Documentation
¶
Index ¶
Constants ¶
const SecurityPrincipalCtxKey ctxKey = 1
SecurityPrincipalCtxKey is used to pass the SecurityPrincipal to the request context.Context
Variables ¶
var ScopeSeparator = '/'
Functions ¶
This section is empty.
Types ¶
type Group ¶
A Group is a collection of roles
func (Group) HasPermission ¶
func (g Group) HasPermission(permission Permission) bool
HasPermission returns true if the current Group has the Permission
type Permission ¶
A Permission has a Scope and Access. A Scope describes where an action can be performed For simplicity, the scope might have maximum 3 levels, (domain, subdomain and resource) separated by ScopeSeparator Scopes should be structured in a parent-child relationship. Each level of hierarchy makes the scope more specific
Examples:
- admin/timesheet/team1 -> Allow access only to the resource team1 from admin/timesheet
- admin/timesheet/* -> Allow access to all resources from admin/timesheet
- admin/*/team1 -> Allow access to all subdomains from the admin domain related to the resource team1
- admin/* -> Allow access to all subdomains and all resources from the admin domain
- * -> Allow access to all domains
func AllPermissions ¶
func AllPermissions() Permission
func NewPermission ¶
func NewPermission(scope string, access Access) (Permission, error)
func ParsePermission ¶
func ParsePermission(permissionAsString string) (Permission, error)
ParsePermission parse a string into a Permission
func (Permission) Implies ¶
func (p Permission) Implies(anotherPermission Permission) bool
Implies returns true if the current Permission implies anotherPermission This function assumes that the scope of the Permission from the argument, does not contain the wildcard (*)
func (Permission) String ¶
func (p Permission) String() string
type Role ¶
type Role struct {
Name string
Description string
AllowedPermissions []Permission
DeniedPermissions []Permission
}
A Role is a collection of allowed and denied permissions The denied permissions check has higher priority than allowed one
func (Role) HasPermission ¶
func (r Role) HasPermission(permission Permission) bool
HasPermission returns true if the current Role has the Permission
type SecurityPrincipal ¶
type SecurityPrincipal interface {
// Identity returns the principal identity
Identity() string
// HasRole returns true if the current SecurityPrincipal has assigned the role
HasRole(roleName string) bool
// HasPermission returns true if the current SecurityPrincipal has the Permission
HasPermission(permission Permission) bool
// String returns a string representation of the SecurityPrincipal
String() string
}
A SecurityPrincipal represents any managed identity that is requesting access to a resource (a user, a service principal, etc)
func GetSecurityPrincipalFromContext ¶
func GetSecurityPrincipalFromContext(ctx context.Context) SecurityPrincipal
GetSecurityPrincipalFromContext returns the SecurityPrincipal from the request context.Context
type User ¶
type User struct {
// the user internal id
Id string
// the name of user
Name string
// the id/name of the platform were the user was authenticated (for example Google, Linkedin, Internal, etc)
IdentityPlatform string
// the security groups where this user belongs
Groups []Group
// a field where any additional data to this user can be attached
Attachment any
}
A User implements SecurityPrincipal and represents an authenticated person
func (User) HasPermission ¶
func (u User) HasPermission(permission Permission) bool
Source Files
Directories