acl

package
v0.10.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 30, 2022 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package acl provides management of ACLs that define permissions granted to repository users.

Index

Constants

View Source
const (
	OwnUser = "OWN_USER"
	OwnHost = "OWN_HOST"
)

placeholders that can be used in ACL definitions to refer to the current user.

View Source
const ContentManifestType = "content"

ContentManifestType is a type that can be used in TargetRule to specify access level to contents as opposed to metadata.

Variables

This section is empty.

Functions

func AddACL

func AddACL(ctx context.Context, w repo.RepositoryWriter, e *Entry) error

AddACL validates and adds the specified ACL entry to the repository.

func SupportedAccessLevels

func SupportedAccessLevels() []string

SupportedAccessLevels returns the list of supported access levels.

Types

type AccessLevel

type AccessLevel int

AccessLevel specifies access level.

const (
	AccessLevelNone   AccessLevel = 1 // no access
	AccessLevelRead   AccessLevel = 2 // permissions to view, but not change
	AccessLevelAppend AccessLevel = 3 // permissions to view/add but not update/delete.
	AccessLevelFull   AccessLevel = 4 // permission to view/add/update/delete.
)

Supported access levels.

func EffectivePermissions

func EffectivePermissions(username, hostname string, target map[string]string, entries []*Entry) AccessLevel

EffectivePermissions computes the effective access level for a given user@hostname to subject for a given set of ACL Entries.

func ParseAccessLevel

func ParseAccessLevel(s string) (AccessLevel, error)

ParseAccessLevel parses the provided string into an AccessLevel.

func (AccessLevel) MarshalJSON

func (a AccessLevel) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (AccessLevel) String

func (a AccessLevel) String() string

func (*AccessLevel) UnmarshalJSON

func (a *AccessLevel) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler.

type Entry

type Entry struct {
	ManifestID manifest.ID `json:"-"`
	User       string      `json:"user"`   // supports wildcards such as "*@*", "user@host", "*@host, user@*"
	Target     TargetRule  `json:"target"` // supports OwnUser and OwnHost in labels
	Access     AccessLevel `json:"access,omitempty"`
}

Entry defines access control list entry stored in a manifest which grants the given user certain level of access to a target.

func EntriesForUser

func EntriesForUser(entries []*Entry, username, hostname string) []*Entry

EntriesForUser computes the list of ACL entries matching the given user.

func LoadEntries

func LoadEntries(ctx context.Context, rep repo.Repository, old []*Entry) ([]*Entry, error)

LoadEntries returns the set of all ACLs in the repository, using old list as a cache.

func (*Entry) Validate

func (e *Entry) Validate() error

Validate validates entry.

type TargetRule

type TargetRule map[string]string

TargetRule specifies a list of key and values that must match labels on the target manifest. The value can have two special placeholders - OWN_USER and OWN_VALUE representing the matched user and host respectively if wildcards are being used. Each target rule must have a type "type" key with a value corresponding to a manifest type ("snapshot", "policy", "user", "acl"). A special type "content" gives access to contents.

func (TargetRule) String

func (r TargetRule) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL