rule

package

v0.6.2 Latest Latest Go to latest Published: Dec 20, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/theopenlane/core

Links

Open Source Insights

Documentation ¶

Overview ¶

Package rule contains policy rules

Index ¶

Constants
func AllowAfterApplyingPrivacyTokenFilter[T PrivacyToken](emptyToken PrivacyToken) privacy.QueryMutationRule
func AllowIfContextHasPrivacyTokenOfType(emptyToken token.PrivacyToken) privacy.QueryMutationRule
func AllowIfSelf() privacy.QueryMutationRule
func AllowMutationAfterApplyingOwnerFilter() privacy.MutationRule
func AllowMutationIfContextHasValidEmailSignUpToken(getEmail MutationEmailGetter) privacy.MutationRule
func CanCreateObjectsUnderParent[T generated.Mutation](parentType string) privacy.MutationRuleFunc
func CanInviteUsers() privacy.InviteMutationRuleFunc
func CheckGroupBasedObjectCreationAccess() privacy.MutationRuleFunc
func CheckOrgAccess(ctx context.Context, relation string) error
func ContextHasPrivacyTokenOfType(ctx context.Context, emptyToken token.PrivacyToken) bool
func HasOrgMutationAccess() privacy.OrganizationMutationRuleFunc
type ControlParentMutation
type MutationEmailGetter
type PrivacyToken
type ProgramParentMutation

Constants ¶

View Source

const (
	// ProgramParent is the parent type for program
	ProgramParent = "program"
	// ControlParent is the parent type for control
	ControlParent = "control"
)

Variables ¶

This section is empty.

Functions ¶

func AllowAfterApplyingPrivacyTokenFilter ¶

func AllowAfterApplyingPrivacyTokenFilter[T PrivacyToken](emptyToken PrivacyToken) privacy.QueryMutationRule

AllowAfterApplyingPrivacyTokenFilter allows the mutation to proceed if a privacy token of a specific type is found in the context. It also applies a privacy filter to the token before allowing the mutation to proceed

func AllowIfContextHasPrivacyTokenOfType ¶

func AllowIfContextHasPrivacyTokenOfType(emptyToken token.PrivacyToken) privacy.QueryMutationRule

AllowIfContextHasPrivacyTokenOfType allows a mutation to proceed if a privacy token of a specific type is found in the context. It checks if the actual type of the token in the context matches the expected type, and if so, it returns `privacy.Allow`. If the types do not match, it returns `privacy.Skipf` with a message indicating that no token was found in the context with the expected type

func AllowIfSelf ¶

func AllowIfSelf() privacy.QueryMutationRule

AllowIfSelf determines whether a query or mutation operation should be allowed based on whether the requested data is for the viewer

func AllowMutationAfterApplyingOwnerFilter ¶

func AllowMutationAfterApplyingOwnerFilter() privacy.MutationRule

AllowMutationAfterApplyingOwnerFilter defines a privacy rule for mutations in the context of an owner filter

func AllowMutationIfContextHasValidEmailSignUpToken ¶

func AllowMutationIfContextHasValidEmailSignUpToken(getEmail MutationEmailGetter) privacy.MutationRule

AllowMutationIfContextHasValidEmailSignUpToken is used to determine whether a mutation should be allowed or skipped based on the presence and validity of an email signup token in the context

func CanCreateObjectsUnderParent ¶ added in v0.5.0

func CanCreateObjectsUnderParent[T generated.Mutation](parentType string) privacy.MutationRuleFunc

CanCreateObjectsUnderParent is a rule that returns allow decision if user has edit access in the parent(s) which allows them to create objects associated with the parent

func CanInviteUsers ¶

func CanInviteUsers() privacy.InviteMutationRuleFunc

CanInviteUsers is a rule that returns allow decision if user has access to invite members or admins to the organization

func CheckGroupBasedObjectCreationAccess ¶ added in v0.5.0

func CheckGroupBasedObjectCreationAccess() privacy.MutationRuleFunc

CheckGroupBasedObjectCreationAccess is a rule that returns allow decision if user has access to create the given object in the organization

func CheckOrgAccess ¶ added in v0.4.1

func CheckOrgAccess(ctx context.Context, relation string) error

CheckOrgAccess checks if the authenticated user has access to the organization based on the relation provided This rule assumes that the organization id and user id are set in the context and only checks for access to the single organization

func ContextHasPrivacyTokenOfType ¶

func ContextHasPrivacyTokenOfType(ctx context.Context, emptyToken token.PrivacyToken) bool

ContextHasPrivacyTokenOfType checks the context for the token type and returns true if they match

func HasOrgMutationAccess ¶

func HasOrgMutationAccess() privacy.OrganizationMutationRuleFunc

HasOrgMutationAccess is a rule that returns allow decision if user has edit or delete access

Types ¶

type ControlParentMutation ¶ added in v0.5.0

type ControlParentMutation interface {
	ControlsIDs() []string
}

ControlParentMutation is an interface that defines the method to get the control ids from the mutation

type MutationEmailGetter ¶

type MutationEmailGetter func(generated.Mutation) (string, error)

type PrivacyToken ¶ added in v0.5.0

type PrivacyToken interface {
	GetContextKey() interface{}
	GetToken() string
}

type ProgramParentMutation ¶ added in v0.5.0

type ProgramParentMutation interface {
	ProgramsIDs() []string
}

ProgramParentMutation is an interface that defines the method to get the program ids from the mutation

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL