acl

package
v4.0.0-alpha1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2022 License: AGPL-3.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FromContext 

func FromContext(ctx context.Context) (*permissions.AccessList, bool)

func HasAdminKey 

func HasAdminKey(ctx context.Context) bool

func HasPresetACL 

func HasPresetACL(ctx context.Context) bool

func MustFromContext 

func MustFromContext(ctx context.Context) *permissions.AccessList

func ToContext 

func ToContext(ctx context.Context, acl *permissions.AccessList) context.Context

func WithAccessList 

func WithAccessList() nodes.Option

func WithAdminKey 

func WithAdminKey(ctx context.Context) context.Context

func WithContentLockFilter 

func WithContentLockFilter() nodes.Option

func WithFilter 

func WithFilter() nodes.Option

func WithLock 

func WithLock() nodes.Option

func WithPresetACL 

func WithPresetACL(ctx context.Context, acl *permissions.AccessList) context.Context

func WithQuota 

func WithQuota() nodes.Option

Types

type AccessListHandler 

type AccessListHandler struct {
	abstract.Handler
}

AccessListHandler appends permissions.AccessList to the context.

func NewAccessListHandler 

func NewAccessListHandler(adminView bool) *AccessListHandler

NewAccessListHandler creates a new AccessListHandler

func (*AccessListHandler) Adapt 

func (a *AccessListHandler) Adapt(h nodes.Handler, options nodes.RouterOptions) nodes.Handler

type ContentLockFilter 

type ContentLockFilter struct {
	abstract.Handler
}

ContentLockFilter checks for user-defined content locks in the context AccessList.

func (*ContentLockFilter) Adapt 

func (a *ContentLockFilter) Adapt(h nodes.Handler, options nodes.RouterOptions) nodes.Handler

func (*ContentLockFilter) CopyObject 

func (a *ContentLockFilter) CopyObject(ctx context.Context, from *tree.Node, to *tree.Node, requestData *models.CopyRequestData) (int64, error)

CopyObject should check: quota on CopyObject operation? Can we copy an object on top of an existing node?

func (*ContentLockFilter) MultipartCreate 

func (a *ContentLockFilter) MultipartCreate(ctx context.Context, target *tree.Node, requestData *models.MultipartRequestData) (string, error)

func (*ContentLockFilter) PutObject 

func (a *ContentLockFilter) PutObject(ctx context.Context, node *tree.Node, reader io.Reader, requestData *models.PutRequestData) (int64, error)

PutObject check locks before allowing Put operation.

func (*ContentLockFilter) WrappedCanApply 

func (a *ContentLockFilter) WrappedCanApply(srcCtx context.Context, targetCtx context.Context, operation *tree.NodeChangeEvent) error

type FilterHandler 

type FilterHandler struct {
	abstract.Handler
}

FilterHandler checks for read/write permissions depending on the call using the context AccessList.

func (*FilterHandler) Adapt 

func (a *FilterHandler) Adapt(h nodes.Handler, options nodes.RouterOptions) nodes.Handler

func (*FilterHandler) CopyObject 

func (a *FilterHandler) CopyObject(ctx context.Context, from *tree.Node, to *tree.Node, requestData *models.CopyRequestData) (int64, error)

func (*FilterHandler) CreateNode 

func (a *FilterHandler) CreateNode(ctx context.Context, in *tree.CreateNodeRequest, opts ...grpc.CallOption) (*tree.CreateNodeResponse, error)

func (*FilterHandler) DeleteNode 

func (a *FilterHandler) DeleteNode(ctx context.Context, in *tree.DeleteNodeRequest, opts ...grpc.CallOption) (*tree.DeleteNodeResponse, error)

func (*FilterHandler) GetObject 

func (a *FilterHandler) GetObject(ctx context.Context, node *tree.Node, requestData *models.GetRequestData) (io.ReadCloser, error)

func (*FilterHandler) ListNodes 

func (a *FilterHandler) ListNodes(ctx context.Context, in *tree.ListNodesRequest, opts ...grpc.CallOption) (streamer tree.NodeProvider_ListNodesClient, e error)

ListNodes filters list results with ACLs permissions

func (*FilterHandler) MultipartCreate 

func (a *FilterHandler) MultipartCreate(ctx context.Context, node *tree.Node, requestData *models.MultipartRequestData) (string, error)

func (*FilterHandler) PutObject 

func (a *FilterHandler) PutObject(ctx context.Context, node *tree.Node, reader io.Reader, requestData *models.PutRequestData) (int64, error)

func (*FilterHandler) ReadNode 

func (a *FilterHandler) ReadNode(ctx context.Context, in *tree.ReadNodeRequest, opts ...grpc.CallOption) (*tree.ReadNodeResponse, error)

ReadNode checks if node is readable and forward to next middleware.

func (*FilterHandler) UpdateNode 

func (a *FilterHandler) UpdateNode(ctx context.Context, in *tree.UpdateNodeRequest, opts ...grpc.CallOption) (*tree.UpdateNodeResponse, error)

func (*FilterHandler) WrappedCanApply 

func (a *FilterHandler) WrappedCanApply(srcCtx context.Context, targetCtx context.Context, operation *tree.NodeChangeEvent) error

type LockFilter 

type LockFilter struct {
	abstract.Handler
}

LockFilter filters call by checking internal locks.

func (*LockFilter) Adapt 

func (a *LockFilter) Adapt(h nodes.Handler, options nodes.RouterOptions) nodes.Handler

func (*LockFilter) MultipartCreate 

func (a *LockFilter) MultipartCreate(ctx context.Context, node *tree.Node, requestData *models.MultipartRequestData) (string, error)

func (*LockFilter) PutObject 

func (a *LockFilter) PutObject(ctx context.Context, node *tree.Node, reader io.Reader, requestData *models.PutRequestData) (int64, error)

PutObject check locks before allowing Put operation.

func (*LockFilter) WrappedCanApply 

func (a *LockFilter) WrappedCanApply(srcCtx context.Context, targetCtx context.Context, operation *tree.NodeChangeEvent) error

WrappedCanApply will perform checks on quota to make sure an operation is authorized

type QuotaFilter 

type QuotaFilter struct {
	abstract.Handler
	// contains filtered or unexported fields
}

QuotaFilter applies storage quota limitation on a per-workspace basis.

func (*QuotaFilter) Adapt 

func (a *QuotaFilter) Adapt(h nodes.Handler, options nodes.RouterOptions) nodes.Handler

func (*QuotaFilter) ComputeQuota 

func (a *QuotaFilter) ComputeQuota(ctx context.Context, workspace *idm.Workspace) (quota int64, usage int64, err error)

ComputeQuota finds quota and current usage for a given workspace

func (*QuotaFilter) CopyObject 

func (a *QuotaFilter) CopyObject(ctx context.Context, from *tree.Node, to *tree.Node, requestData *models.CopyRequestData) (int64, error)

CopyObject checks quota on CopyObject operation.

func (*QuotaFilter) FindParentWorkspaces 

func (a *QuotaFilter) FindParentWorkspaces(ctx context.Context, workspace *idm.Workspace) (parentWorkspaces []*idm.Workspace, parentContext context.Context, err error)

FindParentWorkspaces finds possible parents for the current workspace based on the RESOURCE_OWNER uuid.

func (*QuotaFilter) MultipartPutObjectPart 

func (a *QuotaFilter) MultipartPutObjectPart(ctx context.Context, target *tree.Node, uploadID string, partNumberMarker int, reader io.Reader, requestData *models.PutRequestData) (models.MultipartObjectPart, error)

MultipartPutObjectPart checks quota on MultipartPutObjectPart.

func (*QuotaFilter) PutObject 

func (a *QuotaFilter) PutObject(ctx context.Context, node *tree.Node, reader io.Reader, requestData *models.PutRequestData) (int64, error)

PutObject checks quota on PutObject operation.

func (*QuotaFilter) QuotaForWorkspace 

func (a *QuotaFilter) QuotaForWorkspace(ctx context.Context, workspace *idm.Workspace, orderedRoles []string) (maxQuota int64, currentUsage int64, err error)

QuotaForWorkspace finds quota and computes current usage from ACLs and Tree for a given workspace, in a specific context given by the orderedRoles list.

func (*QuotaFilter) ReadNode 

func (a *QuotaFilter) ReadNode(ctx context.Context, in *tree.ReadNodeRequest, opts ...grpc.CallOption) (*tree.ReadNodeResponse, error)

ReadNode append quota info on workspace roots

func (*QuotaFilter) WrappedCanApply 

func (a *QuotaFilter) WrappedCanApply(srcCtx context.Context, targetCtx context.Context, operation *tree.NodeChangeEvent) error

WrappedCanApply will perform checks on quota to make sure an operation is authorized

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.