Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
AutoLoadPolicySeconds int `env:"USER_ACCESSOR_AUTOLOAD_SECONDS" envDefault:"10"`
// contains filtered or unexported fields
}
Config has the configuration for the users service.
type Service ¶
type Service interface {
// UserFromJWT returns the User associated to the http request's JWT token.
// This function can return ErrorAuthJWTInvalid if the token cannot be
// read, or ErrorAuthNoUser no user with such identity exists in the DB.
UserFromJWT(r *http.Request) (*users.User, bool, *gz.ErrMsg)
// VerifyOwner checks if the 'owner' arg is an organization or a user. If the
// 'owner' is an organization, it verifies that the given 'user' arg has the expected
// permission in the organization. If the 'owner' is a user, it verifies that the
// 'user' arg is the same as the owner.
// Dev note: this is an alternative implementation of ign-fuelserver UserService's VerifyOwner.
VerifyOwner(owner, user string, p per.Action) (bool, *gz.ErrMsg)
// CanPerformWithRole checks if the 'owner' arg is an organization or a
// user. If the 'owner' is an organization, it verifies that the given 'user' arg
// is authorized to act as the given Role (or above) in the organization.
// If the 'owner' is a user, it verifies that the 'user' arg is the same as
// the owner.
// As a third alternative, if 'owner' is nil then it checks if the 'user' is part
// of the System Admins.
CanPerformWithRole(owner *string, user string, role per.Role) (bool, *gz.ErrMsg)
// QueryForResourceVisibility checks the relationship between requestor (user)
// and the resource owner to formulate a database query to determine whether a
// resource is visible to the user
QueryForResourceVisibility(q *gorm.DB, owner *string, user *users.User) *gorm.DB
// IsAuthorizedForResource checks if user has the permission to perform an action on a
// resource.
IsAuthorizedForResource(user, resource string, action per.Action) (bool, *gz.ErrMsg)
// AddResourcePermission adds a user (or group) permission on a resource
AddResourcePermission(user, resource string, action per.Action) (bool, *gz.ErrMsg)
// AddScore creates a score entry for a simulation.
AddScore(groupID *string, competition *string, circuit *string, owner *string, score *float64,
sources *string) *gz.ErrMsg
// IsSystemAdmin returns a bool indicating if the given user is a system admin.
IsSystemAdmin(user string) bool
// GetUserFromUsername returns the user database entry from the username
GetUserFromUsername(username string) (*users.User, *gz.ErrMsg)
// GetOrganization gets a user's organization database entry from the username
GetOrganization(username string) (*users.Organization, *gz.ErrMsg)
StartAutoLoadPolicy()
}
Service is used by the cloudsim server to remotely get Users and their membership to Organizations.
func NewService ¶
func NewService(resourcePermissions *per.Permissions, db *gorm.DB, sysAdmin string) (Service, error)
NewService initializes a new Service.
type UserAccessorDataMock ¶
type UserAccessorDataMock struct {
// contains filtered or unexported fields
}
UserAccessorDataMock allows us to configure the Service with mock data used in tests.
func NewUserAccessorDataMock ¶
func NewUserAccessorDataMock(ctx context.Context, ua Service, sysadminIdentiy, application string) *UserAccessorDataMock
NewUserAccessorDataMock ...
func (*UserAccessorDataMock) ReloadEverything ¶
func (m *UserAccessorDataMock) ReloadEverything(ctx context.Context) *gz.ErrMsg
ReloadEverything ...
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.