Documentation
¶
Overview ¶
Package rule contains policy rules
Index ¶
- func AllowAfterApplyingPrivacyTokenFilter(emptyToken token.PrivacyToken, ...) privacy.QueryMutationRule
- func AllowIfAdmin() privacy.QueryMutationRule
- func AllowIfContextHasPrivacyTokenOfType(emptyToken token.PrivacyToken) privacy.QueryMutationRule
- func AllowIfSelf() privacy.QueryMutationRule
- func AllowMutationAfterApplyingOwnerFilter() privacy.MutationRule
- func AllowMutationIfContextHasValidEmailSignUpToken(getEmail MutationEmailGetter) privacy.MutationRule
- func CanCreateGroupsInOrg() privacy.GroupMutationRuleFunc
- func ContextHasPrivacyTokenOfType(ctx context.Context, emptyToken token.PrivacyToken) bool
- func DenyIfNoSubject() privacy.QueryMutationRule
- func DenyIfNoViewer() privacy.QueryMutationRule
- func HasOrgMutationAccess() privacy.OrganizationMutationRuleFunc
- type MutationEmailGetter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AllowAfterApplyingPrivacyTokenFilter ¶
func AllowAfterApplyingPrivacyTokenFilter( emptyToken token.PrivacyToken, applyFilter func(t token.PrivacyToken, filter privacy.Filter), ) privacy.QueryMutationRule
AllowAfterApplyingPrivacyTokenFilter allows the mutation to proceed if a privacy token of a specific type is found in the context. It also applies a privacy filter to the token before allowing the mutation to proceed
func AllowIfAdmin ¶
func AllowIfAdmin() privacy.QueryMutationRule
AllowIfAdmin is used to determine whether a query or mutation should be allowed or skipped based on the user's admin status TODO: implement setting admin, this will currently always return a skip
func AllowIfContextHasPrivacyTokenOfType ¶
func AllowIfContextHasPrivacyTokenOfType(emptyToken token.PrivacyToken) privacy.QueryMutationRule
AllowIfContextHasPrivacyTokenOfType allows a mutation to proceed if a privacy token of a specific type is found in the context. It checks if the actual type of the token in the context matches the expected type, and if so, it returns `privacy.Allow`. If the types do not match, it returns `privacy.Skipf` with a message indicating that no token was found in the context with the expected type
func AllowIfSelf ¶
func AllowIfSelf() privacy.QueryMutationRule
AllowIfSelf determines whether a query or mutation operation should be allowed based on whether the requested data is for the viewer
func AllowMutationAfterApplyingOwnerFilter ¶
func AllowMutationAfterApplyingOwnerFilter() privacy.MutationRule
AllowMutationAfterApplyingOwnerFilter defines a privacy rule for mutations in the context of an owner filter
func AllowMutationIfContextHasValidEmailSignUpToken ¶
func AllowMutationIfContextHasValidEmailSignUpToken(getEmail MutationEmailGetter) privacy.MutationRule
AllowMutationIfContextHasValidEmailSignUpToken is used to determine whether a mutation should be allowed or skipped based on the presence and validity of an email signup token in the context
func CanCreateGroupsInOrg ¶
func CanCreateGroupsInOrg() privacy.GroupMutationRuleFunc
CanCreateGroupsInOrg is a rule that returns allow decision if user has edit access in the organization
func ContextHasPrivacyTokenOfType ¶
func ContextHasPrivacyTokenOfType(ctx context.Context, emptyToken token.PrivacyToken) bool
ContextHasPrivacyTokenOfType checks the context for the token type and returns true if they match
func DenyIfNoSubject ¶
func DenyIfNoSubject() privacy.QueryMutationRule
DenyIfNoSubject is a rule that returns deny decision if the subject is missing in the context.
func DenyIfNoViewer ¶
func DenyIfNoViewer() privacy.QueryMutationRule
DenyIfNoViewer returns deny if viewer is not present in context
func HasOrgMutationAccess ¶
func HasOrgMutationAccess() privacy.OrganizationMutationRuleFunc
HasOrgMutationAccess is a rule that returns allow decision if user has edit or delete access
Source Files