user

package
v2.5.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2018 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// Titles
	ListTitles   = newPrivilege(RoleAny)
	ModifyTitles = newPrivilege(RoleTitleManager)

	// Add or delete MARC org codes
	ManageMOCs = newPrivilege(RoleMOCManager)

	// Workflow
	ViewMetadataWorkflow = newPrivilege(RoleIssueCurator, RoleIssueReviewer)
	EnterIssueMetadata   = newPrivilege(RoleIssueCurator)
	ReviewIssueMetadata  = newPrivilege(RoleIssueReviewer)
	ReviewOwnMetadata    = newPrivilege()

	// User management
	ListUsers   = newPrivilege(RoleUserManager)
	ModifyUsers = newPrivilege(RoleUserManager)

	// Uploaded issue viewing & queueing
	ViewUploadedIssues   = newPrivilege(RoleWorkflowManager)
	ModifyUploadedIssues = newPrivilege(RoleWorkflowManager)

	// View the SFTP credentials for a title
	ViewTitleSFTPCredentials = newPrivilege(RoleTitleManager)

	// Search for issues across all locations - this could really be more open,
	// but I don't see it being necessary for anybody but workflow managers at
	// the moment
	SearchIssues = newPrivilege(RoleWorkflowManager)

	// Admins only
	ModifyValidatedLCCNs = newPrivilege()
	ModifyTitleSFTP      = newPrivilege()
	ListAuditLogs        = newPrivilege()
)

This is our full, hard-coded list of valid privileges

View Source 
var (
	RoleAny   = newRole("-any-", "N/A")
	RoleAdmin = newRole("admin",
		`No restrictions.  These users can modify data not meant for modification
		outside of initial setup and data repair situations, such as sftp
		user/password, LCCNs which have already been validated, etc.`)
	RoleTitleManager = newRole("title manager",
		`Has access to add and change newspaper titles, including the ability to
		view the sftp authorization information`)
	RoleIssueCurator = newRole("issue curator",
		`Can modify issue metadata and push issues to the review queue`)
	RoleIssueReviewer = newRole("issue reviewer",
		`Can modify issue metadata, push issues to the review queue, and mark issues as reviewed`)
	RoleUserManager = newRole("user manager",
		`Can add, edit, and delete users.  User managers can assign any rights to
		others which have been assigned to them.`)
	RoleMOCManager      = newRole("marc org code manager", "Has access to add new MARC Org Codes")
	RoleWorkflowManager = newRole("workflow manager", "Can queue SFTP and scanned issues for processing")
)

Hard-coded list of roles

View Source 
var AssignableRoles = []*Role{
	RoleAdmin,
	RoleTitleManager,
	RoleIssueCurator,
	RoleIssueReviewer,
	RoleUserManager,
	RoleMOCManager,
	RoleWorkflowManager,
}

AssignableRoles is a list of roles which can be assigned to a user

View Source 
var EmptyUser = &User{Login: "N/A", Guest: true}

EmptyUser gives us a way to avoid returning a nil *User while still being able to detect a user not being found. Also lets us use any User functions without risking a panic.

View Source 
var Privileges []*Privilege

Privileges holds the full list of valid privileges for enumeration

Functions

This section is empty.

Types

type Privilege 

type Privilege struct {
	// contains filtered or unexported fields
}

A Privilege is a single action a user may be able to take

func (*Privilege) AllowedBy 

func (p *Privilege) AllowedBy(r *Role) bool

AllowedBy returns whether the privilege is allowed by the given role

func (*Privilege) AllowedByAny 

func (p *Privilege) AllowedByAny(roles []*Role) bool

AllowedByAny returns true if any of the roles can access this privilege

type Role 

type Role struct {
	Name string
	Desc string
}

A Role defines a grouping of privileges

func FindRole 

func FindRole(name string) *Role

FindRole returns a role looked up by its name, or nil if no such role exists

func (*Role) Privileges 

func (r *Role) Privileges() []*Privilege

Privileges returns which privileges this role has based on our hard-coded lists

func (*Role) Title 

func (r *Role) Title() string

Title returns a slightly nicer string for display

type User 

type User struct {
	ID          int    `sql:",primary"`
	Login       string `sql:",noupdate"`
	RolesString string `sql:"roles"`
	Guest       bool   `sql:"-"`
	IP          string `sql:"-"`
	// contains filtered or unexported fields
}

User identifies a person who has logged in via Apache's auth

func All 

func All() ([]*User, error)

All returns all users in the database

func FindByID 

func FindByID(id int) *User

FindByID looks up a user by the given ID

func FindByLogin 

func FindByLogin(l string) *User

FindByLogin looks for a user whose login name is the given string

func New 

func New(login string) *User

New returns an empty user with no roles or ID

func (*User) CanGrant 

func (u *User) CanGrant(role *Role) bool

CanGrant returns true if this user can grant the given role to other users

func (*User) CanModifyUser 

func (u *User) CanModifyUser(user *User) bool

CanModifyUser tells us if u can modify the passed-in user

func (*User) Delete 

func (u *User) Delete() error

Delete attempts to remove this user from the database

func (*User) Deny 

func (u *User) Deny(role *Role)

Deny removes the given role from this user's roles list

func (*User) Grant 

func (u *User) Grant(role *Role)

Grant adds the given role to this user's list of roles if it hasn't already been set

func (*User) HasRole 

func (u *User) HasRole(role *Role) bool

HasRole returns true if the user has role in their list of roles

func (*User) IsAdmin 

func (u *User) IsAdmin() bool

IsAdmin is true if this user has the admin role

func (*User) PermittedTo 

func (u *User) PermittedTo(priv *Privilege) bool

PermittedTo returns true if this user has priv in his privilege list

func (*User) Roles 

func (u *User) Roles() []*Role

Roles returns the split list of roles assigned to a user

func (*User) Save 

func (u *User) Save() error

Save stores the user's data to the database, rewriting the roles list

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.