Documentation ¶
Index ¶
- func AllowGlobalScope(ctx context.Context, endpoint string, operation openapi.AclOperation) error
- func AllowOrganizationScope(ctx context.Context, endpoint string, operation openapi.AclOperation, ...) error
- func AllowProjectScope(ctx context.Context, endpoint string, operation openapi.AclOperation, ...) error
- func AllowRole(ctx context.Context, role *unikornv1.Role, organizationID string) error
- func FromContext(ctx context.Context) *openapi.Acl
- func NewContext(ctx context.Context, acl *openapi.Acl) context.Context
- type OrganizationMemberships
- type RBAC
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AllowGlobalScope ¶ added in v0.2.20
AllowGlobalScope tries to allow the requested operation at the global scope.
func AllowOrganizationScope ¶ added in v0.2.20
func AllowOrganizationScope(ctx context.Context, endpoint string, operation openapi.AclOperation, organizationID string) error
AllowOrganizationScope tries to allow the requested operation at the global scope, then the organization scope.
func AllowProjectScope ¶ added in v0.2.20
func AllowProjectScope(ctx context.Context, endpoint string, operation openapi.AclOperation, organizationID, projectID string) error
AllowProjectScope tries to allow the requested operation at the global scope, then the organization scope, and finally at the project scope.
Types ¶
type OrganizationMemberships ¶ added in v0.2.20
type OrganizationMemberships struct { Organization *unikornv1.Organization Groups *unikornv1.GroupList }
OrganizationMemberships is an organization with groups a user is a member of.
type RBAC ¶
type RBAC struct {
// contains filtered or unexported fields
}
RBAC contains all the scoping rules for services across the platform.
func (*RBAC) GetACL ¶ added in v0.1.23
GetACL returns a granular set of permissions for a user based on their scope. This is used for API level access control and UX.
func (*RBAC) GetOrganizationMemberships ¶ added in v0.2.20
func (r *RBAC) GetOrganizationMemberships(ctx context.Context, subject string) ([]OrganizationMemberships, error)
GetOrganizationMemberships returns a list of organizations we have membership of and the groups we are members of.
func (*RBAC) UserExists ¶
UserExists is an optimized version of the permissions builder that is used to authorize authentication requests. Failure here means the user need to signup and register themselves with an organization uing a back-channel.