relation

package

v0.7.0 Latest Latest Go to latest Published: Oct 8, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/goto/shield

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type ActivityService
type AuthzRepository
type LogData
type Object
type Permission
type Relation
type RelationType
type RelationV2
- func (relation RelationV2) ToLogData() LogData
type Repository
type Service
- func NewService(logger log.Logger, repository Repository, authzRepository AuthzRepository, ...) *Service
type Subject
type SubjectLogData
- func ToSubjectLogData(resourceType, optionalResourceID string) SubjectLogData
type UserService

Constants ¶

View Source

const (
	AuditEntity        = "relation"
	AuditEntitySubject = "relation_subject"
)

Variables ¶

View Source

var (
	ErrNotExist                      = errors.New("relation doesn't exist")
	ErrInvalidUUID                   = errors.New("invalid syntax of uuid")
	ErrInvalidID                     = errors.New("relation id is invalid")
	ErrConflict                      = errors.New("relation already exist")
	ErrInvalidDetail                 = errors.New("invalid relation detail")
	ErrCreatingRelationInStore       = errors.New("error while creating relation")
	ErrCreatingRelationInAuthzEngine = errors.New("error while creating relation in authz engine")
	ErrFetchingUser                  = errors.New("error while fetching user")
	ErrFetchingGroup                 = errors.New("error while fetching group")
	ErrLogActivity                   = errors.New("error while logging activity")
)

View Source

var RelationTypes = struct {
	Role      RelationType
	Namespace RelationType
}{
	Role:      "role",
	Namespace: "namespace",
}

Functions ¶

This section is empty.

Types ¶

type ActivityService ¶ added in v0.6.15

type ActivityService interface {
	Log(ctx context.Context, action string, actor activity.Actor, data any) error
}

type AuthzRepository ¶

type AuthzRepository interface {
	Add(ctx context.Context, rel Relation) error
	Check(ctx context.Context, rel Relation, act action.Action) (bool, error)
	BulkCheck(ctx context.Context, rels []Relation, acts []action.Action) ([]Permission, error)
	DeleteV2(ctx context.Context, rel RelationV2) error
	DeleteSubjectRelations(ctx context.Context, resourceType, optionalResourceID string) error
	AddV2(ctx context.Context, rel RelationV2) error
	LookupResources(ctx context.Context, resourceType, permission, subjectType, subjectID string) ([]string, error)
	CheckIsPublic(ctx context.Context, rel Relation, act action.Action) (bool, error)
}

type LogData ¶ added in v0.6.25

type LogData struct {
	Entity           string `mapstructure:"entity"`
	ID               string `mapstructure:"id"`
	ObjectID         string `mapstructure:"object_id"`
	ObjectNamespace  string `mapstructure:"object_namespace"`
	SubjectID        string `mapstructure:"subject_id"`
	SubjectNamespace string `mapstructure:"subject_namespace"`
	RoleID           string `mapstructure:"role"`
}

type Object ¶

type Object struct {
	ID          string
	NamespaceID string
}

type Permission ¶ added in v0.6.30

type Permission struct {
	ObjectID        string `mapstructure:"object_id"`
	ObjectNamespace string `mapstructure:"object_namespace"`
	Permission      string `mapstructure:"permission"`
	Allowed         bool   `mapstructure:"allowed"`
}

type Relation ¶

type Relation struct {
	ID                 string
	SubjectNamespace   namespace.Namespace
	SubjectNamespaceID string `json:"subject_namespace_id"`
	SubjectID          string `json:"subject_id"`
	SubjectRoleID      string `json:"subject_role_id"`
	ObjectNamespace    namespace.Namespace
	ObjectNamespaceID  string `json:"object_namespace_id"`
	ObjectID           string `json:"object_id"`
	Role               role.Role
	RoleID             string       `json:"role_id"`
	RelationType       RelationType `json:"role_type"`
	CreatedAt          time.Time
	UpdatedAt          time.Time
}

type RelationType ¶

type RelationType string

type RelationV2 ¶

type RelationV2 struct {
	ID        string
	Object    Object
	Subject   Subject
	CreatedAt time.Time
	UpdatedAt time.Time
}

func (RelationV2) ToLogData ¶ added in v0.6.25

func (relation RelationV2) ToLogData() LogData

type Repository ¶

type Repository interface {
	Get(ctx context.Context, id string) (RelationV2, error)
	Create(ctx context.Context, relation RelationV2) (RelationV2, error)
	List(ctx context.Context) ([]RelationV2, error)
	Update(ctx context.Context, toUpdate Relation) (Relation, error)
	DeleteByID(ctx context.Context, id string) error
	GetByFields(ctx context.Context, rel RelationV2) (RelationV2, error)
}

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

func NewService ¶

func NewService(logger log.Logger, repository Repository, authzRepository AuthzRepository, userService UserService, activityService ActivityService) *Service

func (Service) BulkCheckPermission ¶ added in v0.6.30

func (s Service) BulkCheckPermission(ctx context.Context, rels []Relation, acts []action.Action) ([]Permission, error)

func (Service) CheckIsPublic ¶ added in v0.6.31

func (s Service) CheckIsPublic(ctx context.Context, resourceNS namespace.Namespace, resourceIdxa string, action action.Action) (bool, error)

func (Service) CheckPermission ¶

func (s Service) CheckPermission(ctx context.Context, usr user.User, resourceNS namespace.Namespace, resourceIdxa string, action action.Action) (bool, error)

func (Service) Create ¶

func (s Service) Create(ctx context.Context, rel RelationV2) (RelationV2, error)

func (Service) Delete ¶

func (s Service) Delete(ctx context.Context, rel Relation) error

func (Service) DeleteSubjectRelations ¶

func (s Service) DeleteSubjectRelations(ctx context.Context, resourceType, optionalResourceID string) error

func (Service) DeleteV2 ¶

func (s Service) DeleteV2(ctx context.Context, rel RelationV2) error

func (Service) Get ¶

func (s Service) Get(ctx context.Context, id string) (RelationV2, error)

func (Service) GetRelationByFields ¶

func (s Service) GetRelationByFields(ctx context.Context, rel RelationV2) (RelationV2, error)

func (Service) List ¶

func (s Service) List(ctx context.Context) ([]RelationV2, error)

func (Service) LookupResources ¶ added in v0.6.22

func (s Service) LookupResources(ctx context.Context, resourceType, permission, subjectType, subjectID string) ([]string, error)

func (Service) Update ¶

func (s Service) Update(ctx context.Context, toUpdate Relation) (Relation, error)

TODO: Update & Delete planned for v0.6 TODO: Audit log

type Subject ¶

type Subject struct {
	ID        string
	Namespace string
	RoleID    string
}

type SubjectLogData ¶ added in v0.6.25

type SubjectLogData struct {
	Entity             string `mapstructure:"entity"`
	ResourceType       string `mapstructure:"resource_type"`
	OptionalResourceID string `mapstructure:"optional_resource_id"`
}

func ToSubjectLogData ¶ added in v0.6.25

func ToSubjectLogData(resourceType, optionalResourceID string) SubjectLogData

type UserService ¶

type UserService interface {
	FetchCurrentUser(ctx context.Context) (user.User, error)
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL