permission

Documentation

Index

• func IsEmptyUserAccess(a UserAccess) bool
• func ValidateControllerAccess(access Access) error
• func ValidateModelAccess(access Access) error
• type Access
  • func (a Access) EqualOrGreaterControllerAccessThan(access Access) bool
  • func (a Access) EqualOrGreaterModelAccessThan(access Access) bool
  • func (a Access) Validate() error
• type UserAccess

Functions

func IsEmptyUserAccess

func IsEmptyUserAccess(a UserAccess) bool

IsEmptyUserAccess returns true if the passed UserAccess instance is empty.

func ValidateControllerAccess

func ValidateControllerAccess(access Access) error

ValidateControllerAccess returns error if the passed access is not a valid controller access level.

func ValidateModelAccess

func ValidateModelAccess(access Access) error

ValidateModelAccess returns error if the passed access is not a valid model access level.

Types

type Access

type Access string

Access represents a level of access.

const (
	// UndefinedAccess is not a valid access type. It is the value
	// used when access is not defined at all.
	UndefinedAccess Access = ""

	// ReadAccess allows a user to read information about a permission subject,
	// without being able to make any changes.
	ReadAccess Access = "read"

	// WriteAccess allows a user to make changes to a permission subject.
	WriteAccess Access = "write"

	// AdminAccess allows a user full control over the subject.
	AdminAccess Access = "admin"

	// LoginAccess allows a user to log-ing into the subject.
	LoginAccess Access = "login"

	// AddModelAccess allows user to add new models in subjects supporting it.
	AddModelAccess Access = "addmodel"

	// SuperuserAccess allows user unrestricted permissions in the subject.
	SuperuserAccess Access = "superuser"
)

func (Access) EqualOrGreaterControllerAccessThan

func (a Access) EqualOrGreaterControllerAccessThan(access Access) bool

EqualOrGreaterControllerAccessThan returns true if the provided access is equal or less than the current.

func (Access) EqualOrGreaterModelAccessThan

func (a Access) EqualOrGreaterModelAccessThan(access Access) bool

EqualOrGreaterModelAccessThan returns true if the provided access is equal or less than the current.

func (Access) Validate

func (a Access) Validate() error

Validate returns error if the current is not a valid access level.

type UserAccess

type UserAccess struct {
	// UserID is the stored ID of the user.
	UserID string
	// UserTag is the tag for the user.
	UserTag names.UserTag
	// Object is the tag for the object of this access grant.
	Object names.Tag
	// Access represents the level of access subject has over object.
	Access Access
	// CreatedBy is the tag of the user that granted the access.
	CreatedBy names.UserTag
	// DateCreated is the date the user was created in UTC.
	DateCreated time.Time
	// DisplayName is the name we are showing for this user.
	DisplayName string
	// UserName is the actual username for this access.
	UserName string
}

UserAccess represents a user access to a target whereas the user could represent a remote user or a user across multiple models the user access always represents a single user for a single target. There should be no more than one UserAccess per target/user pair. Many of these fields are storage artifacts but generate them from other fields implies out of band knowledge of other packages.