Documentation ¶
Overview ¶
Package rbac implements authorization.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // PermissionMap is the list of permissions mapped to their name and // description. PermissionMap = map[Permission][2]string{ AuditRead: {"AuditRead", "read event and audit logs"}, APIKeyRead: {"APIKeyRead", "view information about API keys, including statistics"}, APIKeyWrite: {"APIKeyWrite", "create, update, and delete API keys"}, CodeIssue: {"CodeIssue", "issue codes"}, CodeBulkIssue: {"CodeBulkIssue", "issue codes in bulk, if bulk issue is enabled on the realm"}, CodeRead: {"CodeRead", "lookup code status"}, CodeExpire: {"CodeExpire", "expire codes"}, SettingsRead: {"SettingsRead", "read realm settings"}, SettingsWrite: {"SettingsWrite", "update realm settings"}, StatsRead: {"StatsRead", "view realm statistics"}, MobileAppRead: {"MobileAppRead", "view mobile app information"}, MobileAppWrite: {"MobileAppWrite", "create, update, and delete mobile apps"}, UserRead: {"UserRead", "view user information"}, UserWrite: {"UserWrite", "create, update, and delete users"}, } // NamePermissionMap is the map of permission names to their value. NamePermissionMap map[string]Permission )
Functions ¶
func Can ¶
func Can(given Permission, target Permission) bool
Can returns true if the given resource has permission to perform the provided permissions.
func PermissionNames ¶
func PermissionNames(p Permission) []string
PermissionNames returns the list of permissions included in the given permission.
Types ¶
type Permission ¶
type Permission int64
Permission is a granular permission. It is an integer instead of a uint because most database systems lack unsigned integer types.
const ( // Audit AuditRead Permission // API keys APIKeyRead APIKeyWrite // Codes CodeIssue CodeBulkIssue CodeRead CodeExpire // Realm settings SettingsRead SettingsWrite // Realm statistics StatsRead // Mobile apps MobileAppRead MobileAppWrite // Users UserRead UserWrite )
const ( // LegacyRealmUser is a quick reference to the old "user" permissions. LegacyRealmUser Permission = CodeIssue | CodeBulkIssue | CodeRead | CodeExpire // LegacyRealmAdmin is a quick reference to the old "realm admin" permissions. LegacyRealmAdmin Permission = AuditRead | APIKeyRead | APIKeyWrite | CodeIssue | CodeBulkIssue | CodeRead | CodeExpire | SettingsRead | SettingsWrite | StatsRead | MobileAppRead | MobileAppWrite | UserRead | UserWrite )
func AddImplied ¶ added in v0.19.1
func AddImplied(target Permission) Permission
AddImplied adds any missing implied permissions.
func CompileAndAuthorize ¶
func CompileAndAuthorize(actorPermission Permission, toUpdate []Permission) (Permission, error)
CompileAndAuthorize compiles a new permission bit from the given toUpdate permissions. It verifies that the calling permission has a superset of all provided permissions (to prevent privilege escalation).
func ImpliedBy ¶
func ImpliedBy(permission Permission) []Permission
ImpliedBy returns any permissions that cause this permission to be added automatically. The return may be nil.
func (Permission) Description ¶
func (p Permission) Description() (string, error)
Description returns the description.
func (Permission) Implied ¶
func (p Permission) Implied() []Permission
Implied returns the additional implied permissions, if any.