Documentation ¶
Overview ¶
Package resources provides extendable service Handler for managing resource-policy based data.
Index ¶
- type PoliciesCleaner
- type PoliciesCleanerOptions
- type PoliciesLoaderFunc
- type ResourceProviderHandler
- func (r *ResourceProviderHandler) IsAllowed(ctx context.Context, resourceId string, action service.ResourcePolicyAction, ...) (err error)
- func (r *ResourceProviderHandler) IsContextEditable(ctx context.Context, resourceId string, policies []*service.ResourcePolicy) bool
- func (r *ResourceProviderHandler) MatchPolicies(ctx context.Context, resourceId string, policies []*service.ResourcePolicy, ...) bool
- func (r *ResourceProviderHandler) RestToServiceResourcePolicy(ctx context.Context, input *rest.ResourcePolicyQuery) (output *service.ResourcePolicyQuery, e error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PoliciesCleaner ¶
type PoliciesCleaner struct { Dao dao.DAO Options PoliciesCleanerOptions LogCtx context.Context }
func (*PoliciesCleaner) Handle ¶
func (c *PoliciesCleaner) Handle(ctx context.Context, msg *idm.ChangeEvent) error
Handle cleans resources in the current DAO based on the delete events
type PoliciesCleanerOptions ¶
type PoliciesLoaderFunc ¶
type PoliciesLoaderFunc func(ctx context.Context, resourceId string, resourceClient interface{}) (policies []*service.ResourcePolicy, e error)
PoliciesLoaderFunc is a signature for a function that can load policies from a given resource
type ResourceProviderHandler ¶
type ResourceProviderHandler struct { ResourceName string ServiceName string PoliciesLoader PoliciesLoaderFunc }
ResourceProviderHandler abstracts class that can be implemented by REST handlers to add Policies checking capabilities
func (*ResourceProviderHandler) IsAllowed ¶
func (r *ResourceProviderHandler) IsAllowed(ctx context.Context, resourceId string, action service.ResourcePolicyAction, resourceClient interface{}) (err error)
IsAllowed matches a resourceId against a policy Action It uses the PoliciesLoader function to first grab the policies associated to this resource, then use an in-memory warden to check the policies stack.
func (*ResourceProviderHandler) IsContextEditable ¶
func (r *ResourceProviderHandler) IsContextEditable(ctx context.Context, resourceId string, policies []*service.ResourcePolicy) bool
IsContextEditable can be used for outputting results with a flag telling wether this resource can be edited by the currently logged user
func (*ResourceProviderHandler) MatchPolicies ¶
func (r *ResourceProviderHandler) MatchPolicies(ctx context.Context, resourceId string, policies []*service.ResourcePolicy, action service.ResourcePolicyAction, subjects ...string) bool
MatchPolicies creates an memory-based policy stack checker to check if action is allowed or denied. It uses a DenyByDefault strategy
func (*ResourceProviderHandler) RestToServiceResourcePolicy ¶
func (r *ResourceProviderHandler) RestToServiceResourcePolicy(ctx context.Context, input *rest.ResourcePolicyQuery) (output *service.ResourcePolicyQuery, e error)
RestToServiceResourcePolicy transforms input rest.ResourcePolicy to service.ResourcePolicy that can be used internally