Documentation ¶
Overview ¶
Package rule contains policy rules
Index ¶
- func AllowAfterApplyingPrivacyTokenFilter(emptyToken token.PrivacyToken, ...) privacy.QueryMutationRule
- func AllowIfAdmin() privacy.QueryMutationRule
- func AllowIfContextHasPrivacyTokenOfType(emptyToken token.PrivacyToken) privacy.QueryMutationRule
- func AllowIfOwnedByViewer() privacy.QueryMutationRule
- func AllowIfSelf() privacy.QueryMutationRule
- func AllowMutationAfterApplyingOwnerFilter() privacy.MutationRule
- func AllowMutationIfContextHasValidEmailSignUpToken(getEmail MutationEmailGetter) privacy.MutationRule
- func CanCreateGroupsInOrg() privacy.GroupMutationRuleFunc
- func DenyIfNoSubject() privacy.QueryMutationRule
- func DenyIfNoViewer() privacy.QueryMutationRule
- func HasGroupMutationAccess() privacy.GroupMutationRuleFunc
- func HasGroupReadAccess() privacy.GroupQueryRuleFunc
- func HasOrgMutationAccess() privacy.OrganizationMutationRuleFunc
- func HasOrgReadAccess() privacy.OrganizationQueryRuleFunc
- type MutationEmailGetter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AllowAfterApplyingPrivacyTokenFilter ¶ added in v0.2.4
func AllowAfterApplyingPrivacyTokenFilter( emptyToken token.PrivacyToken, applyFilter func(t token.PrivacyToken, filter privacy.Filter), ) privacy.QueryMutationRule
AllowAfterApplyingPrivacyTokenFilter allows the mutation to proceed if a privacy token of a specific type is found in the context. It also applies a privacy filter to the token before allowing the mutation to proceed
func AllowIfAdmin ¶ added in v0.1.1
func AllowIfAdmin() privacy.QueryMutationRule
AllowIfAdmin is used to determine whether a query or mutation should be allowed or skipped based on the user's admin status TODO: implement setting admin, this will currently always return a skip
func AllowIfContextHasPrivacyTokenOfType ¶ added in v0.2.4
func AllowIfContextHasPrivacyTokenOfType(emptyToken token.PrivacyToken) privacy.QueryMutationRule
AllowIfContextHasPrivacyTokenOfType allows a mutation to proceed if a privacy token of a specific type is found in the context. It checks if the actual type of the token in the context matches the expected type, and if so, it returns `privacy.Allow`. If the types do not match, it returns `privacy.Skipf` with a message indicating that no token was found in the context with the expected type
func AllowIfOwnedByViewer ¶ added in v0.2.4
func AllowIfOwnedByViewer() privacy.QueryMutationRule
AllowIfOwnedByViewer determines whether a query or mutation operation should be allowed based on whether the requested data is owned by the viewer
func AllowIfSelf ¶ added in v0.2.4
func AllowIfSelf() privacy.QueryMutationRule
AllowIfSelf determines whether a query or mutation operation should be allowed based on whether the requested data is for the viewer
func AllowMutationAfterApplyingOwnerFilter ¶ added in v0.2.4
func AllowMutationAfterApplyingOwnerFilter() privacy.MutationRule
AllowMutationAfterApplyingOwnerFilter defines a privacy rule for mutations in the context of an owner filter
func AllowMutationIfContextHasValidEmailSignUpToken ¶ added in v0.2.4
func AllowMutationIfContextHasValidEmailSignUpToken(getEmail MutationEmailGetter) privacy.MutationRule
AllowMutationIfContextHasValidEmailSignUpToken is used to determine whether a mutation should be allowed or skipped based on the presence and validity of an email signup token in the context
func CanCreateGroupsInOrg ¶
func CanCreateGroupsInOrg() privacy.GroupMutationRuleFunc
CanCreateGroupsInOrg is a rule that returns allow decision if user has edit access in the organization
func DenyIfNoSubject ¶
func DenyIfNoSubject() privacy.QueryMutationRule
DenyIfNoSubject is a rule that returns deny decision if the subject is missing in the context.
func DenyIfNoViewer ¶ added in v0.1.1
func DenyIfNoViewer() privacy.QueryMutationRule
DenyIfNoViewer returns deny if viewer is not present in context
func HasGroupMutationAccess ¶
func HasGroupMutationAccess() privacy.GroupMutationRuleFunc
HasGroupMutationAccess is a rule that returns allow decision if user has edit or delete access
func HasGroupReadAccess ¶
func HasGroupReadAccess() privacy.GroupQueryRuleFunc
HasGroupReadAccess is a rule that returns allow decision if user has view access
func HasOrgMutationAccess ¶
func HasOrgMutationAccess() privacy.OrganizationMutationRuleFunc
HasOrgMutationAccess is a rule that returns allow decision if user has edit or delete access
func HasOrgReadAccess ¶
func HasOrgReadAccess() privacy.OrganizationQueryRuleFunc
HasOrgReadAccess is a rule that returns allow decision if user has view access