Documentation
¶
Overview ¶
Package rbac Role Based Access Control
Index ¶
- type Service
- func (s *Service) AccountCreate(c echo.Context, roleID models.AccessRole, accountID, teamID uint) error
- func (s *Service) EnforceAccount(c echo.Context, ID uint) error
- func (s *Service) EnforceRole(c echo.Context, r models.AccessRole) error
- func (s *Service) EnforceTeam(c echo.Context, ID uint) error
- func (s *Service) EnforceUser(c echo.Context, ID uint) error
- func (s *Service) IsLowerRole(c echo.Context, r models.AccessRole) error
- func (s *Service) User(c echo.Context) *models.AuthUser
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Service ¶
type Service struct{}
Service is RBAC application service
func (*Service) AccountCreate ¶
func (s *Service) AccountCreate(c echo.Context, roleID models.AccessRole, accountID, teamID uint) error
AccountCreate performs auth check when creating a new account Team admin cannot create accounts, needs to be fixed on EnforceTeam function
func (*Service) EnforceAccount ¶
EnforceAccount checks whether the request to apply change to account data is done by the user belonging to the that account and that the user has role AccountAdmin. If user has admin role, the check for account doesnt need to pass.
func (*Service) EnforceRole ¶
EnforceRole authorizes request by AccessRole
func (*Service) EnforceTeam ¶
EnforceTeam checks whether the request to change team data is done by the user belonging to the requested team
func (*Service) EnforceUser ¶
EnforceUser checks whether the request to change user data is done by the same user
func (*Service) IsLowerRole ¶
IsLowerRole checks whether the requesting user has higher role than the user it wants to change Used for account creation/deletion
Source Files