namespace

package
v1.25.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 23, 2023 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AnnotateNamespace added in v1.7.0 

func AnnotateNamespace(ts *ValidatedNamespaceTypeSystem) error

AnnotateNamespace annotates the namespace in the type system with computed aliasing and cache key metadata for more efficient dispatching.

func CheckNamespaceAndRelation added in v1.8.0 

func CheckNamespaceAndRelation(
	ctx context.Context,
	namespace string,
	relation string,
	allowEllipsis bool,
	ds datastore.Reader,
) error

CheckNamespaceAndRelation checks that the specified namespace and relation exist in the datastore.

Returns datastore.ErrNamespaceNotFound if the namespace cannot be found. Returns ErrRelationNotFound if the relation was not found in the namespace. Returns the direct downstream error for all other unknown error.

func CheckNamespaceAndRelations added in v1.22.0 

func CheckNamespaceAndRelations(ctx context.Context, checks []TypeAndRelationToCheck, ds datastore.Reader) error

CheckNamespaceAndRelations ensures that the given namespace+relation checks all succeed. If any fail, returns an error.

Returns ErrNamespaceNotFound if the namespace cannot be found. Returns ErrRelationNotFound if the relation was not found in the namespace. Returns the direct downstream error for all other unknown error.

func ListReferencedNamespaces added in v1.12.0 

func ListReferencedNamespaces(nsdefs []*core.NamespaceDefinition) []string

ListReferencedNamespaces returns the names of all namespaces referenced in the given namespace definitions. This includes the namespaces themselves, as well as any found in type information on relations.

func NewCaveatNotFoundErr added in v1.14.0 

func NewCaveatNotFoundErr(caveatName string) error

NewCaveatNotFoundErr constructs a new caveat not found error.

func NewDuplicateAllowedRelationErr added in v1.14.0 

func NewDuplicateAllowedRelationErr(nsName string, relationName string, allowedRelationSource string) error

NewDuplicateAllowedRelationErr constructs an error indicating that an allowed relation was defined more than once for a relation.

func NewDuplicateRelationError added in v1.13.0 

func NewDuplicateRelationError(nsName string, relationName string) error

NewDuplicateRelationError constructs an error indicating that a relation was defined more than once in a namespace.

func NewMissingAllowedRelationsErr added in v1.13.0 

func NewMissingAllowedRelationsErr(nsName string, relationName string) error

NewMissingAllowedRelationsErr constructs an error indicating that type information is missing for a relation.

func NewNamespaceNotFoundErr 

func NewNamespaceNotFoundErr(nsName string) error

NewNamespaceNotFoundErr constructs a new namespace not found error.

func NewPermissionUsedOnLeftOfArrowErr added in v1.13.0 

func NewPermissionUsedOnLeftOfArrowErr(nsName string, parentPermissionName string, foundPermissionName string) error

NewPermissionUsedOnLeftOfArrowErr constructs an error indicating that a permission was used on the left side of an arrow.

func NewPermissionsCycleErr added in v1.13.0 

func NewPermissionsCycleErr(nsName string, permissionNames []string) error

NewPermissionsCycleErr constructs an error indicating that a cycle exists amongst permissions.

func NewRelationNotFoundErr 

func NewRelationNotFoundErr(nsName string, relationName string) error

NewRelationNotFoundErr constructs a new relation not found error.

func NewTransitiveWildcardErr added in v1.13.0 

func NewTransitiveWildcardErr(nsName string, relationName string, foundRelationNamespace string, foundRelationName string, wildcardTypeName string, wildcardRelationReference string) error

NewTransitiveWildcardErr constructs an error indicating that a transitive wildcard exists.

func NewUnusedCaveatParameterErr added in v1.14.0 

func NewUnusedCaveatParameterErr(caveatName string, paramName string) error

NewUnusedCaveatParameterErr constructs indicating that a parameter was unused in a caveat expression.

func NewWildcardUsedInArrowErr added in v1.13.0 

func NewWildcardUsedInArrowErr(nsName string, parentPermissionName string, foundRelationName string, wildcardTypeName string, wildcardRelationName string) error

NewWildcardUsedInArrowErr constructs an error indicating that an arrow operated over a relation with a wildcard type.

func ReadNamespaceAndRelation added in v1.8.0 

func ReadNamespaceAndRelation(
	ctx context.Context,
	namespace string,
	relation string,
	ds datastore.Reader,
) (*core.NamespaceDefinition, *core.Relation, error)

ReadNamespaceAndRelation checks that the specified namespace and relation exist in the datastore.

Returns ErrNamespaceNotFound if the namespace cannot be found. Returns ErrRelationNotFound if the relation was not found in the namespace. Returns the direct downstream error for all other unknown error.

func SourceForAllowedRelation added in v1.14.0 

func SourceForAllowedRelation(allowedRelation *core.AllowedRelation) string

SourceForAllowedRelation returns the source code representation of an allowed relation.

func ValidateCaveatDefinition added in v1.14.0 

func ValidateCaveatDefinition(caveat *core.CaveatDefinition) error

ValidateCaveatDefinition validates the parameters and types within the given caveat definition, including usage of the parameters.

Types

type AllowedDirectRelation 

type AllowedDirectRelation int

AllowedDirectRelation indicates whether a relation is allowed on the right side of another relation. 

const (
	// UnknownIfRelationAllowed indicates that no type information is defined for
	// this relation.
	UnknownIfRelationAllowed AllowedDirectRelation = iota

	// DirectRelationValid indicates that the specified subject relation is valid as
	// part of a *direct* tuple on the relation.
	DirectRelationValid

	// DirectRelationNotValid indicates that the specified subject relation is not
	// valid as part of a *direct* tuple on the relation.
	DirectRelationNotValid
)

type AllowedNamespaceOption added in v1.22.0 

type AllowedNamespaceOption int

AllowedNamespaceOption indicates whether an allowed namespace of a particular kind is allowed on the right side of another relation. 

const (
	// UnknownIfAllowedNamespace indicates that no type information is defined for
	// this relation.
	UnknownIfAllowedNamespace AllowedNamespaceOption = iota

	// AllowedNamespaceValid indicates that the specified subject namespace is valid.
	AllowedNamespaceValid

	// AllowedNamespaceNotValid indicates that the specified subject namespace is not valid.
	AllowedNamespaceNotValid
)

type AllowedPublicSubject added in v1.3.0 

type AllowedPublicSubject int

AllowedPublicSubject indicates whether a public subject of a particular kind is allowed on the right side of another relation. 

const (
	// UnknownIfPublicAllowed indicates that no type information is defined for
	// this relation.
	UnknownIfPublicAllowed AllowedPublicSubject = iota

	// PublicSubjectAllowed indicates that the specified subject wildcard is valid as
	// part of a *direct* tuple on the relation.
	PublicSubjectAllowed

	// PublicSubjectNotAllowed indicates that the specified subject wildcard is not
	// valid as part of a *direct* tuple on the relation.
	PublicSubjectNotAllowed
)

type AllowedRelationOption added in v1.14.0 

type AllowedRelationOption int

AllowedRelationOption indicates whether an allowed relation of a particular kind is allowed on the right side of another relation. 

const (
	// UnknownIfAllowed indicates that no type information is defined for
	// this relation.
	UnknownIfAllowed AllowedRelationOption = iota

	// AllowedRelationValid indicates that the specified subject relation is valid.
	AllowedRelationValid

	// AllowedRelationNotValid indicates that the specified subject relation is not valid.
	AllowedRelationNotValid
)

type Delta 

type Delta struct {
	// Type is the type of this delta.
	Type DeltaType

	// RelationName is the name of the relation to which this delta applies, if any.
	RelationName string

	// AllowedType is the allowed relation type added or removed, if any.
	AllowedType *core.AllowedRelation
}

type DeltaType 

type DeltaType string

DeltaType defines the type of namespace deltas. 

const (
	// NamespaceAdded indicates that the namespace was newly added/created.
	NamespaceAdded DeltaType = "namespace-added"

	// NamespaceRemoved indicates that the namespace was removed.
	NamespaceRemoved DeltaType = "namespace-removed"

	// AddedRelation indicates that the relation was added to the namespace.
	AddedRelation DeltaType = "added-relation"

	// RemovedRelation indicates that the relation was removed from the namespace.
	RemovedRelation DeltaType = "removed-relation"

	// AddedPermission indicates that the permission was added to the namespace.
	AddedPermission DeltaType = "added-permission"

	// RemovedPermission indicates that the permission was removed from the namespace.
	RemovedPermission DeltaType = "removed-permission"

	// ChangedPermissionImpl indicates that the implementation of the permission has changed in some
	// way.
	ChangedPermissionImpl DeltaType = "changed-permission-implementation"

	// LegacyChangedRelationImpl indicates that the implementation of the relation has changed in some
	// way. This is for legacy checks and should not apply to any modern namespaces created
	// via schema.
	LegacyChangedRelationImpl DeltaType = "legacy-changed-relation-implementation"

	// RelationAllowedTypeAdded indicates that an allowed relation type has been added to
	// the relation.
	RelationAllowedTypeAdded DeltaType = "relation-allowed-type-added"

	// RelationAllowedTypeRemoved indicates that an allowed relation type has been removed from
	// the relation.
	RelationAllowedTypeRemoved DeltaType = "relation-allowed-type-removed"
)

type Diff added in v1.7.0 

type Diff struct {
	// contains filtered or unexported fields
}

Diff holds the diff between two namespaces.

func DiffNamespaces 

func DiffNamespaces(existing *core.NamespaceDefinition, updated *core.NamespaceDefinition) (*Diff, error)

DiffNamespaces performs a diff between two namespace definitions. One or both of the definitions can be `nil`, which will be treated as an add/remove as applicable.

func (Diff) Deltas added in v1.7.0 

func (nd Diff) Deltas() []Delta

Deltas returns the deltas between the two namespaces.

type ErrCaveatNotFound added in v1.14.0 

type ErrCaveatNotFound struct {
	// contains filtered or unexported fields
}

ErrCaveatNotFound occurs when a caveat was not found.

func (ErrCaveatNotFound) CaveatName added in v1.14.0 

func (err ErrCaveatNotFound) CaveatName() string

CaveatName returns the name of the caveat not found.

func (ErrCaveatNotFound) DetailsMetadata added in v1.14.0 

func (err ErrCaveatNotFound) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (ErrCaveatNotFound) MarshalZerologObject added in v1.14.0 

func (err ErrCaveatNotFound) MarshalZerologObject(e *zerolog.Event)

type ErrDuplicateAllowedRelation added in v1.14.0 

type ErrDuplicateAllowedRelation struct {
	// contains filtered or unexported fields
}

ErrDuplicateAllowedRelation indicates that an allowed relation was redefined on a relation.

func (ErrDuplicateAllowedRelation) DetailsMetadata added in v1.14.0 

func (err ErrDuplicateAllowedRelation) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (ErrDuplicateAllowedRelation) MarshalZerologObject added in v1.14.0 

func (err ErrDuplicateAllowedRelation) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type ErrDuplicateRelation added in v1.13.0 

type ErrDuplicateRelation struct {
	// contains filtered or unexported fields
}

ErrDuplicateRelation occurs when a duplicate relation was found inside a namespace.

func (ErrDuplicateRelation) DetailsMetadata added in v1.14.0 

func (err ErrDuplicateRelation) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (ErrDuplicateRelation) MarshalZerologObject added in v1.13.0 

func (err ErrDuplicateRelation) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type ErrMissingAllowedRelations added in v1.13.0 

type ErrMissingAllowedRelations struct {
	// contains filtered or unexported fields
}

ErrMissingAllowedRelations occurs when a relation is defined without any type information.

func (ErrMissingAllowedRelations) DetailsMetadata added in v1.14.0 

func (err ErrMissingAllowedRelations) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (ErrMissingAllowedRelations) MarshalZerologObject added in v1.13.0 

func (err ErrMissingAllowedRelations) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type ErrNamespaceNotFound 

type ErrNamespaceNotFound struct {
	// contains filtered or unexported fields
}

ErrNamespaceNotFound occurs when a namespace was not found.

func (ErrNamespaceNotFound) DetailsMetadata added in v1.14.0 

func (err ErrNamespaceNotFound) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (ErrNamespaceNotFound) MarshalZerologObject 

func (err ErrNamespaceNotFound) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

func (ErrNamespaceNotFound) NotFoundNamespaceName 

func (err ErrNamespaceNotFound) NotFoundNamespaceName() string

NotFoundNamespaceName is the name of the namespace not found.

type ErrPermissionUsedOnLeftOfArrow added in v1.13.0 

type ErrPermissionUsedOnLeftOfArrow struct {
	// contains filtered or unexported fields
}

ErrPermissionUsedOnLeftOfArrow occurs when a permission is used on the left side of an arrow expression.

func (ErrPermissionUsedOnLeftOfArrow) DetailsMetadata added in v1.14.0 

func (err ErrPermissionUsedOnLeftOfArrow) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (ErrPermissionUsedOnLeftOfArrow) MarshalZerologObject added in v1.13.0 

func (err ErrPermissionUsedOnLeftOfArrow) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type ErrPermissionsCycle added in v1.13.0 

type ErrPermissionsCycle struct {
	// contains filtered or unexported fields
}

ErrPermissionsCycle occurs when a cycle exists within permissions.

func (ErrPermissionsCycle) DetailsMetadata added in v1.14.0 

func (err ErrPermissionsCycle) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (ErrPermissionsCycle) MarshalZerologObject added in v1.13.0 

func (err ErrPermissionsCycle) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type ErrRelationNotFound 

type ErrRelationNotFound struct {
	// contains filtered or unexported fields
}

ErrRelationNotFound occurs when a relation was not found under a namespace.

func (ErrRelationNotFound) DetailsMetadata added in v1.14.0 

func (err ErrRelationNotFound) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (ErrRelationNotFound) MarshalZerologObject 

func (err ErrRelationNotFound) MarshalZerologObject(e *zerolog.Event)

func (ErrRelationNotFound) NamespaceName 

func (err ErrRelationNotFound) NamespaceName() string

NamespaceName returns the name of the namespace in which the relation was not found.

func (ErrRelationNotFound) NotFoundRelationName 

func (err ErrRelationNotFound) NotFoundRelationName() string

NotFoundRelationName returns the name of the relation not found.

type ErrTransitiveWildcard added in v1.13.0 

type ErrTransitiveWildcard struct {
	// contains filtered or unexported fields
}

ErrTransitiveWildcard occurs when a wildcard relation in turn references another wildcard relation.

func (ErrTransitiveWildcard) DetailsMetadata added in v1.14.0 

func (err ErrTransitiveWildcard) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (ErrTransitiveWildcard) MarshalZerologObject added in v1.13.0 

func (err ErrTransitiveWildcard) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type ErrUnusedCaveatParameter added in v1.14.0 

type ErrUnusedCaveatParameter struct {
	// contains filtered or unexported fields
}

ErrUnusedCaveatParameter indicates that a caveat parameter is unused in the caveat expression.

func (ErrUnusedCaveatParameter) DetailsMetadata added in v1.14.0 

func (err ErrUnusedCaveatParameter) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (ErrUnusedCaveatParameter) MarshalZerologObject added in v1.14.0 

func (err ErrUnusedCaveatParameter) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type ErrWildcardUsedInArrow added in v1.13.0 

type ErrWildcardUsedInArrow struct {
	// contains filtered or unexported fields
}

ErrWildcardUsedInArrow occurs when an arrow operates over a relation that contains a wildcard.

func (ErrWildcardUsedInArrow) DetailsMetadata added in v1.14.0 

func (err ErrWildcardUsedInArrow) DetailsMetadata() map[string]string

DetailsMetadata returns the metadata for details for this error.

func (ErrWildcardUsedInArrow) MarshalZerologObject added in v1.13.0 

func (err ErrWildcardUsedInArrow) MarshalZerologObject(e *zerolog.Event)

MarshalZerologObject implements zerolog object marshalling.

type PredefinedElements added in v1.14.0 

type PredefinedElements struct {
	Namespaces []*core.NamespaceDefinition
	Caveats    []*core.CaveatDefinition
}

PredefinedElements are predefined namespaces and/or caveats to give to a resolver.

type ReachabilityEntrypoint added in v1.8.0 

type ReachabilityEntrypoint struct {
	// contains filtered or unexported fields
}

ReachabilityEntrypoint is an entrypoint into the reachability graph for a subject of particular type.

func (ReachabilityEntrypoint) ContainingRelationOrPermission added in v1.8.0 

func (re ReachabilityEntrypoint) ContainingRelationOrPermission() *core.RelationReference

ContainingRelationOrPermission is the relation or permission containing this entrypoint.

func (ReachabilityEntrypoint) DirectRelation added in v1.8.0 

func (re ReachabilityEntrypoint) DirectRelation() (*core.RelationReference, error)

DirectRelation is the relation that this entrypoint represents, if a RELATION_ENTRYPOINT.

func (ReachabilityEntrypoint) EntrypointKind added in v1.8.0 

func (re ReachabilityEntrypoint) EntrypointKind() core.ReachabilityEntrypoint_ReachabilityEntrypointKind

EntrypointKind is the kind of the entrypoint.

func (ReachabilityEntrypoint) Hash added in v1.23.0 

func (re ReachabilityEntrypoint) Hash() (uint64, error)

Hash returns a hash representing the data in the entrypoint, for comparison to other entrypoints. This is ONLY stable within a single version of SpiceDB and should NEVER be stored for later comparison outside of the process.

func (ReachabilityEntrypoint) IsDirectResult added in v1.8.0 

func (re ReachabilityEntrypoint) IsDirectResult() bool

IsDirectResult returns whether the entrypoint, when evaluated, becomes a direct result of the parent relation/permission. A direct result only exists if the entrypoint is not contained under an intersection or exclusion, which makes the entrypoint's object merely conditionally reachable.

func (ReachabilityEntrypoint) MustDebugString added in v1.22.0 

func (re ReachabilityEntrypoint) MustDebugString() string

func (ReachabilityEntrypoint) String added in v1.22.0 

func (re ReachabilityEntrypoint) String() string

func (ReachabilityEntrypoint) TuplesetRelation added in v1.8.0 

func (re ReachabilityEntrypoint) TuplesetRelation() (string, error)

TuplesetRelation returns the tupleset relation of the TTU, if a TUPLESET_TO_USERSET_ENTRYPOINT.

type ReachabilityGraph added in v1.8.0 

type ReachabilityGraph struct {
	// contains filtered or unexported fields
}

ReachabilityGraph is a helper struct that provides an easy way to determine all entrypoints for a subject of a particular type into a schema, for the purpose of walking from the subject to a specific resource relation.

func ReachabilityGraphFor added in v1.8.0 

func ReachabilityGraphFor(ts *ValidatedNamespaceTypeSystem) *ReachabilityGraph

ReachabilityGraphFor returns a reachability graph for the given namespace.

func (*ReachabilityGraph) AllEntrypointsForSubjectToResource added in v1.8.0 

func (rg *ReachabilityGraph) AllEntrypointsForSubjectToResource(
	ctx context.Context,
	subjectType *core.RelationReference,
	resourceType *core.RelationReference,
) ([]ReachabilityEntrypoint, error)

AllEntrypointsForSubjectToResource returns the entrypoints into the reachability graph, starting at the given subject type and walking to the given resource type.

func (*ReachabilityGraph) HasOptimizedEntrypointsForSubjectToResource added in v1.8.0 

func (rg *ReachabilityGraph) HasOptimizedEntrypointsForSubjectToResource(
	ctx context.Context,
	subjectType *core.RelationReference,
	resourceType *core.RelationReference,
) (bool, error)

HasOptimizedEntrypointsForSubjectToResource returns whether there exists any *optimized* entrypoints into the reachability graph, starting at the given subject type and walking to the given resource type.

The optimized set will skip branches on intersections and exclusions in an attempt to minimize the number of entrypoints.

func (*ReachabilityGraph) OptimizedEntrypointsForSubjectToResource added in v1.8.0 

func (rg *ReachabilityGraph) OptimizedEntrypointsForSubjectToResource(
	ctx context.Context,
	subjectType *core.RelationReference,
	resourceType *core.RelationReference,
) ([]ReachabilityEntrypoint, error)

OptimizedEntrypointsForSubjectToResource returns the *optimized* set of entrypoints into the reachability graph, starting at the given subject type and walking to the given resource type.

The optimized set will skip branches on intersections and exclusions in an attempt to minimize the number of entrypoints.

type Resolver added in v1.14.0 

type Resolver interface {
	// LookupNamespace lookups up a namespace.
	LookupNamespace(ctx context.Context, name string) (*core.NamespaceDefinition, error)

	// LookupCaveat lookups up a caveat.
	LookupCaveat(ctx context.Context, name string) (*core.CaveatDefinition, error)

	// WithPredefinedElements adds the given predefined elements to this resolver, returning a new
	// resolver.
	WithPredefinedElements(predefined PredefinedElements) Resolver
}

Resolver is an interface defined for resolving referenced namespaces and caveats when constructing and validating a type system.

func ResolverForDatastoreReader added in v1.14.0 

func ResolverForDatastoreReader(ds datastore.Reader) Resolver

ResolverForDatastoreReader returns a Resolver for a datastore reader.

func ResolverForPredefinedDefinitions added in v1.14.0 

func ResolverForPredefinedDefinitions(predefined PredefinedElements) Resolver

ResolverForPredefinedDefinitions returns a resolver for predefined namespaces and caveats.

type TypeAndRelationToCheck added in v1.22.0 

type TypeAndRelationToCheck struct {
	// NamespaceName is the namespace name to ensure exists.
	NamespaceName string

	// RelationName is the relation name to ensure exists under the namespace.
	RelationName string

	// AllowEllipsis, if true, allows for the ellipsis as the RelationName.
	AllowEllipsis bool
}

TypeAndRelationToCheck is a single check of a namespace+relation pair.

type TypeError added in v1.14.0 

type TypeError struct {
	// contains filtered or unexported fields
}

TypeError wraps another error as a type error.

func (TypeError) Unwrap added in v1.14.0 

func (err TypeError) Unwrap() error

type TypeSystem added in v1.7.0 

type TypeSystem struct {
	// contains filtered or unexported fields
}

TypeSystem represents typing information found in a namespace.

func NewNamespaceTypeSystem added in v1.14.0 

func NewNamespaceTypeSystem(nsDef *core.NamespaceDefinition, resolver Resolver) (*TypeSystem, error)

NewNamespaceTypeSystem returns a new type system for the given namespace. Note that the type system is not validated until Validate is called.

func ReadNamespaceAndTypes added in v1.8.0 

func ReadNamespaceAndTypes(
	ctx context.Context,
	nsName string,
	ds datastore.Reader,
) (*core.NamespaceDefinition, *TypeSystem, error)

ReadNamespaceAndTypes reads a namespace definition, version, and type system and returns it if found.

