Documentation
¶
Index ¶
Constants ¶
View Source
const ( StatusActive = Status("Active") // Active permissions. StatusInactive = Status("Inactive") // Inactive permissions. StatusSuspended = Status("Suspended") // Temporarily suspended permissions. StatusArchived = Status("Archived") // Archived permissions, no longer active. )
View Source
const ( // Core resources ResourceUser = Resource("user") // Represents user management resources. ResourceBusinessUnit = Resource("business_unit") // Represents resources related to business units. ResourceOrganization = Resource("organization") // Represents resources related to organizations. ResourceDocumentQualityConfig = Resource("document_quality_config") // Represents resources related to document quality config. // Operations resources ResourceWorker = Resource("worker") // Represents resources related to workers. ResourceTractor = Resource("tractor") // Represents resources for managing tractors. ResourceTrailer = Resource("trailer") // Represents resources for managing trailers. ResourceShipment = Resource("shipment") // Represents resources for managing shipments. ResourceAssignment = Resource("assignment") // Represents resources for managing assignments. ResourceShipmentMove = Resource("shipment_move") // Represents resources for managing movements. ResourceStop = Resource("stop") // Represents resources for managing stops. ResourceFleetCode = Resource("fleet_code") // Represents resources for managing fleet codes. ResourceEquipmentType = Resource("equipment_type") // Represents resources for managing equipment types. ResourceEquipmentManufacturer = Resource("equipment_manufacturer") // Represents resources for managing equipment manfacturers. ResourceShipmentType = Resource("shipment_type") // Represents resources for managing shipment type. ResourceServiceType = Resource("service_type") // Represents resources for managing service types. ResourceHazardousMaterial = Resource("hazardous_material") // Represents resources for managing hazardous materials. ResourceCommodity = Resource("commodity") // Represents resources for managing commodities. ResourceLocationCategory = Resource("location_category") // Represents resources for managing location categories. ResourceLocation = Resource("location") // Represents resources for managing locations. ResourceCustomer = Resource("customer") // Represents resources for managing customers. // Financial resources ResourceInvoice = Resource("invoice") // Represents resources related to invoices. // Management resources ResourceDispatch = Resource("dispatch") // Represents resources for dispatch management. ResourceReport = Resource("report") // Represents resources for managing reports. ResourceAuditLog = Resource("audit_log") // Represents resources for tracking and auditing logs. // System resources ResourceTableConfiguration = Resource("table_configuration") // Represents resources for managing table configurations. ResourceIntegration = Resource("integration") // Represents resources for integrations with external systems. ResourceSetting = Resource("setting") // Represents configuration or setting resources. ResourceTemplate = Resource("template") // Represents resources for managing templates. )
View Source
const ( // Standard CRUD ActionCreate = Action("create") // Create a new resource. ActionRead = Action("read") // Read or view a resource. ActionUpdate = Action("update") // Update an existing resource. ActionDelete = Action("delete") // Delete an existing resource. // Field-level actions ActionModifyField = Action("modify_field") // Modify specific fields in a resource. ActionViewField = Action("view_field") // View specific fields in a resource. // Workflow actions ActionApprove = Action("approve") // Approve an action or resource. ActionReject = Action("reject") // Reject an action or resource. ActionSubmit = Action("submit") // Submit an action or resource for approval. ActionCancel = Action("cancel") // Cancel an action or resource. ActionAssign = Action("assign") // Assign a resource to a user or group. ActionReassign = Action("reassign") // Reassign a resource to a different user or group. ActionComplete = Action("complete") // Mark a resource or action as completed. ActionDuplicate = Action("duplicate") // Duplicate a resource. // Configuration actions ActionManageDefaults = Action("manage_defaults") // Manage default table configurations. // Data actions ActionExport = Action("export") // Export data from the system. ActionImport = Action("import") // Import data into the system. ActionArchive = Action("archive") // Archive a resource. ActionRestore = Action("restore") // Restore an archived resource. // Administrative actions ActionManage = Action("manage") // Perform administrative actions, including full access. ActionAudit = Action("audit") // Audit actions for compliance and review. ActionDelegate = Action("delegate") // Delegate permissions or responsibilities to others. ActionConfigure = Action("configure") // Configure system settings or resources. // Shipment related actions ActionSplit = Action("split") // Split a shipment. )
View Source
const ( ScopeGlobal = Scope("global") // Permissions apply globally across all scopes. ScopeBU = Scope("business_unit") // Permissions are limited to a specific business unit. ScopeOrg = Scope("organization") // Permissions are limited to a specific organization. ScopePersonal = Scope("personal") // Permissions are limited to the individual user or resource. )
View Source
const ( OpEquals = Operator("eq") // Checks if a value equals another. OpNotEquals = Operator("neq") // Checks if a value does not equal another. OpGreaterThan = Operator("gt") // Checks if a value is greater than another. OpLessThan = Operator("lt") // Checks if a value is less than another. OpIn = Operator("in") // Checks if a value exists within a set of values. OpNotIn = Operator("not_in") // Checks if a value does not exist within a set of values. OpContains = Operator("contains") // Checks if a value contains another value (e.g., substring match). OpNotContains = Operator("not_contains") // Checks if a value does not contain another value. )
View Source
const ( AuditNone = AuditLevel("none") // No auditing for the field. AuditChanges = AuditLevel("changes") // Track only changes to the field. AuditAccess = AuditLevel("access") // Track all access events for the field. AuditFull = AuditLevel("full") // Track all actions, including changes and views. )
View Source
const ( ConditionTypeField = ConditionType("field") // Field-based condition checks. ConditionTypeTime = ConditionType("time") // Time-based condition checks. ConditionTypeRole = ConditionType("role") // Role-based condition checks. ConditionTypeOwnership = ConditionType("ownership") // Ownership-based condition checks. ConditionTypeCustom = ConditionType("custom") // Custom condition checks defined by the user. )
View Source
const ( RoleTypeSystem = RoleType("System") // Predefined system-level roles. RoleTypeOrganization = RoleType("Organization") // Organization-specific roles. RoleTypeCustom = RoleType("Custom") // User-defined roles. RoleTypeTemporary = RoleType("Temporary") // Temporary roles for specific use cases. )
Variables ¶
View Source
var ( // Base actions that most resources have BaseActions = []Action{ ActionCreate, ActionRead, ActionUpdate, ActionDelete, ActionManage, } // Actions for resources that can be archived ArchivableActions = []Action{ ActionArchive, ActionRestore, } // Actions for workflow-based resources WorkflowActions = []Action{ ActionApprove, ActionReject, ActionSubmit, ActionCancel, } // Actions for assignable resources AssignableActions = []Action{ ActionAssign, ActionReassign, } // Actions for resources that support import/export DataActions = []Action{ ActionExport, ActionImport, } // Actions for table configuration resources TableConfigurationActions = []Action{ ActionManageDefaults, } // Field-level actions FieldActions = []Action{ ActionModifyField, ActionViewField, } // Resource-specific action mappings ResourceActionMap = map[Resource][]Action{ ResourceUser: append( BaseActions, ActionDelegate, ), ResourceBusinessUnit: append( BaseActions, ActionConfigure, ActionAudit, ), ResourceOrganization: append( BaseActions, ActionConfigure, ActionAudit, ActionModifyField, ), ResourceWorker: append( BaseActions, append(AssignableActions, FieldActions...)..., ), ResourceTractor: append( BaseActions, append(AssignableActions, FieldActions...)..., ), ResourceTrailer: append( BaseActions, append(AssignableActions, FieldActions...)..., ), ResourceShipment: append( append(BaseActions, WorkflowActions...), append(AssignableActions, ActionComplete, ActionModifyField, ActionViewField, ActionDuplicate, )..., ), ResourceAssignment: { ActionAssign, ActionRead, ActionCancel, ActionAudit, ActionManage, }, ResourceShipmentMove: append( append(BaseActions, ActionSplit), append(DataActions, FieldActions...)..., ), ResourceFleetCode: append( BaseActions, append(DataActions, FieldActions...)..., ), ResourceDocumentQualityConfig: append( BaseActions, append(DataActions, FieldActions...)..., ), ResourceStop: append( BaseActions, append(DataActions, FieldActions...)..., ), ResourceEquipmentType: append( BaseActions, append(DataActions, FieldActions...)..., ), ResourceEquipmentManufacturer: append( BaseActions, append(DataActions, FieldActions...)..., ), ResourceShipmentType: append( BaseActions, append(DataActions, FieldActions...)..., ), ResourceServiceType: append( BaseActions, append(DataActions, FieldActions...)..., ), ResourceHazardousMaterial: append( BaseActions, append(DataActions, FieldActions...)..., ), ResourceCommodity: append( BaseActions, append(DataActions, FieldActions...)..., ), ResourceLocationCategory: append( BaseActions, append(DataActions, FieldActions...)..., ), ResourceLocation: append( BaseActions, append(DataActions, FieldActions...)..., ), ResourceCustomer: append( BaseActions, append(DataActions, FieldActions...)..., ), ResourceInvoice: append( append(BaseActions, WorkflowActions...), append(DataActions, FieldActions...)..., ), ResourceDispatch: append( BaseActions, append(AssignableActions, ActionComplete, ActionModifyField, ActionViewField, ActionCancel, )..., ), ResourceReport: append( BaseActions, ActionExport, ), ResourceAuditLog: { ActionRead, ActionExport, ActionManage, }, ResourceTableConfiguration: append( BaseActions, TableConfigurationActions..., ), ResourceSetting: append( BaseActions, ActionConfigure, ActionAudit, ), ResourceIntegration: append( BaseActions, ActionConfigure, ActionDelegate, ), ResourceTemplate: append( BaseActions, append(DataActions, ArchivableActions...)..., ), } )
Functions ¶
This section is empty.
Types ¶
type AuditLevel ¶
type AuditLevel string
AuditLevel defines how changes to a field should be tracked
type Condition ¶
type Condition struct {
Type ConditionType `json:"type"`
Field string `json:"field"`
Operator string `json:"operator"`
Value any `json:"value"`
Values []any `json:"values,omitempty"`
Description string `json:"description,omitempty"` // Human-readable description
ErrorMessage string `json:"errorMessage,omitempty"` // Custom error message
Priority int `json:"priority"` // Evaluation priority
Metadata map[string]any `json:"metadata,omitempty"` // Additional condition metadata
}
type ConditionType ¶
type ConditionType string
type FieldPermission ¶
type FieldPermission struct {
Field string `json:"field"` // The field name
Actions []Action `json:"actions"` // Actions that can be performed on the field
Conditions []*Condition `json:"conditions,omitempty"` // Conditions for the field
ValidationRules map[string]any `json:"validationRules,omitempty"` // Custom validation rules for the field
Mask string `json:"mask,omitempty"` // Data masking pattern
AuditLevel AuditLevel `json:"auditLevel,omitempty"` // Level of auditing for this field
}
type Permission ¶
type Permission struct {
bun.BaseModel `bun:"table:permissions,alias:perm"`
ID pulid.ID `json:"id" bun:",pk,type:VARCHAR(100)"`
Resource Resource `json:"resource" bun:"resource,type:VARCHAR(50),notnull"`
Action Action `json:"action" bun:"action,type:action_enum,notnull"`
Scope Scope `json:"scope" bun:"scope,type:scope_enum,notnull"`
Description string `json:"description" bun:"description,type:TEXT"`
IsSystemLevel bool `json:"isSystemLevel" bun:"is_system_level,notnull,default:false"`
FieldPermissions []*FieldPermission `json:"fieldPermissions,omitempty" bun:"field_permissions,type:JSONB,default:'[]'::jsonb,nullzero"`
Conditions []*Condition `json:"conditions,omitempty" bun:"conditions,type:JSONB,default:'[]'::jsonb,nullzero"`
Dependencies []pulid.ID `json:"dependencies" bun:"dependencies,type:JSONB,default:'[]'::jsonb"`
CustomSettings map[string]any `json:"customSettings,omitempty" bun:"custom_settings,type:JSONB,default:'{}'::jsonb"`
CreatedAt int64 `json:"createdAt" bun:"created_at,nullzero,notnull,default:extract(epoch from current_timestamp)::bigint"`
UpdatedAt int64 `json:"updatedAt" bun:"updated_at,nullzero,notnull,default:extract(epoch from current_timestamp)::bigint"`
}
func (*Permission) BeforeAppendModel ¶
func (*Permission) Validate ¶
func (p *Permission) Validate() error
type Role ¶
type Role struct {
bun.BaseModel `bun:"table:roles,alias:r" json:"-"`
ID pulid.ID `json:"id" bun:",pk,type:VARCHAR(100)"`
Name string `json:"name" bun:"name,type:VARCHAR(100),notnull"`
Description string `json:"description" bun:"description,type:TEXT"`
RoleType RoleType `json:"roleType" bun:"role_type,type:role_type_enum,notnull"`
IsSystem bool `json:"isSystem" bun:"is_system,notnull,default:false"`
Priority int `json:"priority" bun:"priority,notnull,default:0"`
Status domain.Status `json:"status" bun:"status,type:status_enum,notnull,default:'Active'"`
ExpiresAt *int64 `json:"expiresAt,omitempty" bun:"expires_at,nullzero"`
CreatedAt int64 `json:"createdAt" bun:"created_at,nullzero,notnull,default:extract(epoch from current_timestamp)::bigint"`
UpdatedAt int64 `json:"updatedAt" bun:"updated_at,nullzero,notnull,default:extract(epoch from current_timestamp)::bigint"`
BusinessUnitID pulid.ID `json:"businessUnitId" bun:"business_unit_id,type:VARCHAR(100)"`
OrganizationID pulid.ID `json:"organizationId" bun:"organization_id,type:VARCHAR(100)"`
ParentRoleID *pulid.ID `json:"parentRoleId,omitempty" bun:"parent_role_id,type:VARCHAR(100),nullzero"`
Permissions []*Permission `json:"permissions,omitempty" bun:"m2m:role_permissions,join:Role=Permission"`
ParentRole *Role `json:"parentRole,omitempty" bun:"rel:belongs-to,join:parent_role_id=id"`
ChildRoles []*Role `json:"childRoles,omitempty" bun:"rel:has-many,join:id=parent_role_id"`
Metadata map[string]any `json:"metadata,omitempty" bun:"metadata,type:JSONB,default:'{}'::jsonb"`
}
func (*Role) BeforeAppendModel ¶
type RolePermission ¶
type RolePermission struct {
bun.BaseModel `bun:"table:role_permissions,alias:rp" json:"-"`
BusinessUnitID pulid.ID `json:"businessUnitId" bun:"business_unit_id,pk,type:VARCHAR(100),notnull"`
OrganizationID pulid.ID `json:"organizationId" bun:"organization_id,pk,type:VARCHAR(100),notnull"`
RoleID pulid.ID `json:"roleId" bun:"role_id,pk,type:VARCHAR(100),notnull"`
PermissionID pulid.ID `json:"permissionId" bun:"permission_id,pk,type:VARCHAR(100),notnull"`
Role *Role `json:"-" bun:"rel:belongs-to,join:role_id=id"`
Permission *Permission `json:"-" bun:"rel:belongs-to,join:permission_id=id"`
}
type RolesAndPermissions ¶
type RolesAndPermissions struct {
Roles []*string
Permissions []*Permission
}
type Template ¶
type Template struct {
bun.BaseModel `bun:"table:permission_templates,alias:pt"`
ID pulid.ID `json:"id" bun:",pk,type:VARCHAR(100)"`
Name string `json:"name" bun:"name,type:VARCHAR(100),notnull"`
Description string `json:"description" bun:"description,type:TEXT"`
Permissions []Permission `json:"permissions" bun:"permissions,type:JSONB"`
FieldSettings []FieldPermission `json:"fieldSettings" bun:"field_settings,type:JSONB"`
IsSystem bool `json:"isSystem" bun:"is_system,notnull,default:false"`
CreatedAt int64 `json:"createdAt" bun:"created_at,nullzero,notnull,default:extract(epoch from current_timestamp)::bigint"`
UpdatedAt int64 `json:"updatedAt" bun:"updated_at,nullzero,notnull,default:extract(epoch from current_timestamp)::bigint"`
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.