entfga

Documentation

Overview

Package entfga is an ent extension that creates hooks for OpenFGA relationships

Index

• Variables
• func AuthzHooks[T Mutation]() []ent.Hook
• func On(hk ent.Hook, op ent.Op) ent.Hook
• type Annotations
  • func (Annotations) Name() string
• type AuthzExtension
  • func NewFGAExtension(opts ...ExtensionOption) *AuthzExtension
  • func (e *AuthzExtension) Annotations() []entc.Annotation
  • func (e *AuthzExtension) Templates() []*gen.Template
• type Config
  • func (c Config) Name() string
• type ExtensionOption
  • func WithSoftDeletes() ExtensionOption
• type Mutation
• type Mutator
• type OpType
  • func (op OpType) MarshalGQL(w io.Writer)
  • func (op *OpType) Scan(v any) error
  • func (op OpType) String() string
  • func (op *OpType) UnmarshalGQL(v interface{}) error
  • func (op OpType) Value() (driver.Value, error)
  • func (OpType) Values() (kinds []string)
• type Querier
• type Query
• type Role
  • func Enum(r string) Role
  • func (r Role) MarshalGQL(w io.Writer)
  • func (r Role) String() string
  • func (r *Role) UnmarshalGQL(v interface{}) error
  • func (Role) Values() (kinds []string)

Variables

var (
	// ErrUnsupportedType is returned when the object type is not supported
	ErrUnsupportedType = errors.New("unsupported type")

	// ErrMissingRole is returned when an update request is made that contains no role
	ErrMissingRole = errors.New("missing role in update")
)

Functions

func AuthzHooks

func AuthzHooks[T Mutation]() []ent.Hook

AuthzHooks returns a list of authorization hooks for create, update, and delete operations on a specific type of mutation.

func On

func On(hk ent.Hook, op ent.Op) ent.Hook

On will execute the appropriate hook based on the ent operation

Types

type Annotations

type Annotations struct {
	ObjectType      string `yaml:"ObjectType,omitempty"`      // Object type for the fga relationship
	IncludeHooks    bool   `yaml:"includeHooks,omitempty"`    // Include hooks for the fga extension to add tuples to FGA
	IDField         string `yaml:"idField,omitempty"`         // ID field for the object type
	NillableIDField bool   `yaml:"nillableIDField,omitempty"` // NillableIDField set to true if the id is optional field in the ent schema
}

Annotations of the fga extension

func (Annotations) Name

func (Annotations) Name() string

Name of the annotation

type AuthzExtension

type AuthzExtension struct {
	entc.DefaultExtension
	// contains filtered or unexported fields
}

AuthzExtension implements entc.Extension.

func NewFGAExtension

func NewFGAExtension(opts ...ExtensionOption) *AuthzExtension

NewFGAExtension creates a new fga extension

func (*AuthzExtension) Annotations

func (e *AuthzExtension) Annotations() []entc.Annotation

Annotations of the AuthzExtension

func (*AuthzExtension) Templates

func (e *AuthzExtension) Templates() []*gen.Template

Templates returns the generated templates which include the client and authz from mutation

type Config

type Config struct {
	SoftDeletes bool
}

func (Config) Name

func (c Config) Name() string

type ExtensionOption

type ExtensionOption = func(*AuthzExtension)

func WithSoftDeletes

func WithSoftDeletes() ExtensionOption

WithSoftDeletes ensure the delete hook is still used even when soft deletes change the Op to Update

type Mutation

type Mutation interface {
	// Op is the ent operation being taken on the Mutation (Create, Update, UpdateOne, Delete, DeleteOne)
	Op() ent.Op
	// CreateTuplesFromCreate creates tuple relationships for the user/object type on Create Mutations
	CreateTuplesFromCreate(ctx context.Context) error
	// CreateTuplesFromUpdate creates new and deletes old tuple relationships for the user/object type on Update Mutations
	CreateTuplesFromUpdate(ctx context.Context) error
	// CreateTuplesFromDelete deletes tuple relationships for the user/object type on Delete Mutations
	CreateTuplesFromDelete(ctx context.Context) error
	// CheckAccessForEdit checks if the user has access to edit the object type
	CheckAccessForEdit(ctx context.Context) error
	// CheckAccessForDelete checks if the user has access to delete the object type
	CheckAccessForDelete(ctx context.Context) error
}

Mutation interface that all generated Mutation types must implement These functions (with the exception of Op() which is already created) are generated by the ent extension for every schema that includes the `entfga.NewFGAExtension“ extension to satisfy the interface If hooks are skipped by the mutation, the functions are created to satisfy the interface but always return nil and are not added to the client

type Mutator

type Mutator interface {
	Mutate(context.Context, Mutation) (ent.Value, error)
}

Mutator is an interface thats defines a method for mutating a generic ent value based on a given mutation. This is used as a generic interface that ent generated Mutations will implement

type OpType

type OpType string

OpType is the ent operation type in string form

const (
	// OpTypeInsert is the insert (create) operation
	OpTypeInsert OpType = "INSERT"
	// OpTypeUpdate is the update operation
	OpTypeUpdate OpType = "UPDATE"
	// OpTypeDelete is the delete operation
	OpTypeDelete OpType = "DELETE"
)

func (OpType) MarshalGQL

func (op OpType) MarshalGQL(w io.Writer)

MarshalGQL implement the Marshaler interface for gqlgen

func (*OpType) Scan

func (op *OpType) Scan(v any) error

Scan implements the `database/sql.Scanner` interface for the `OpType` type and is used to convert a value from the database into an `OpType` value.

func (OpType) String

func (op OpType) String() string

String value of the operation

func (*OpType) UnmarshalGQL

func (op *OpType) UnmarshalGQL(v interface{}) error

UnmarshalGQL implement the Unmarshaler interface for gqlgen

func (OpType) Value

func (op OpType) Value() (driver.Value, error)

Value of the operation type

func (OpType) Values

func (OpType) Values() (kinds []string)

Values provides list valid values for Enum.

type Querier

type Querier interface {
	Query(context.Context, Query) (ent.Value, error)
}

Querier is an interface thats defines a method for querying a generic ent value based on a given query. This is used as a generic interface that ent generated Query will implement

type Query

type Query interface {
	// Op is the ent operation being taken on the Mutation (Create, Update, UpdateOne, Delete, DeleteOne)
	Op() ent.Op

	// CheckAccess checks if the user has read access to the object type
	CheckAccess(ctx context.Context) error
}

Query interface that all generated Query types must implement

type Role

type Role string

var (
	RoleOwner  Role = "OWNER"
	RoleAdmin  Role = "ADMIN"
	RoleMember Role = "MEMBER"
	Invalid    Role = "INVALID"
)

func Enum

func Enum(r string) Role

Enum returns the Role based on string input

func (Role) MarshalGQL

func (r Role) MarshalGQL(w io.Writer)

MarshalGQL implement the Marshaler interface for gqlgen

func (Role) String

func (r Role) String() string

String returns the role as a string

func (*Role) UnmarshalGQL

func (r *Role) UnmarshalGQL(v interface{}) error

UnmarshalGQL implement the Unmarshaler interface for gqlgen

func (Role) Values

func (Role) Values() (kinds []string)

Values returns a slice of strings that represents all the possible values of the Role enum. Possible default values are "ADMIN", and "MEMBER".