func (*TypeSystem) AllowedDirectRelationsAndWildcards added in v1.7.0 

func (nts *TypeSystem) AllowedDirectRelationsAndWildcards(sourceRelationName string) ([]*core.AllowedRelation, error)

AllowedDirectRelationsAndWildcards returns the allowed subject relations for a source relation. Note that this function will return wildcards.

func (*TypeSystem) AllowedSubjectRelations added in v1.7.0 

func (nts *TypeSystem) AllowedSubjectRelations(sourceRelationName string) ([]*core.RelationReference, error)

AllowedSubjectRelations returns the allowed subject relations for a source relation. Note that this function will *not* return wildcards.

func (*TypeSystem) AsValidated added in v1.8.0 

func (nts *TypeSystem) AsValidated() *ValidatedNamespaceTypeSystem

AsValidated returns the current type system marked as validated. This method should *only* be called for type systems read from storage. TODO(jschorr): Maybe have the namespaces loaded from datastore do this automatically?

func (*TypeSystem) HasAllowedRelation added in v1.14.0 

func (nts *TypeSystem) HasAllowedRelation(sourceRelationName string, toCheck *core.AllowedRelation) (AllowedRelationOption, error)

HasAllowedRelation returns whether the source relation has the given allowed relation.

func (*TypeSystem) HasRelation added in v1.7.0 

func (nts *TypeSystem) HasRelation(relationName string) bool

HasRelation returns true if the namespace has the given relation defined.

func (*TypeSystem) HasTypeInformation added in v1.7.0 

func (nts *TypeSystem) HasTypeInformation(relationName string) bool

HasTypeInformation returns true if the relation with the given name exists and has type information defined.

func (*TypeSystem) IsAllowedDirectNamespace added in v1.22.0 

func (nts *TypeSystem) IsAllowedDirectNamespace(sourceRelationName string, targetNamespaceName string) (AllowedNamespaceOption, error)

IsAllowedDirectNamespace returns whether the target namespace is defined as appearing somewhere on the right side of a relation (except public).

func (*TypeSystem) IsAllowedDirectRelation added in v1.7.0 

func (nts *TypeSystem) IsAllowedDirectRelation(sourceRelationName string, targetNamespaceName string, targetRelationName string) (AllowedDirectRelation, error)

IsAllowedDirectRelation returns whether the subject relation is allowed to appear on the right hand side of a tuple placed in the source relation with the given name.

func (*TypeSystem) IsAllowedPublicNamespace added in v1.7.0 

func (nts *TypeSystem) IsAllowedPublicNamespace(sourceRelationName string, targetNamespaceName string) (AllowedPublicSubject, error)

IsAllowedPublicNamespace returns whether the target namespace is defined as public on the source relation.

func (*TypeSystem) IsPermission added in v1.7.0 

func (nts *TypeSystem) IsPermission(relationName string) bool

IsPermission returns true if the namespace has the given relation defined and it is a permission.

func (*TypeSystem) Namespace added in v1.8.0 

func (nts *TypeSystem) Namespace() *core.NamespaceDefinition

Namespace is the namespace for which the type system was constructed.

func (*TypeSystem) Validate added in v1.7.0 

func (nts *TypeSystem) Validate(ctx context.Context) (*ValidatedNamespaceTypeSystem, error)

Validate runs validation on the type system for the namespace to ensure it is consistent.

type ValidatedNamespaceTypeSystem added in v1.7.0 

type ValidatedNamespaceTypeSystem struct {
	*TypeSystem
}

ValidatedNamespaceTypeSystem is validated type system for a namespace.

type WildcardTypeReference added in v1.3.0 

type WildcardTypeReference struct {
	// ReferencingRelation is the relation referencing the wildcard type.
	ReferencingRelation *core.RelationReference

	// WildcardType is the wildcard type referenced.
	WildcardType *core.AllowedRelation
}

WildcardTypeReference represents a relation that references a wildcard type.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.