relationship

package

v0.2.0 Latest Latest Go to latest Published: Jan 23, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sourcenetwork/sourcehub

Links

Open Source Insights

Documentation ¶

Overview ¶

package relationship deals with relationship persistance for the ACP module.

Relationships are required to meet certain criteria before they can be passed onto Zanzi for storage. Due to the discretionary and public nature of the ACP module, prior to relationship storage, it's necessary validating that the relationship actor is allowed to create realationship with the specified relation for the specified object.

An exemple of that would be: bob tries to submit relationship (file:foo.txt, read, charlie). Before storing the relationship the ACP package validates that bob is allowed to create read relations for file:foo.txt. This validation is done using the manages rules in a policy.

Index ¶

Variables
type DeleteRelationshipCommand
- func (c *DeleteRelationshipCommand) Execute(ctx context.Context, engine auth_engine.AuthEngine, ...) (auth_engine.RecordFound, error)
type RegisterObjectCommand
- func (c *RegisterObjectCommand) Execute(ctx context.Context, engine auth_engine.AuthEngine) (types.RegistrationResult, error)
type RelationshipAuthorizer
- func NewRelationshipAuthorizer(engine auth_engine.AuthEngine) *RelationshipAuthorizer
- func (a *RelationshipAuthorizer) IsAuthorized(ctx context.Context, policy *types.Policy, relationship *types.Relationship, ...) (bool, error)
type SetRelationshipCommand
- func (c *SetRelationshipCommand) Execute(ctx context.Context, engine auth_engine.AuthEngine, ...) (auth_engine.RecordFound, error)
type UnregisterObjectCommand
- func (c *UnregisterObjectCommand) Execute(ctx context.Context, engine auth_engine.AuthEngine, ...) (uint, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrDeleteOwnerRel = types.ErrAcpProtocolViolation.Wrapf("cannot delete an owner relationship")
	ErrSetOwnerRel    = types.ErrAcpProtocolViolation.Wrapf("cannot set an owner relationship")
)

Functions ¶

This section is empty.

Types ¶

type DeleteRelationshipCommand ¶

type DeleteRelationshipCommand struct {
	// Policy from which Relationship will be removed
	Policy *types.Policy

	// Relationship to be removed
	Relationship *types.Relationship

	// Id of actor that initiated the deletion
	Actor string
}

DeleteRelationshipCommand encapsulates the process of removing a relationship from a Policy

func (*DeleteRelationshipCommand) Execute ¶

func (c *DeleteRelationshipCommand) Execute(ctx context.Context, engine auth_engine.AuthEngine, authorizer *RelationshipAuthorizer) (auth_engine.RecordFound, error)

type RegisterObjectCommand ¶

type RegisterObjectCommand struct {
	Registration *types.Registration
	Policy       *types.Policy
	CreationTs   *prototypes.Timestamp
}

RegisterObjectCommand creates an "owner" Relationship for the given object and subject, if the object does not have a previous owner. If the relationship exists but is archived by the same actor, unarchives it if relationship is active this command is a noop

func (*RegisterObjectCommand) Execute ¶

func (c *RegisterObjectCommand) Execute(ctx context.Context, engine auth_engine.AuthEngine) (types.RegistrationResult, error)

type RelationshipAuthorizer ¶

type RelationshipAuthorizer struct {
	// contains filtered or unexported fields
}

RelationshipAuthorizer acts as an Authorization Request engine which validates whether a Relationship can be set or deleted by an Actor.

The Permission evaluation is done through a Check call using the auxiliary permissions auto generated by the ACP module and attached to a permission.

For instance, take the Relationship (obj:foo, reader, steve) being submitted by Actor Bob. Bob is allowed to Create that relationship if and only if: Bob has the permission _can_manage_reader for "obj:foo".

func NewRelationshipAuthorizer ¶

func NewRelationshipAuthorizer(engine auth_engine.AuthEngine) *RelationshipAuthorizer

func (*RelationshipAuthorizer) IsAuthorized ¶

func (a *RelationshipAuthorizer) IsAuthorized(ctx context.Context, policy *types.Policy, relationship *types.Relationship, actor *types.Actor) (bool, error)

IsAuthorized validates whether actor is a manager for the given relationship.

A given Relationship is only valid if for the Relationship's Object and Relation the Actor has an associated permission to manage the Object, Relation pair.

type SetRelationshipCommand ¶

type SetRelationshipCommand struct {
	Policy       *types.Policy
	CreationTs   *prototypes.Timestamp
	Creator      string
	Relationship *types.Relationship
}

func (*SetRelationshipCommand) Execute ¶

func (c *SetRelationshipCommand) Execute(ctx context.Context, engine auth_engine.AuthEngine, authorizer *RelationshipAuthorizer) (auth_engine.RecordFound, error)

type UnregisterObjectCommand ¶ added in v0.2.0

type UnregisterObjectCommand struct {
	// Target Policy
	Policy *types.Policy

	// Object to be unregistered
	Object *types.Object

	// Actor which initiated request
	Actor string
}

func (*UnregisterObjectCommand) Execute ¶ added in v0.2.0

func (c *UnregisterObjectCommand) Execute(ctx context.Context, engine auth_engine.AuthEngine, authorizer *RelationshipAuthorizer) (uint, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL