Documentation
¶
Index ¶
- Variables
- func AllowedMethodFromContext(ctx context.Context) *rbacv1.AllowedMethod
- func FilterByScope[T UserAssignable, S ~[]T](ctx context.Context, items S) ([]T, error)
- func NewAllowedMethodsMiddleware(config *rbacv1.Config) *middleware
- func VerifyScopeForUser(ctx context.Context, assignedUser auth.AuthenticatedUser) error
- type UserAssignable
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrScopeNotSupported = status.Errorf(codes.InvalidArgument, "scope not supported")
Functions ¶
func AllowedMethodFromContext ¶
func AllowedMethodFromContext(ctx context.Context) *rbacv1.AllowedMethod
func FilterByScope ¶
func FilterByScope[T UserAssignable, S ~[]T](ctx context.Context, items S) ([]T, error)
FilterByScope filters the given slice of UserAssignable items based on the AuthenticatedUser and AllowedMethod in the context.
Specifically, if the list contains objects assigned to multiple users, and the AllowedMethod has a scope of CurrentUser, the returned slice will consist only of those items assigned to the authenticated user.
If the scope of the method is AllUsers, no filtering is performed.
func VerifyScopeForUser ¶
func VerifyScopeForUser(ctx context.Context, assignedUser auth.AuthenticatedUser) error
VerifyScopeForUser verifies that the authenticated user in the context is allowed to access the resource assigned to 'assignedUser', based on the scope of the AllowedMethod in the context.
Types ¶
type UserAssignable ¶
type UserAssignable interface {
AssignedUser() auth.AuthenticatedUser
}
Source Files
Click to show internal directories.
Click to hide internal directories.