permission

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 26, 2021 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package permission contains abstractions and implementations for a permission backend.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Register 

func Register(scheme string, factory Factory)

Register registers a new backend by scheme. It will panic if multiple backends are registered under the same scheme.

Types

type ACE 

type ACE struct {
	Perm string      // the permission name
	Path riposo.Path // the object path
}

ACE is a permission/path tuple.

type Backend 

type Backend interface {
	// Ping returns an error if offline.
	Ping(context.Context) error

	// Begin starts a new Transation.
	Begin(context.Context) (Transaction, error)

	// Close closes the backend.
	Close() error
}

Backend defines the abstract backend.

func Connect 

func Connect(ctx context.Context, urlString string, hlp *riposo.Helpers) (Backend, error)

Connect connects a backend via URL.

type Factory 

type Factory func(context.Context, *url.URL, *riposo.Helpers) (Backend, error)

Factory initializes a new backend at runtime.

type Transaction 

type Transaction interface {
	// Commit commits the transaction.
	Commit() error
	// Rollback aborts the transaction.
	Rollback() error

	// Flush deletes all stored data.
	Flush() error

	// GetUserPrincipals returns all principals assigned to a user.
	GetUserPrincipals(userID string) ([]string, error)
	// AddUserPrincipal adds a principal to users.
	AddUserPrincipal(principal string, userIDs []string) error
	// RemoveUserPrincipal removes a principal from users.
	RemoveUserPrincipal(principal string, userIDs []string) error
	// PurgeUserPrincipals removes principals from every user.
	PurgeUserPrincipals(principals ...string) error

	// GetACEPrincipals returns a list of principals for an Access Control Entry.
	GetACEPrincipals(ent ACE) ([]string, error)
	// AddACEPrincipal adds an additional principal to an Access Control Entry.
	AddACEPrincipal(principal string, ent ACE) error
	// RemoveACEPrincipal deletes a principal from an Access Control Entry.
	RemoveACEPrincipal(principal string, ent ACE) error
	// GetAllACEPrincipals returns principals with access to the requested ents.
	GetAllACEPrincipals(ents []ACE) ([]string, error)

	// GetPermissions gets all permissions for a single path.
	GetPermissions(path riposo.Path) (schema.PermissionSet, error)
	// CreatePermissions creates permissions of a single path.
	CreatePermissions(path riposo.Path, set schema.PermissionSet) error
	// MergePermissions merges permissions of a single path.
	MergePermissions(path riposo.Path, set schema.PermissionSet) error
	// DeletePermissions recursively deletes for the given paths.
	DeletePermissions(paths ...riposo.Path) error

	// GetAccessiblePaths appends paths to dst that are accessible by principals within ents.
	// ACE paths may contains wildcards.
	//
	// Example: get all readable or writable paths by "account:alice" matching "/buckets/foo/collections/*":
	// 	backend.GetAccessiblePaths(ctx, nil, []string{"account:alice"},	[]permission.ACE{
	// 		{Perm: "read", Path: "/buckets/foo/collections/*"},
	// 		{Perm: "write", Path: "/buckets/foo/collections/*"},
	// 	})
	GetAccessiblePaths(dst []riposo.Path, principals []string, ents []ACE) ([]riposo.Path, error)
}

Transaction is a transaction.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.