Documentation
¶
Overview ¶
Package acl provides management of ACLs that define permissions granted to repository users.
Index ¶
Constants ¶
const ( OwnUser = "OWN_USER" OwnHost = "OWN_HOST" )
placeholders that can be used in ACL definitions to refer to the current user.
const ContentManifestType = "content"
ContentManifestType is a type that can be used in TargetRule to specify access level to contents as opposed to metadata.
Variables ¶
This section is empty.
Functions ¶
func SupportedAccessLevels ¶
func SupportedAccessLevels() []string
SupportedAccessLevels returns the list of supported access levels.
Types ¶
type AccessLevel ¶
type AccessLevel int
AccessLevel specifies access level.
const ( AccessLevelNone AccessLevel = 1 // no access AccessLevelRead AccessLevel = 2 // permissions to view, but not change AccessLevelAppend AccessLevel = 3 // permissions to view/add but not update/delete. AccessLevelFull AccessLevel = 4 // permission to view/add/update/delete. )
Supported access levels.
func EffectivePermissions ¶
func EffectivePermissions(username, hostname string, target map[string]string, entries []*Entry) AccessLevel
EffectivePermissions computes the effective access level for a given user@hostname to subject for a given set of ACL Entries.
func ParseAccessLevel ¶
func ParseAccessLevel(s string) (AccessLevel, error)
ParseAccessLevel parses the provided string into an AccessLevel.
func (AccessLevel) MarshalJSON ¶
func (a AccessLevel) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler.
func (AccessLevel) String ¶
func (a AccessLevel) String() string
func (*AccessLevel) UnmarshalJSON ¶
func (a *AccessLevel) UnmarshalJSON(b []byte) error
UnmarshalJSON implements json.Unmarshaler.
type Entry ¶
type Entry struct {
ManifestID manifest.ID `json:"-"`
User string `json:"user"` // supports wildcards such as "*@*", "user@host", "*@host, user@*"
Target TargetRule `json:"target"` // supports OwnUser and OwnHost in labels
Access AccessLevel `json:"access,omitempty"`
}
Entry defines access control list entry stored in a manifest which grants the given user certain level of access to a target.
func EntriesForUser ¶
EntriesForUser computes the list of ACL entries matching the given user.
func LoadEntries ¶
LoadEntries returns the set of all ACLs in the repository, using old list as a cache.
type TargetRule ¶
TargetRule specifies a list of key and values that must match labels on the target manifest. The value can have two special placeholders - OWN_USER and OWN_VALUE representing the matched user and host respectively if wildcards are being used. Each target rule must have a type "type" key with a value corresponding to a manifest type ("snapshot", "policy", "user", "acl"). A special type "content" gives access to contents.
func (TargetRule) String ¶
func (r TargetRule) String() string
Source Files