Documentation
¶
Index ¶
- Variables
- type ModelAuthZ
- type ModelAuthZBasic
- func (a *ModelAuthZBasic) CanCreateModel(ctx context.Context, curUser model.User, workspaceID int32) error
- func (a *ModelAuthZBasic) CanDeleteModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32) error
- func (a *ModelAuthZBasic) CanDeleteModelVersion(ctx context.Context, curUser model.User, modelVersion *modelv1.ModelVersion, ...) error
- func (a *ModelAuthZBasic) CanEditModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32) error
- func (a *ModelAuthZBasic) CanGetModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32) error
- func (a *ModelAuthZBasic) CanGetModels(ctx context.Context, curUser model.User, workspaceIDs []int32) (workspaceIDsWithPermsFilter []int32, serverError error)
- func (a *ModelAuthZBasic) CanMoveModel(ctx context.Context, curUser model.User, modelRegister *modelv1.Model, ...) error
- func (a *ModelAuthZBasic) FilterReadableModelsQuery(ctx context.Context, curUser model.User, query *bun.SelectQuery) (*bun.SelectQuery, error)
- type ModelAuthZPermissive
- func (a *ModelAuthZPermissive) CanCreateModel(ctx context.Context, curUser model.User, workspaceID int32) error
- func (a *ModelAuthZPermissive) CanDeleteModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32) error
- func (a *ModelAuthZPermissive) CanDeleteModelVersion(ctx context.Context, curUser model.User, modelVersion *modelv1.ModelVersion, ...) error
- func (a *ModelAuthZPermissive) CanEditModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32) error
- func (a *ModelAuthZPermissive) CanGetModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32) error
- func (a *ModelAuthZPermissive) CanGetModels(ctx context.Context, curUser model.User, workspaceIDs []int32) (workspaceIDsWithPermsFilter []int32, serverError error)
- func (a *ModelAuthZPermissive) CanMoveModel(ctx context.Context, curUser model.User, m *modelv1.Model, origin int32, ...) error
- func (a *ModelAuthZPermissive) FilterReadableModelsQuery(ctx context.Context, curUser model.User, query *bun.SelectQuery) (*bun.SelectQuery, error)
- type ModelAuthZRBAC
- func (a *ModelAuthZRBAC) CanCreateModel(ctx context.Context, curUser model.User, workspaceID int32) (err error)
- func (a *ModelAuthZRBAC) CanDeleteModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32) (err error)
- func (a *ModelAuthZRBAC) CanDeleteModelVersion(ctx context.Context, curUser model.User, modelVersion *modelv1.ModelVersion, ...) (err error)
- func (a *ModelAuthZRBAC) CanEditModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32) (err error)
- func (a *ModelAuthZRBAC) CanGetModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32) (err error)
- func (a *ModelAuthZRBAC) CanGetModels(ctx context.Context, curUser model.User, workspaceIDs []int32) (workspaceIDsWithPermsFilter []int32, serverError error)
- func (a *ModelAuthZRBAC) CanMoveModel(ctx context.Context, curUser model.User, _ *modelv1.Model, origin int32, ...) (err error)
- func (a *ModelAuthZRBAC) FilterReadableModelsQuery(ctx context.Context, curUser model.User, query *bun.SelectQuery) (*bun.SelectQuery, error)
Constants ¶
This section is empty.
Variables ¶
View Source
var AuthZProvider authz.AuthZProviderType[ModelAuthZ]
AuthZProvider is the authz registry for models.
Functions ¶
This section is empty.
Types ¶
type ModelAuthZ ¶
type ModelAuthZ interface {
// GET /api/v1/models
CanGetModels(ctx context.Context, curUser model.User, workspaceIDs []int32,
) (workspaceIDsWithPermsFilter []int32, serverError error)
// GET /api/v1/checkpoints/{checkpoint_uuid}
// GET /api/v1/models/{model_name}
// GET /api/v1/models/{model_name}/versions/{model_version_num}
// GET /api/v1/models/{model_name}/versions
CanGetModel(ctx context.Context, curUser model.User,
m *modelv1.Model, workspaceID int32,
) error
// PATCH /api/v1/models/{model_name}
// PATCH /api/v1/models/{model_name}/versions/{model_version_num}
// POST /api/v1/models/{model_name}/versions
// POST /api/v1/models/{model_name}/archive
// POST /api/v1/models/{model_name}/unarchive
CanEditModel(ctx context.Context, curUser model.User,
m *modelv1.Model, workspaceID int32,
) error
// POST /api/v1/models
CanCreateModel(ctx context.Context,
curUser model.User, workspaceID int32,
) error
// DELETE /api/v1/models/{modelName}
CanDeleteModel(ctx context.Context, curUser model.User,
m *modelv1.Model, workspaceID int32,
) error
// DELETE /api/v1/models/{modelName}/versions/{modelVersionNum}
CanDeleteModelVersion(ctx context.Context, curUser model.User,
modelVersion *modelv1.ModelVersion, workspaceID int32) error
// POST /api/v1/models/{model_name}/move
CanMoveModel(ctx context.Context, curUser model.User, model *modelv1.Model,
fromWorkspaceID int32, toWorkspaceID int32) error
// GET /api/v1/models with filter to allow reading
FilterReadableModelsQuery(
ctx context.Context, curUser model.User, query *bun.SelectQuery,
) (*bun.SelectQuery, error)
}
ModelAuthZ describes authz methods for experiments.
type ModelAuthZBasic ¶
type ModelAuthZBasic struct{}
ModelAuthZBasic is basic OSS controls.
func (*ModelAuthZBasic) CanCreateModel ¶
func (a *ModelAuthZBasic) CanCreateModel(ctx context.Context, curUser model.User, workspaceID int32, ) error
CanCreateModel always returns true and a nil error.
func (*ModelAuthZBasic) CanDeleteModel ¶
func (a *ModelAuthZBasic) CanDeleteModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32, ) error
CanDeleteModel returns an error if the model is not owned by the current user and the current user is not an admin.
func (*ModelAuthZBasic) CanDeleteModelVersion ¶
func (a *ModelAuthZBasic) CanDeleteModelVersion(ctx context.Context, curUser model.User, modelVersion *modelv1.ModelVersion, workspaceID int32, ) error
CanDeleteModelVersion returns an error if the model/model version is not owned by the current user and the current user is not an admin.
func (*ModelAuthZBasic) CanEditModel ¶
func (a *ModelAuthZBasic) CanEditModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32, ) error
CanEditModel always returns true and a nil error.
func (*ModelAuthZBasic) CanGetModel ¶
func (a *ModelAuthZBasic) CanGetModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32, ) error
CanGetModel always returns true and a nil error.
func (*ModelAuthZBasic) CanGetModels ¶
func (a *ModelAuthZBasic) CanGetModels(ctx context.Context, curUser model.User, workspaceIDs []int32, ) (workspaceIDsWithPermsFilter []int32, serverError error)
CanGetModels always returns true and a nil error.
func (*ModelAuthZBasic) CanMoveModel ¶
func (a *ModelAuthZBasic) CanMoveModel( ctx context.Context, curUser model.User, modelRegister *modelv1.Model, fromWorkspaceID int32, toWorkspaceID int32, ) error
CanMoveModel always returns true and a nil error.
func (*ModelAuthZBasic) FilterReadableModelsQuery ¶
func (a *ModelAuthZBasic) FilterReadableModelsQuery( ctx context.Context, curUser model.User, query *bun.SelectQuery, ) (*bun.SelectQuery, error)
FilterReadableModelsQuery returns the query unmodified and a nil error.
type ModelAuthZPermissive ¶
type ModelAuthZPermissive struct{}
ModelAuthZPermissive is the permission implementation.
func (*ModelAuthZPermissive) CanCreateModel ¶
func (a *ModelAuthZPermissive) CanCreateModel(ctx context.Context, curUser model.User, workspaceID int32, ) error
CanCreateModel calls RBAC authz but enforces basic authz..
func (*ModelAuthZPermissive) CanDeleteModel ¶
func (a *ModelAuthZPermissive) CanDeleteModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32, ) error
CanDeleteModel calls RBAC authz but enforces basic authz.
func (*ModelAuthZPermissive) CanDeleteModelVersion ¶
func (a *ModelAuthZPermissive) CanDeleteModelVersion(ctx context.Context, curUser model.User, modelVersion *modelv1.ModelVersion, workspaceID int32, ) error
CanDeleteModelVersion calls RBAC authz but enforces basic authz.
func (*ModelAuthZPermissive) CanEditModel ¶
func (a *ModelAuthZPermissive) CanEditModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32, ) error
CanEditModel calls RBAC authz but enforces basic authz..
func (*ModelAuthZPermissive) CanGetModel ¶
func (a *ModelAuthZPermissive) CanGetModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32, ) error
CanGetModel calls RBAC authz but enforces basic authz..
func (*ModelAuthZPermissive) CanGetModels ¶
func (a *ModelAuthZPermissive) CanGetModels(ctx context.Context, curUser model.User, workspaceIDs []int32, ) (workspaceIDsWithPermsFilter []int32, serverError error)
CanGetModels calls RBAC authz but enforces basic authz..
func (*ModelAuthZPermissive) CanMoveModel ¶
func (a *ModelAuthZPermissive) CanMoveModel(ctx context.Context, curUser model.User, m *modelv1.Model, origin int32, destination int32, ) error
CanMoveModel always returns true.
func (*ModelAuthZPermissive) FilterReadableModelsQuery ¶
func (a *ModelAuthZPermissive) FilterReadableModelsQuery( ctx context.Context, curUser model.User, query *bun.SelectQuery, ) (*bun.SelectQuery, error)
FilterReadableModelsQuery returns query and a nil error.
type ModelAuthZRBAC ¶
type ModelAuthZRBAC struct{}
ModelAuthZRBAC RBAC enabled controls.
func (*ModelAuthZRBAC) CanCreateModel ¶
func (a *ModelAuthZRBAC) CanCreateModel(ctx context.Context, curUser model.User, workspaceID int32, ) (err error)
CanCreateModel checks is user has permissions to create models.
func (*ModelAuthZRBAC) CanDeleteModel ¶
func (a *ModelAuthZRBAC) CanDeleteModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32, ) (err error)
CanDeleteModel checks if user has permission to delete model.
func (*ModelAuthZRBAC) CanDeleteModelVersion ¶
func (a *ModelAuthZRBAC) CanDeleteModelVersion(ctx context.Context, curUser model.User, modelVersion *modelv1.ModelVersion, workspaceID int32, ) (err error)
CanDeleteModelVersion checks if user has permission to delete model version.
func (*ModelAuthZRBAC) CanEditModel ¶
func (a *ModelAuthZRBAC) CanEditModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32, ) (err error)
CanEditModel checks is user has permissions to edit models.
func (*ModelAuthZRBAC) CanGetModel ¶
func (a *ModelAuthZRBAC) CanGetModel(ctx context.Context, curUser model.User, m *modelv1.Model, workspaceID int32, ) (err error)
CanGetModel checks if a user has permissions to view model.
func (*ModelAuthZRBAC) CanGetModels ¶
func (a *ModelAuthZRBAC) CanGetModels(ctx context.Context, curUser model.User, workspaceIDs []int32, ) (workspaceIDsWithPermsFilter []int32, serverError error)
CanGetModels checks if a user has permissions to view models.
func (*ModelAuthZRBAC) CanMoveModel ¶
func (a *ModelAuthZRBAC) CanMoveModel(ctx context.Context, curUser model.User, _ *modelv1.Model, origin int32, destination int32, ) (err error)
CanMoveModel checks for edit permission in origin and create permission in destination.
func (*ModelAuthZRBAC) FilterReadableModelsQuery ¶
func (a *ModelAuthZRBAC) FilterReadableModelsQuery( ctx context.Context, curUser model.User, query *bun.SelectQuery, ) (*bun.SelectQuery, error)
FilterReadableModelsQuery returns query in relevant workspaces and a nil error.
Source Files
Click to show internal directories.
Click to hide internal directories.