ownership

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 9, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package ownership manages access to resources Copyright 2019 Portworx

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	// AdminGroup is the value that can be set in the token claims Group which
	// gives the user access to any resource
	AdminGroup = "*"
)

Variables

View Source 
var (
	Ownership_AccessType_name = map[int32]string{
		0: "READ",
		1: "WRITE",
		2: "ADMIN",
	}
	Ownership_AccessType_value = map[string]int32{
		"READ":  0,
		"WRITE": 1,
		"ADMIN": 2,
	}
)

Enum value maps for Ownership_AccessType.

View Source 
var File_ownership_proto protoreflect.FileDescriptor

Functions

func IsAdminByContext 

func IsAdminByContext(ctx context.Context) bool

IsAdminByContext checks if the context userInfo contains admin privileges

func IsAdminByUser 

func IsAdminByUser(user *auth.UserInfo) bool

IsAdminByUser returns true if the user is an ownership admin, meaning, that they belong to any group

Types

type Ownership 

type Ownership struct {

	// Username of owner.
	//
	// The storage system uses the username taken from the security authorization
	// token and is saved on this field. Only users with system administration
	// can edit this value.
	Owner string `protobuf:"bytes,1,opt,name=owner,proto3" json:"owner,omitempty"`
	// Permissions to share resource which can be set by the owner.
	//
	// NOTE: To create an "admin" user which has access to any resource set the group value
	// in the token of the user to `*`.
	Acls *Ownership_AccessControl `protobuf:"bytes,2,opt,name=acls,proto3" json:"acls,omitempty"`
	// contains filtered or unexported fields
}

Ownership information for resource. Administrators are users who belong to the group `*`, meaning, every group.

func OwnershipSetUsernameFromContext 

func OwnershipSetUsernameFromContext(ctx context.Context, srcOwnership *Ownership) *Ownership

OwnershipSetUsernameFromContext is used to create a new ownership object for a volume. It takes an ownership value if passed in by the user, then sets the `owner` value to the user name referred to in the user context

func (*Ownership) Descriptor deprecated 

func (*Ownership) Descriptor() ([]byte, []int)

Deprecated: Use Ownership.ProtoReflect.Descriptor instead.

func (*Ownership) GetAcls 

func (x *Ownership) GetAcls() *Ownership_AccessControl

func (*Ownership) GetCollaborators 

func (o *Ownership) GetCollaborators() map[string]Ownership_AccessType

GetCollaborators returns the collaborators in the ownership

func (*Ownership) GetGroups 

func (o *Ownership) GetGroups() map[string]Ownership_AccessType

GetGroups returns the groups in the ownership

func (*Ownership) GetOwner 

func (x *Ownership) GetOwner() string

func (*Ownership) HasAnOwner 

func (o *Ownership) HasAnOwner() bool

HasAnOwner returns true if the resource has an owner

func (*Ownership) IsAccessPermittedByPublic 

func (o *Ownership) IsAccessPermittedByPublic(accessType Ownership_AccessType) bool

IsAccessPermittedByPublic returns true if access is permitted for public user

func (*Ownership) IsAdminByUser 

func (o *Ownership) IsAdminByUser(user *auth.UserInfo) bool

IsAdminByUser returns true if the user is an ownership admin, meaning, that they belong to any group

func (*Ownership) IsMatch 

func (o *Ownership) IsMatch(check *Ownership) bool

IsMatch returns true if the ownership has at least one similar owner, group, or collaborator

func (*Ownership) IsOwner 

func (o *Ownership) IsOwner(user *auth.UserInfo) bool

IsOwner returns if the user is the owner of the resource

func (*Ownership) IsPermitted 

func (o *Ownership) IsPermitted(
	user *auth.UserInfo,
	accessType Ownership_AccessType,
) bool

IsPermitted returns true if the user has access to the resource according to the ownership. If there is no owner, then it is public

func (*Ownership) IsPermittedByContext 

func (o *Ownership) IsPermittedByContext(
	ctx context.Context,
	accessType Ownership_AccessType) bool

IsPermittedByContext returns true if the user captured in the context has permission to access the resource

func (*Ownership) IsPublic 

func (o *Ownership) IsPublic(accessType Ownership_AccessType) bool

IsPublic returns true if public access is set or there is no ownership in this resource

func (*Ownership) IsUserAllowedByCollaborators 

func (o *Ownership) IsUserAllowedByCollaborators(
	user *auth.UserInfo,
	accessType Ownership_AccessType,
) bool

IsUserAllowedByCollaborators returns true if the user is allowed access because they are part of the collaborators list

func (*Ownership) IsUserAllowedByGroup 

func (o *Ownership) IsUserAllowedByGroup(
	user *auth.UserInfo,
	accessType Ownership_AccessType,
) bool

IsUserAllowedByGroup returns true if the user is allowed access by belonging to the appropriate group

func (*Ownership) ProtoMessage 

func (*Ownership) ProtoMessage()

func (*Ownership) ProtoReflect 

func (x *Ownership) ProtoReflect() protoreflect.Message

func (*Ownership) Reset 

func (x *Ownership) Reset()

func (*Ownership) String 

func (x *Ownership) String() string

func (*Ownership) Update 

func (o *Ownership) Update(newownerInfo *Ownership, user *auth.UserInfo) error

Update can be used to update an ownership with new ownership information. It takes into account who is trying to change the ownership values

type Ownership_AccessControl 

type Ownership_AccessControl struct {

	// Group access to resource which must match the group set in the
	// authorization token.
	// Can be set by the owner or the system administrator only.
	// Possible values are:
	// 1. no groups: Means no groups are given access.
	// 2. `["*"]`: All groups are allowed.
	// 3. `["group1", "group2"]`: Only certain groups are allowed. In this example only
	// _group1_ and _group2_ are allowed.
	Groups map[string]Ownership_AccessType `` /* 190-byte string literal not displayed */
	// Collaborator access to resource gives access to other user.
	// Must be the username (unique id) set in the authorization token.
	// The owner or the administrator can set this value. Possible values are:
	// 1. no collaborators: Means no users are given access.
	// 2. `["*"]`: All users are allowed.
	// 3. `["username1", "username2"]`: Only certain usernames are allowed. In this example only
	// _username1_ and _username2_ are allowed.
	Collaborators map[string]Ownership_AccessType `` /* 204-byte string literal not displayed */
	// Public access to resource may be assigned for access by the public userd
	Public *Ownership_PublicAccessControl `protobuf:"bytes,3,opt,name=public,proto3" json:"public,omitempty"`
	// contains filtered or unexported fields
}

func (*Ownership_AccessControl) Descriptor deprecated 

func (*Ownership_AccessControl) Descriptor() ([]byte, []int)

Deprecated: Use Ownership_AccessControl.ProtoReflect.Descriptor instead.

func (*Ownership_AccessControl) GetCollaborators 

func (x *Ownership_AccessControl) GetCollaborators() map[string]Ownership_AccessType

func (*Ownership_AccessControl) GetGroups 

func (x *Ownership_AccessControl) GetGroups() map[string]Ownership_AccessType

func (*Ownership_AccessControl) GetPublic 

func (x *Ownership_AccessControl) GetPublic() *Ownership_PublicAccessControl

func (*Ownership_AccessControl) ProtoMessage 

func (*Ownership_AccessControl) ProtoMessage()

func (*Ownership_AccessControl) ProtoReflect 

func (x *Ownership_AccessControl) ProtoReflect() protoreflect.Message

func (*Ownership_AccessControl) Reset 

func (x *Ownership_AccessControl) Reset()

func (*Ownership_AccessControl) String 

func (x *Ownership_AccessControl) String() string

type Ownership_AccessType 

type Ownership_AccessType int32

Access types can be set by owner to have different levels of access to a resource.

It is up to the resource to interpret what the types mean and are used for. 

const (
	// Read access only and cannot affect the resource.
	Ownership_READ Ownership_AccessType = 0
	// Write access and can affect the resource.
	// This type automatically provides Read access also.
	Ownership_WRITE Ownership_AccessType = 1
	// Administrator access.
	// This type automatically provides Read and Write access also.
	Ownership_ADMIN Ownership_AccessType = 2
)

func (Ownership_AccessType) Descriptor 

func (Ownership_AccessType) Descriptor() protoreflect.EnumDescriptor

func (Ownership_AccessType) Enum 

func (x Ownership_AccessType) Enum() *Ownership_AccessType

func (Ownership_AccessType) EnumDescriptor deprecated 

func (Ownership_AccessType) EnumDescriptor() ([]byte, []int)

Deprecated: Use Ownership_AccessType.Descriptor instead.

func (Ownership_AccessType) Number 

func (x Ownership_AccessType) Number() protoreflect.EnumNumber

func (Ownership_AccessType) String 

func (x Ownership_AccessType) String() string

func (Ownership_AccessType) Type 

func (Ownership_AccessType) Type() protoreflect.EnumType

type Ownership_PublicAccessControl 

type Ownership_PublicAccessControl struct {

	// AccessType declares which level of public access is allowed
	Type Ownership_AccessType `protobuf:"varint,1,opt,name=type,proto3,enum=ownership.Ownership_AccessType" json:"type,omitempty"`
	// contains filtered or unexported fields
}

PublicAccessControl allows assigning public ownership

func (*Ownership_PublicAccessControl) Descriptor deprecated 

func (*Ownership_PublicAccessControl) Descriptor() ([]byte, []int)

Deprecated: Use Ownership_PublicAccessControl.ProtoReflect.Descriptor instead.

func (*Ownership_PublicAccessControl) GetType 

func (x *Ownership_PublicAccessControl) GetType() Ownership_AccessType

func (*Ownership_PublicAccessControl) ProtoMessage 

func (*Ownership_PublicAccessControl) ProtoMessage()

func (*Ownership_PublicAccessControl) ProtoReflect 

func (x *Ownership_PublicAccessControl) ProtoReflect() protoreflect.Message

func (*Ownership_PublicAccessControl) Reset 

func (x *Ownership_PublicAccessControl) Reset()

func (*Ownership_PublicAccessControl) String 

func (x *Ownership_PublicAccessControl) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.