security

package

v0.1.1 Latest Latest Go to latest Published: Mar 21, 2020 License: Apache-2.0 Imports: 4 Imported by: 10

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hexya-erp/hexya

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AuthBackend
type AuthBackendRegistry
- func (ar *AuthBackendRegistry) Authenticate(login, secret string, context *types.Context) (int64, error)
- func (ar *AuthBackendRegistry) RegisterBackend(backend AuthBackend)
type Group
- func (g Group) String() string
type GroupCollection
- func NewGroupCollection() *GroupCollection
type InheritanceInfo
type InvalidCredentialsError
- func (ice InvalidCredentialsError) Error() string
type Permission
type UserNotFoundError
- func (unfe UserNotFoundError) Error() string

Constants ¶

View Source

const (
	// SuperUserID is the uid of the administrator
	SuperUserID int64 = 1
	// GroupAdminID is the string ID of the group with all permissions
	GroupAdminID = "admin"
	// GroupEveryoneID is the string ID of the group everyone belongs to
	GroupEveryoneID = "everyone"

	// NativeGroup means that this user has been explicitly given membership in this group
	NativeGroup InheritanceInfo = iota
	// InheritedGroup means that this user is a member of this group through inheritance
	InheritedGroup
)

View Source

const (
	Read = 1 << Permission(iota)
	Write
	Unlink
	All = Read | Write | Unlink
)

The four Permissions are Read, Write, Unlink and All.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthBackend ¶

type AuthBackend interface {
	// Authenticate the user defined by login and secret. Additional data
	// needed by the authentication backend may be passed into the context.
	//
	// On success, it returns the ID of the authenticated user.
	// On failure, it should return a UserNotFoundError if this user is not
	// known to this backend or a InvalidCredentialsError if it is known but
	// cannot be authenticated.
	Authenticate(login, secret string, context *types.Context) (int64, error)
}

An AuthBackend is an interface that is capable of authenticating a user and tell whether a user is a member of a given group.

type AuthBackendRegistry ¶

type AuthBackendRegistry struct {
	// contains filtered or unexported fields
}

An AuthBackendRegistry holds an ordered list of AuthBackend instances that enables authentication against several backends. A pointer to AuthBackendRegistry is itself an AuthBackend that can be used in another AuthBackendRegistry.

var AuthenticationRegistry *AuthBackendRegistry

AuthenticationRegistry is the authentication registry of the application

func (*AuthBackendRegistry) Authenticate ¶

func (ar *AuthBackendRegistry) Authenticate(login, secret string, context *types.Context) (int64, error)

Authenticate tries to authenticate the user with the given uid and secret. Backends are polled in order. The user is authenticated as soon as one backend authenticates his uid with the given secret.

func (*AuthBackendRegistry) RegisterBackend ¶

func (ar *AuthBackendRegistry) RegisterBackend(backend AuthBackend)

RegisterBackend registers the given backend in this registry. The newly added backend is inserted at the top of the list, so that it will override any existing backend that already manages the same uids.

type Group ¶

type Group struct {
	ID       string
	Name     string
	Inherits []*Group
}

A Group defines a role which can be granted or denied permissions. - Groups can inherit from other groups and get access to these groups permissions. - A user can belong to one or several groups, and thus inherit from the permissions of the groups.

var (
	// GroupAdmin which has all permissions
	GroupAdmin *Group
	// GroupEveryone is a group that all users automatically belong to.
	GroupEveryone *Group
)

func (Group) String ¶

func (g Group) String() string

String function for group

type GroupCollection ¶

type GroupCollection struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

A GroupCollection keeps a list of groups

var Registry *GroupCollection

Registry of all security groups of the application

func NewGroupCollection ¶

func NewGroupCollection() *GroupCollection

NewGroupCollection returns a pointer to a new empty GroupCollection

func (*GroupCollection) AddMembership ¶

func (gc *GroupCollection) AddMembership(uid int64, group *Group, inherit ...bool)

AddMembership adds the user defined by its uid to the given group and also to all groups that inherit this group. inherit is set to true when this method is called on an inherited group recursively. You should normally leave it unset.

func (*GroupCollection) AllGroups ¶

func (gc *GroupCollection) AllGroups() []*Group

AllGroups returns a slice with all the groups of the collection

func (*GroupCollection) GetGroup ¶

func (gc *GroupCollection) GetGroup(groupID string) *Group

GetGroup returns the group with the given groupID or nil if not found

func (*GroupCollection) HasMembership ¶

func (gc *GroupCollection) HasMembership(uid int64, group *Group) bool

HasMembership returns true id the given uid is a member of the given group

func (*GroupCollection) NewGroup ¶

func (gc *GroupCollection) NewGroup(ID, name string, inherits ...*Group) *Group

NewGroup creates a new Group with the given id, name and inherited groups and registers it in this GroupCollection. It returns a pointer to the newly created group.

func (*GroupCollection) RegisterGroup ¶

func (gc *GroupCollection) RegisterGroup(group *Group)

RegisterGroup adds the given group to this GroupCollection If group with the same ID exists, this methods panics.

func (*GroupCollection) RemoveAllMembershipsForUser ¶

func (gc *GroupCollection) RemoveAllMembershipsForUser(uid int64)

RemoveAllMembershipsForUser removes the given uid from all groups

func (*GroupCollection) RemoveMembership ¶

func (gc *GroupCollection) RemoveMembership(uid int64, group *Group)

RemoveMembership removes the user with the given uid from the given group and all groups that inherit from this group.

func (*GroupCollection) UnregisterGroup ¶

func (gc *GroupCollection) UnregisterGroup(group *Group)

UnregisterGroup removes the group with the given ID from this GroupCollection

func (*GroupCollection) UserGroups ¶

func (gc *GroupCollection) UserGroups(uid int64) map[*Group]InheritanceInfo

UserGroups returns the slice of groups the user with the given uid belongs to, including inherited groups.

type InheritanceInfo ¶

type InheritanceInfo int8

InheritanceInfo enables us to know if a user is part of a group natively or by inheritance.

type InvalidCredentialsError ¶

type InvalidCredentialsError string

A InvalidCredentialsError should be returned by backends when the user is known to this backend but cannot be authenticated.

func (InvalidCredentialsError) Error ¶

func (ice InvalidCredentialsError) Error() string

Error returns the error message

type Permission ¶

type Permission uint8

A Permission defines which of the read, write or unlink rights apply.

type UserNotFoundError ¶

type UserNotFoundError string

A UserNotFoundError should be returned by backends when the user is not known

func (UserNotFoundError) Error ¶

func (unfe UserNotFoundError) Error() string

Error returns the error message

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL