authorizer

Documentation

Index

• type DeviceClaims
• type Permission
• type Role
  • func RoleFromString(str string) Role
  • func (r Role) HasAuthority(passive Role) bool
  • func (r Role) HasPermission(permission Permission) bool
  • func (r Role) Permissions() []Permission
  • func (r Role) String() string
• type UserClaims

Types

type DeviceClaims

type DeviceClaims struct {
	UID      string `json:"uid"`
	TenantID string `json:"tenant"`
}

DeviceClaims represents the attributes needed to authenticate a device.

type Permission

type Permission int

const (
	DeviceAccept Permission = iota
	DeviceReject
	DeviceUpdate
	DeviceRemove
	DeviceConnect
	DeviceRename
	DeviceDetails
	DeviceCreateTag
	DeviceUpdateTag
	DeviceRemoveTag
	DeviceRenameTag
	DeviceDeleteTag

	SessionPlay
	SessionClose
	SessionRemove
	SessionDetails

	FirewallCreate
	FirewallEdit
	FirewallRemove
	FirewallAddTag
	FirewallRemoveTag
	FirewallUpdateTag

	PublicKeyCreate
	PublicKeyEdit
	PublicKeyRemove
	PublicKeyAddTag
	PublicKeyRemoveTag
	PublicKeyUpdateTag

	NamespaceUpdate
	NamespaceAddMember
	NamespaceRemoveMember
	NamespaceEditMember
	NamespaceEnableSessionRecord
	NamespaceDelete

	BillingCreateCustomer
	BillingChooseDevices
	BillingAddPaymentMethod
	BillingUpdatePaymentMethod
	BillingRemovePaymentMethod
	BillingCancelSubscription
	BillingCreateSubscription
	BillingGetPaymentMethod
	BillingGetSubscription

	APIKeyCreate
	APIKeyUpdate
	APIKeyDelete

	ConnectorDelete
	ConnectorUpdate
	ConnectorSet
)

type Role

type Role string

Role defines a user access level.

const (
	// RoleInvalid represents an invalid role. Any operation with this role will
	// be rejected.
	RoleInvalid Role = ""
	// RoleObserver represents a namespace observer. An observer can only connect to a
	// device and retrieve device and session details.
	RoleObserver Role = "observer"
	// RoleOperator represents a namespace operator. An operator has only device-related
	// permissions, excluding the [DeviceRemove] permission. An operator also has the
	// [SessionDetails] permission.
	RoleOperator Role = "operator"
	// RoleAdministrator represents a namespace administrator. An administrator has
	// similar permissions to [RoleOwner] but cannot delete the namespace. They also do
	// not have permission for any billing-related actions.
	RoleAdministrator Role = "administrator"
	// RoleOwner represents a namespace owner. The owner has all permissions.
	RoleOwner Role = "owner"
)

func RoleFromString

func RoleFromString(str string) Role

RoleFromString returns the Role corresponding to the given string. If the string is not a valid role, it returns RoleInvalid.

func (Role) HasAuthority

func (r Role) HasAuthority(passive Role) bool

HasAuthority reports whether the role r has greater or equal authority compared to the passive role. It always returns false if either role is invalid or if the passive role is RoleOwner.

func (Role) HasPermission

func (r Role) HasPermission(permission Permission) bool

HasPermission reports whether the role r has the specified permission.

func (Role) Permissions

func (r Role) Permissions() []Permission

Permissions returns all permissions associated with the role r. If the role is RoleInvalid, it returns an empty slice.

func (Role) String

func (r Role) String() string

String converts the given role to its corresponding string. If the string is not a valid role, it returns "N/A".

type UserClaims

type UserClaims struct {
	ID string `json:"id"`
	// TenantID is the identifier of the tenant to which the claims belongs.
	// It's optional.
	TenantID string `json:"tenant"`
	Role     Role   `json:"-"`
	Username string `json:"name"`
	// MFA indicates whether multi-factor authentication is enabled for the user.
	MFA bool `json:"mfa"`
}

UserClaims represents the attributes needed to authenticate a user.