Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccountRole ¶
type AccountRole role
AccountRole describes a role a user has for a account context.
const ( // AccountMemberRole is a role for a plain account participant. AccountMemberRole AccountRole = iota // AccountAdminRole is a role for someone who can manipulate the specifics of a account. AccountAdminRole AccountRole = iota )
func (AccountRole) String ¶
func (r AccountRole) String() string
type AccountRolePermissionsChecker ¶
type AccountRolePermissionsChecker interface {
HasPermission(Permission) bool
}
AccountRolePermissionsChecker checks permissions for one or more account Roles.
func NewAccountRolePermissionChecker ¶
func NewAccountRolePermissionChecker(roles ...string) AccountRolePermissionsChecker
NewAccountRolePermissionChecker returns a new checker for a set of Roles.
type Permission ¶
type Permission string
Permission is a simple string alias.
const ( // CycleCookieSecretPermission is a service admin permission. CycleCookieSecretPermission Permission = "update.cookie_secret" // UpdateUserStatusPermission is a service admin permission. UpdateUserStatusPermission Permission = "update.user_status" // ReadUserPermission is a service admin permission. ReadUserPermission Permission = "read.user" // SearchUserPermission is a service admin permission. SearchUserPermission Permission = "search.user" // UpdateAccountPermission is a account admin permission. UpdateAccountPermission Permission = "update.account" // ArchiveAccountPermission is a account admin permission. ArchiveAccountPermission Permission = "archive.account" // InviteUserToAccountPermission is a account admin permission. InviteUserToAccountPermission Permission = "account.add.member" // ModifyMemberPermissionsForAccountPermission is an account admin permission. ModifyMemberPermissionsForAccountPermission Permission = "account.membership.modify" // RemoveMemberAccountPermission is a account admin permission. RemoveMemberAccountPermission Permission = "remove_member.account" // TransferAccountPermission is a account admin permission. TransferAccountPermission Permission = "transfer.account" // CreateWebhooksPermission is a account admin permission. CreateWebhooksPermission Permission = "create.webhooks" // ReadWebhooksPermission is a account admin permission. ReadWebhooksPermission Permission = "read.webhooks" // UpdateWebhooksPermission is a account admin permission. UpdateWebhooksPermission Permission = "update.webhooks" // ArchiveWebhooksPermission is a account admin permission. ArchiveWebhooksPermission Permission = "archive.webhooks" // ReadAuditLogEntriesPermission is a service permission. ReadAuditLogEntriesPermission Permission = "read.audit_log_entries" // CreateServiceSettingsPermission is an admin user permission. CreateServiceSettingsPermission Permission = "create.service_settings" // ReadServiceSettingsPermission is an admin user permission. ReadServiceSettingsPermission Permission = "read.service_settings" // SearchServiceSettingsPermission is an admin user permission. SearchServiceSettingsPermission Permission = "search.service_settings" // ArchiveServiceSettingsPermission is an admin user permission. ArchiveServiceSettingsPermission Permission = "archive.service_settings" // CreateServiceSettingConfigurationsPermission is an admin user permission. CreateServiceSettingConfigurationsPermission Permission = "create.service_setting_configurations" // ReadServiceSettingConfigurationsPermission is an admin user permission. ReadServiceSettingConfigurationsPermission Permission = "read.service_setting_configurations" // UpdateServiceSettingConfigurationsPermission is an admin user permission. UpdateServiceSettingConfigurationsPermission Permission = "update.service_setting_configurations" // ArchiveServiceSettingConfigurationsPermission is an admin user permission. ArchiveServiceSettingConfigurationsPermission Permission = "archive.service_setting_configurations" // CreateOAuth2ClientsPermission is a account admin permission. CreateOAuth2ClientsPermission Permission = "create.oauth2_clients" // ReadOAuth2ClientsPermission is a account admin permission. ReadOAuth2ClientsPermission Permission = "read.oauth2_clients" // ArchiveOAuth2ClientsPermission is a account admin permission. ArchiveOAuth2ClientsPermission Permission = "archive.oauth2_clients" // CreateUserNotificationsPermission is an admin user permission. CreateUserNotificationsPermission Permission = "create.user_notifications" // ReadUserNotificationsPermission is a account user permission. ReadUserNotificationsPermission Permission = "read.user_notifications" // UpdateUserNotificationsPermission is a account user permission. UpdateUserNotificationsPermission Permission = "update.user_notifications" )
func (Permission) ID ¶
func (p Permission) ID() string
ID implements the gorbac Permission interface.
func (Permission) Match ¶
func (p Permission) Match(perm gorbac.Permission) bool
Match implements the gorbac Permission interface.
type ServiceRole ¶
type ServiceRole role
ServiceRole describes a role a user has for the Service context.
const ( // ServiceUserRole is a service role to apply for non-admin users to have one. ServiceUserRole ServiceRole = iota // ServiceAdminRole is a role that allows a user to do basically anything. ServiceAdminRole ServiceRole = iota )
func (ServiceRole) String ¶
func (r ServiceRole) String() string
type ServiceRolePermissionChecker ¶
type ServiceRolePermissionChecker interface {
HasPermission(Permission) bool
AsAccountRolePermissionChecker() AccountRolePermissionsChecker
IsServiceAdmin() bool
CanCycleCookieSecrets() bool
CanUpdateUserAccountStatuses() bool
}
ServiceRolePermissionChecker checks permissions for one or more service Roles.
func NewServiceRolePermissionChecker ¶
func NewServiceRolePermissionChecker(roles ...string) ServiceRolePermissionChecker
NewServiceRolePermissionChecker returns a new checker for a set of Roles.
Source Files
Click to show internal directories.
Click to hide internal directories.