefs
- type ValidationOption
Constants ¶
View Source
const ( ObjectNameSeparator = "^" SubjectRelationSeparator = "#" GeneratedPermissionPrefix = "$" )
View Source
const ModelVersion int = 4
Variables ¶
View Source
var ErrInvalidIdentifier = errors.New("invalid identifier")
Functions ¶
func AllowPermissionInArrowBase ¶ added in v0.1.5
func AllowPermissionInArrowBase(opts *validationOptions)
func IsValidIdentifier ¶ added in v0.0.5
func NormalizeIdentifier ¶ added in v0.0.5
func SkipNameValidation ¶ added in v0.1.5
func SkipNameValidation(opts *validationOptions)
Types ¶
type ArrowPermission ¶
type ExclusionPermission ¶
type ExclusionPermission struct { Include *PermissionTerm `json:"include,omitempty"` Exclude *PermissionTerm `json:"exclude,omitempty"` }
type Identifier ¶ added in v0.0.5
type Identifier string
Identifier is the string representation of an object, relation and permission type name.
Identifiers are bounded by the underlying defined regex definition (reIdentifier).
An identifier MUST be: - all lowercase characters - have a minimum length of 3 characters - have a maximum length of 64 characters - start with a character (a-z) - end with a character of a digit (a-z0-9) - can contain dots, underscores and dashes, between the first and last position.
func (Identifier) Valid ¶ added in v0.0.5
func (i Identifier) Valid() bool
type Model ¶
type Model struct { Version int `json:"version"` Objects map[ObjectName]*Object `json:"types"` Metadata *Metadata `json:"metadata"` }
func (*Model) StepRelation ¶ added in v0.1.1
func (m *Model) StepRelation(r *Relation, subjs ...ObjectName) []*RelationRef
func (*Model) Validate ¶ added in v0.1.0
func (m *Model) Validate(opts ...ValidationOption) error
Validate enforces the model's internal consistency.
It enforces the following rules:
- Within an object, a permission cannot share the same name as a relation.
- Direct relations must reference existing objects .
- Wildcard relations must reference existing objects.
- Subject relations must reference existing object#relation pairs.
- Arrow permissions (relation->rel_or_perm) must reference existing relations/permissions.
func (*Model) ValidateRelation ¶ added in v0.1.0
func (m *Model) ValidateRelation(on ObjectName, oid ObjectID, rn RelationName, sn ObjectName, sid ObjectID, srn RelationName) error
type Object ¶
type Object struct { Relations map[RelationName]*Relation `json:"relations,omitempty"` Permissions map[RelationName]*Permission `json:"permissions,omitempty"` }
func (*Object) HasPermission ¶ added in v0.1.0
func (o *Object) HasPermission(name RelationName) bool
func (*Object) HasRelOrPerm ¶ added in v0.1.0
func (o *Object) HasRelOrPerm(name RelationName) bool
func (*Object) HasRelation ¶ added in v0.1.0
func (o *Object) HasRelation(name RelationName) bool
func (*Object) SubjectTypes ¶ added in v0.1.4
func (o *Object) SubjectTypes(name RelationName) []ObjectName
SubjectTypes returns the list of possible subject types for the given relation or permission.
type ObjectName ¶
type ObjectName Identifier
func (ObjectName) String ¶ added in v0.0.14
func (on ObjectName) String() string
func (ObjectName) Valid ¶ added in v0.1.5
func (on ObjectName) Valid() bool
type Permission ¶
type Permission struct { Union PermissionTerms `json:"union,omitempty"` Intersection PermissionTerms `json:"intersection,omitempty"` Exclusion *ExclusionPermission `json:"exclusion,omitempty"` SubjectTypes []ObjectName `json:"subject_types,omitempty"` Intermediates RelationRefs `json:"intermediates,omitempty"` }
func (*Permission) AddTerm ¶ added in v0.1.4
func (p *Permission) AddTerm(pt *PermissionTerm)
func (*Permission) IsExclusion ¶ added in v0.1.0
func (p *Permission) IsExclusion() bool
func (*Permission) IsIntersection ¶ added in v0.1.0
func (p *Permission) IsIntersection() bool
func (*Permission) IsUnion ¶ added in v0.1.0
func (p *Permission) IsUnion() bool
func (*Permission) Terms ¶ added in v0.1.0
func (p *Permission) Terms() []*PermissionTerm
func (*Permission) Types ¶ added in v0.1.5
func (p *Permission) Types() RelationRefs
type PermissionTerm ¶ added in v0.1.0
type PermissionTerm struct { Base RelationName `json:"base,omitempty"` RelOrPerm RelationName `json:"rel_or_perm"` SubjectTypes []ObjectName `json:"subject_types,omitempty"` Intermediates RelationRefs `json:"intermediates,omitempty"` }
func (*PermissionTerm) IsArrow ¶ added in v0.1.0
func (pr *PermissionTerm) IsArrow() bool
func (*PermissionTerm) String ¶ added in v0.1.4
func (pr *PermissionTerm) String() string
type PermissionTerms ¶ added in v0.1.4
type PermissionTerms []*PermissionTerm
func (PermissionTerms) Contains ¶ added in v0.1.4
func (pts PermissionTerms) Contains(pt *PermissionTerm) bool
type Relation ¶
type Relation struct { Union []*RelationRef `json:"union,omitempty"` SubjectTypes []ObjectName `json:"subject_types,omitempty"` Intermediates RelationRefs `json:"intermediates,omitempty"` }
func (*Relation) AddRef ¶ added in v0.1.4
func (r *Relation) AddRef(rr *RelationRef)
func (*Relation) AllRefs ¶ added in v0.1.5
func (r *Relation) AllRefs() []RelationRef
func (*Relation) Types ¶ added in v0.1.5
func (r *Relation) Types() RelationRefs
type RelationAssignment ¶ added in v0.1.0
type RelationAssignment int
const ( RelationAssignmentUnknown RelationAssignment = iota RelationAssignmentDirect RelationAssignmentSubject RelationAssignmentWildcard )
type RelationName ¶
type RelationName Identifier
func InverseRelation ¶ added in v0.1.4
func InverseRelation(on ObjectName, rn RelationName, srn ...RelationName) RelationName
func PermForRel ¶ added in v0.1.5
func PermForRel(rn RelationName) RelationName
func (RelationName) String ¶ added in v0.0.14
func (rn RelationName) String() string
func (RelationName) Valid ¶ added in v0.1.5
func (rn RelationName) Valid() bool
type RelationRef ¶ added in v0.1.0
type RelationRef struct { Object ObjectName `json:"object,omitempty"` Relation RelationName `json:"relation,omitempty"` }
func NewRelationRef ¶ added in v0.1.0
func NewRelationRef(on ObjectName, rn RelationName) *RelationRef
func (*RelationRef) Assignment ¶ added in v0.1.0
func (rr *RelationRef) Assignment() RelationAssignment
func (*RelationRef) IsDirect ¶ added in v0.1.0
func (rr *RelationRef) IsDirect() bool
func (*RelationRef) IsSubject ¶ added in v0.1.0
func (rr *RelationRef) IsSubject() bool
func (*RelationRef) IsWildcard ¶ added in v0.1.0
func (rr *RelationRef) IsWildcard() bool
func (*RelationRef) String ¶ added in v0.1.0
func (rr *RelationRef) String() string
type RelationRefs ¶ added in v0.1.5
type RelationRefs []RelationRef
type ValidationOption ¶ added in v0.1.5
type ValidationOption func(*validationOptions)
Click to show internal directories.
Click to hide internal directories.