Documentation ¶
Overview ¶
Package permission handles checking and granting of permissions using context.Context.
A context can be granted User, System, or Service privileges using UserContext, SystemContext, or ServiceContext, respectively.
Data can be extracted using the appropriate method (e.g. UserID, ServiceID, etc...)
Context can then be validated using Checkers (e.g. like the User function) or by using LimitCheckAny and a number of Checkers together.
Index ¶
- func Admin(ctx context.Context) bool
- func All(ctx context.Context) bool
- func AuthCheckCount(ctx context.Context) (value, max uint64)
- func AuthCheckCountContext(ctx context.Context, max uint64) context.Context
- func IsPermissionError(err error) bool
- func IsUnauthorized(err error) bool
- func LimitCheckAny(ctx context.Context, checks ...Checker) error
- func NewAccessDenied(reason string) error
- func Service(ctx context.Context) bool
- func ServiceContext(ctx context.Context, serviceID string) context.Context
- func ServiceID(ctx context.Context) string
- func ServiceNullUUID(ctx context.Context) uuid.NullUUID
- func ServiceSourceContext(ctx context.Context, id string, src *SourceInfo) context.Context
- func SourceContext(ctx context.Context, src *SourceInfo) context.Context
- func SudoContext(ctx context.Context, f func(context.Context))
- func System(ctx context.Context) bool
- func SystemComponentName(ctx context.Context) string
- func SystemContext(ctx context.Context, componentName string) context.Context
- func Team(ctx context.Context) bool
- func TeamContext(ctx context.Context, teamID string) context.Context
- func TeamID(ctx context.Context) string
- func Unauthorized() error
- func User(ctx context.Context) bool
- func UserContext(ctx context.Context, id string, r Role) context.Context
- func UserID(ctx context.Context) string
- func UserNullUUID(ctx context.Context) uuid.NullUUID
- func UserSourceContext(ctx context.Context, id string, r Role, src *SourceInfo) context.Context
- func WithoutAuth(ctx context.Context) context.Context
- type Checker
- type Error
- type Role
- type SourceInfo
- type SourceType
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthCheckCount ¶
AuthCheckCount will return the current number of authorization checks as well as the maximum.
func AuthCheckCountContext ¶
AuthCheckCountContext will return a new context with the AuthCheckCount maximum set to the provided value. If max is 0, there will be no limit.
func IsPermissionError ¶
IsPermissionError will determine if the root error cause is a permission error.
func IsUnauthorized ¶
IsUnauthorized will determine if the root error cause is an unauthorized permission error.
func LimitCheckAny ¶
LimitCheckAny will return a permission error if none of the checks pass, or if the auth check limit is reached. If no checks are provided, only the limit check, and a check that the context has SOME type authorization is performed. nil can be passed as an always-fail check option (useful to prevent the no-check behavior, if required).
func NewAccessDenied ¶
NewAccessDenied will return a new generic access denied error.
func ServiceContext ¶
ServiceContext will return a new context with privileges for the given service.
func ServiceNullUUID ¶ added in v0.33.0
ServiceNullUUID will return the ServiceID associated with a context as a NullUUID.
func ServiceSourceContext ¶
ServiceSourceContext behaves like ServiceContext, but provides SourceInfo about the authorization.
func SourceContext ¶
func SourceContext(ctx context.Context, src *SourceInfo) context.Context
SourceContext will return a context with the provided SourceInfo.
func SudoContext ¶
SudoContext elevates an existing context to system level. The elevated context is automatically canceled as soon as the callback returns.
Example ¶
ExampleSudoContext shows how to use SudoContext.
// the original context could be from anywhere (req.Context() in an http.Handler for example) ctx := context.Background() SudoContext(ctx, func(ctx context.Context) { // within this function scope, ctx now has System privileges }) // once the function returns, the elevated context is canceled, but the original ctx is still valid
Output:
func SystemComponentName ¶
SystemComponentName will return the component name used to initiate a context.
func SystemContext ¶
SystemContext will return a new context with the system privileges. Name must be alphanumeric.
func TeamContext ¶
TeamContext will return a new context with privileges for the given team.
func Unauthorized ¶ added in v0.30.0
func Unauthorized() error
Unauthorized will return an unauthorized error.
func UserContext ¶
UserContext will return a context authenticated with the users privileges.
Example ¶
// start with any context ctx := context.Background() // pass it through UserContext to assign a user ID and Role ctx = UserContext(ctx, "user-id-here", RoleAdmin) // later on it can be checked anywhere; this example will satisfy the Admin role requirement err := LimitCheckAny(ctx, Admin) fmt.Println(err)
Output: <nil>
func UserNullUUID ¶ added in v0.33.0
UserNullUUID will return the UserID associated with a context as a NullUUID.
func UserSourceContext ¶
UserSourceContext behaves like UserContext, but provides SourceInfo about the authorization.
Types ¶
type Checker ¶
A Checker is used to give a pass-or-fail result for a given context.
func MatchService ¶
MatchService will return a Checker that ensures the context has the given ServiceID.
type Error ¶
Error represents an auth error where the context does not have a sufficient role for the operation.
type Role ¶
type Role string
Role represents a users access level
Available roles
type SourceInfo ¶
type SourceInfo struct { Type SourceType ID string }
SourceInfo provides information about the source of a context's authorization.
func Source ¶
func Source(ctx context.Context) *SourceInfo
Source will return the SourceInfo associated with a context.
func (SourceInfo) String ¶
func (s SourceInfo) String() string
type SourceType ¶
type SourceType int
SourceType describes a type of authentication used to authorize a context.
const ( // SourceTypeNotificationCallback is set when a context is authenticated via the response to an outgoing notification. SourceTypeNotificationCallback SourceType = iota // SourceTypeIntegrationKey is set when an integration key is used to provide permission on a context. SourceTypeIntegrationKey // SourceTypeAuthProvider is set when a provider from the auth package is used (e.g. the web UI). SourceTypeAuthProvider // SourceTypeContactMethod is set when a context is authorized for use of a user's contact method. SourceTypeContactMethod // SourceTypeHeartbeat is set when a context is authorized for use of a service's heartbeat. SourceTypeHeartbeat // SourceTypeNotificationChannel is set when a context is authorized for use of a notification channel. SourceTypeNotificationChannel // SourceTypeCalendarSubscription is set when a context is authorized for use of a calendar subscription. SourceTypeCalendarSubscription // SourceTypeGQLAPIKey is set when a context is authorized for use of the GraphQL API. SourceTypeGQLAPIKey // SourceTypeUIK is set when a context is authorized for use of a universal integration key. SourceTypeUIK )
func (SourceType) String ¶
func (i SourceType) String() string