Documentation ¶
Overview ¶
Package entfga is an ent extension that creates hooks for OpenFGA relationships
Index ¶
- Variables
- func AuthzHooks[T MutationForHooks]() []ent.Hook
- func CheckDeleteAccess[T Mutation]() privacy.MutationRule
- func CheckEditAccess[T Mutation]() privacy.MutationRule
- func CheckEditAndDeleteAccess[T Mutation]() privacy.MutationRule
- func CheckReadAccess[T Query]() privacy.QueryRule
- func On(hk ent.Hook, op ent.Op) ent.Hook
- type Annotations
- type AuthzExtension
- type Config
- type ConfigOption
- type Mutation
- type MutationForHooks
- type Mutator
- type OpType
- type Querier
- type Query
- type QueryRuleFunc
- type Role
Constants ¶
This section is empty.
Variables ¶
var ( // ErrUnsupportedType is returned when the object type is not supported ErrUnsupportedType = errors.New("unsupported type") // ErrMissingRole is returned when an update request is made that contains no role ErrMissingRole = errors.New("missing role in update") // ErrFailedToGenerateTemplate is returned when the template cannot be generated ErrFailedToGenerateTemplate = errors.New("failed to generate template") // ErrFailedToWriteTemplate is returned when the template cannot be written ErrFailedToWriteTemplate = errors.New("failed to write template") )
Functions ¶
func AuthzHooks ¶
func AuthzHooks[T MutationForHooks]() []ent.Hook
AuthzHooks returns a list of authorization hooks for create, update, and delete operations on a specific type of mutation.
func CheckDeleteAccess ¶ added in v0.4.0
func CheckDeleteAccess[T Mutation]() privacy.MutationRule
CheckDeleteAccess checks if the requestor has access to delete the object for the provided Mutation type
func CheckEditAccess ¶ added in v0.4.0
func CheckEditAccess[T Mutation]() privacy.MutationRule
CheckEditAccess checks if the requestor has access to edit the object for the provided Mutation type, this can be used for update and delete operations if specific delete access is required, use CheckEditAndDeleteAccess instead
func CheckEditAndDeleteAccess ¶ added in v0.4.0
func CheckEditAndDeleteAccess[T Mutation]() privacy.MutationRule
CheckEditAndDeleteAccess checks if the requestor has access to edit the object on update operations and access to delete the object on delete operations for the provided Mutation type
func CheckReadAccess ¶ added in v0.4.0
CheckReadAccess checks if the requestor has access to read the object for the provided Query type
Types ¶
type Annotations ¶
type Annotations struct { ObjectType string `yaml:"ObjectType,omitempty"` // Object type for the fga relationship IncludeHooks bool `yaml:"includeHooks,omitempty"` // Include hooks for the fga extension to add tuples to FGA IDField string `yaml:"idField,omitempty"` // ID field for the object type NillableIDField bool `yaml:"nillableIDField,omitempty"` // NillableIDField set to true if the id is optional field in the ent schema OrgOwnedField bool `yaml:"orgOwnedField,omitempty"` // OrgOwnedField set to true if the field is an org owned field and org automatically set by the system }
Annotations of the fga extension Annotations can be added to a schema using the struct directly or by using the helper functions provided in this package
func MembershipChecks ¶ added in v0.4.0
func MembershipChecks(object string) Annotations
MembershipChecks returns an annotation for checks based on a membership table commonly used on through tables, e.g. organization members, group members, etc This will enable the hooks to create tuples on object mutations
func OrganizationInheritedChecks ¶ added in v0.4.0
func OrganizationInheritedChecks() Annotations
OrgInheritedChecks returns an annotation with the object type set to organization and the org owned field set to true
func SelfAccessChecks ¶ added in v0.4.0
func SelfAccessChecks() Annotations
SelfAccessChecks returns an empty annotation the schema will use the the schema name as the object type in all fga checks, e.g. the OrganizationSchema will use "organization" as the object type
func SettingsChecks ¶ added in v0.4.0
func SettingsChecks(object string) Annotations
SettingsChecks returns an annotation for permission checks on settings schemas, which typically inherit their permission from their parent object (e.g. group settings would inherit from group)
type AuthzExtension ¶
type AuthzExtension struct { entc.DefaultExtension // contains filtered or unexported fields }
AuthzExtension implements entc.Extension.
func New ¶
func New(opts ...ConfigOption) *AuthzExtension
New creates a new fga extension with the provided config options
func (*AuthzExtension) Annotations ¶
func (e *AuthzExtension) Annotations() []entc.Annotation
Annotations of the AuthzExtension
func (*AuthzExtension) GenerateAuthzChecks ¶
func (e *AuthzExtension) GenerateAuthzChecks() error
GenerateAuthzChecks generates the authz checks for the ent schema this is separate to allow the function to be called outside the entc generation due to dependencies between the ent policies and the authz checks
func (*AuthzExtension) Templates ¶
func (e *AuthzExtension) Templates() []*gen.Template
Templates returns the generated templates which include the client and authz from mutation
type Config ¶
type Config struct { // SoftDeletes is used to determine if the schema uses soft deletes SoftDeletes bool // SchemaPath is the path to the schema directory SchemaPath string // GeneratedPath is the path to the generated directory GeneratedPath string // GeneratedPkg is the package that the generated code will be placed in GeneratedPkg string }
type ConfigOption ¶
type ConfigOption = func(*Config)
func WithGeneratedPath ¶
func WithGeneratedPath(generatedPath string) ConfigOption
WithGeneratedPath allows you to set an alternative ent generated path Defaults to "internal/ent/generated"
func WithGeneratedPkg ¶
func WithGeneratedPkg(generatedPkg string) ConfigOption
WithGeneratedPkg allows you to set an alternative generated package Defaults to "generated"
func WithSchemaPath ¶
func WithSchemaPath(schemaPath string) ConfigOption
WithSchemaPath allows you to set an alternative schemaPath Defaults to "./schema"
func WithSoftDeletes ¶
func WithSoftDeletes() ConfigOption
WithSoftDeletes ensure the delete hook is still used even when soft deletes change the Op to Update
type Mutation ¶
type Mutation interface { // CheckAccessForEdit checks if the user has access to edit the object type CheckAccessForEdit(ctx context.Context) error // CheckAccessForDelete checks if the user has access to delete the object type CheckAccessForDelete(ctx context.Context) error }
Mutation interface that all generated Mutation types must implement
type MutationForHooks ¶ added in v0.4.0
type MutationForHooks interface { // Op is the ent operation being taken on the Mutation (Create, Update, UpdateOne, Delete, DeleteOne) Op() ent.Op // CreateTuplesFromCreate creates tuple relationships for the user/object type on Create Mutations CreateTuplesFromCreate(ctx context.Context) error // CreateTuplesFromUpdate creates new and deletes old tuple relationships for the user/object type on Update Mutations CreateTuplesFromUpdate(ctx context.Context) error // CreateTuplesFromDelete deletes tuple relationships for the user/object type on Delete Mutations CreateTuplesFromDelete(ctx context.Context) error }
MutationForHooks interface that all generated Mutation that use hooks types must implement With the exception of Op() all other methods are created by the entfga generator
type Mutator ¶
Mutator is an interface thats defines a method for mutating a generic ent value based on a given mutation. This is used as a generic interface that ent generated Mutations will implement
type OpType ¶
type OpType string
OpType is the ent operation type in string form
func (OpType) MarshalGQL ¶
MarshalGQL implement the Marshaler interface for gqlgen
func (*OpType) Scan ¶
Scan implements the `database/sql.Scanner` interface for the `OpType` type and is used to convert a value from the database into an `OpType` value.
func (*OpType) UnmarshalGQL ¶
UnmarshalGQL implement the Unmarshaler interface for gqlgen
type Querier ¶
Querier is an interface thats defines a method for querying a generic ent value based on a given query. This is used as a generic interface that ent generated Query will implement
type Query ¶
type Query interface { // CheckAccess checks if the user has read access to the object type CheckAccess(ctx context.Context) error }
Query interface that all generated Query types must implement
type QueryRuleFunc ¶ added in v0.4.0
QueryRuleFunc type is an adapter which allows the use of ordinary functions as mutation rules.
type Role ¶
type Role string
func (Role) MarshalGQL ¶
MarshalGQL implement the Marshaler interface for gqlgen
func (*Role) UnmarshalGQL ¶
UnmarshalGQL implement the Unmarshaler interface for gqlgen
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
_examples
|
|
basic/ent
Code generated by entfga, DO NOT EDIT.
|
Code generated by entfga, DO NOT EDIT. |
basic/ent/enums
Package enums has enums
|
Package enums has enums |