Documentation
¶
Index ¶
- Constants
- func CheckScopesGlobals(scopes []string, serviceID string) bool
- func ListGranted(scopes []Scope, have Scope, all bool) bool
- func ListGrants(scopes []Scope, want Scope) bool
- func ResourceAccessForScopes(scopes []Scope, minAllAccessScope Scope, requestedResources []string) (bool, []string, error)
- func ScopeServiceGlobal(serviceID string) string
- func ScopesToStrings(scopes []Scope) []string
- type Authorization
- type CasbinAuthorization
- type CasbinScopeAuthorization
- type Scope
Constants ¶
const ( // ScopeAll represents all options of a scope component ScopeAll string = "all" // ScopeGlobal represents the global scope ScopeGlobal string = "all:all:all" //ScopeOperationGet indicates a scope may be used for a get operation ScopeOperationGet string = "get" //ScopeOperationCreate indicates a scope may be used for a create operation ScopeOperationCreate string = "create" //ScopeOperationUpdate indicates a scope may be used for a update operation ScopeOperationUpdate string = "update" //ScopeOperationDelete indicates a scope may be used for a delete operation ScopeOperationDelete string = "delete" )
Variables ¶
This section is empty.
Functions ¶
func CheckScopesGlobals ¶
CheckScopesGlobals checks if the global or service global scope exists in the list of scope strings
func ListGranted ¶
ListGranted returns true if any or all scopes listed are granted by the provided "have" scope
func ListGrants ¶
ListGrants returns true if any of the listed scopes grant the provided "want" scope
func ResourceAccessForScopes ¶
func ResourceAccessForScopes(scopes []Scope, minAllAccessScope Scope, requestedResources []string) (bool, []string, error)
ResourceAccessForScopes checks which resources a list of scopes grant access to
Inputs: scopes ([]Scope): list of scopes that have been granted minAllAccessScope (Scope): minimum access scope that grants access to all requested resources requestedResources: ([]string): list of data keys for which scope access should be checked Outputs: allAccess (bool): whether any scope in scopes grants access to all requested resources accessKeys ([]string): all data keys the provided scopes grant access to in minAllAccessScope context err (error): returned if scopes do not grant access to all requested resources
func ScopeServiceGlobal ¶
ScopeServiceGlobal returns the global scope
func ScopesToStrings ¶
ScopesToStrings creates a list of string representations from a list of scope objects
Types ¶
type Authorization ¶
type Authorization interface {
Any(values []string, object string, action string) error
All(values []string, object string, action string) error
}
Authorization is a standard authorization interface that can be reused by various auth types.
type CasbinAuthorization ¶
type CasbinAuthorization struct {
// contains filtered or unexported fields
}
CasbinAuthorization is a Casbin implementation of the authorization interface.
func NewCasbinAuthorization ¶
func NewCasbinAuthorization(modelPath string, policyPath string) *CasbinAuthorization
NewCasbinAuthorization returns a new Casbin enforcer
func NewCasbinStringAuthorization ¶
func NewCasbinStringAuthorization(policyPath string) *CasbinAuthorization
NewCasbinStringAuthorization returns a new Casbin enforcer with the string model
type CasbinScopeAuthorization ¶
type CasbinScopeAuthorization struct {
// contains filtered or unexported fields
}
CasbinScopeAuthorization is a Casbin implementation of the authorization interface for scope values.
func NewCasbinScopeAuthorization ¶
func NewCasbinScopeAuthorization(policyPath string, serviceID string) *CasbinScopeAuthorization
NewCasbinScopeAuthorization returns a new casbin enforcer
type Scope ¶
type Scope struct {
ServiceID string `json:"service_id" bson:"service_id"`
Resource string `json:"resource" bson:"resource"`
Operation string `json:"operation" bson:"operation"`
}
Scope represents a scope entity
func ScopeFromString ¶
ScopeFromString creates a scope object from the string representation
func ScopesFromStrings ¶
ScopesFromStrings creates a list of scope objects from a list of string representations.
If skipInvalid is true, invalid scopes will be skipped, if false an error will be returned
func (Scope) AssociatedResources ¶
AssociatedResources returns the subset of scope resources that s grants access to or that grant access to s,
and a boolean indicator if a direct asymmetric match is found Optionally trims the Resource of s from matched scopes' Resources
func (Scope) Grants ¶
Grants returns true if the scope (we have) grants access to the provided "want" scope
func (Scope) IsServiceGlobal ¶
IsServiceGlobal returns true if the scope is the service-level global scope
Source Files