authorizer

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 7, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrInvalidJWT defines an error caused by an invalid JWT. This does not include authorization
	// issues, which are handled by ErrUnauthorized.
	ErrInvalidJWT = errors.New("invalid JWT")

	// ErrInvalidJWTPayload defines an error caused by an invalid JWT payload, such as missing
	// roles.
	ErrInvalidJWTPayload = errors.New("invalid JWT payload")

	// ErrUnauthenticated defines an error caused by an invalid username.
	ErrUnauthenticated = errors.New("unauthenticated")

	// ErrUnauthorized defines an error caused by a resource operation that was not permitted for
	// a specific user.
	ErrUnauthorized = errors.New("unauthorized")
)
View Source 
var RolePermissions = map[string][]Permission{

	"ns_editor": {
		{resource.TypeNamespace, "read"},
		{resource.TypeNamespace, "create"},
		{resource.TypeNamespace, "update"},
		{resource.TypeNamespace, "delete"},
		{resource.TypeDeliveryKind, "read"},
		{resource.TypeDeliveryKind, "create"},
		{resource.TypeDeliveryKind, "update"},
		{resource.TypeDeliveryKind, "delete"},
		{resource.TypeMessageKind, "read"},
		{resource.TypeMessageKind, "create"},
		{resource.TypeMessageKind, "update"},
		{resource.TypeMessageKind, "delete"},
		{resource.TypeTemplate, "read"},
		{resource.TypeTemplate, "create"},
		{resource.TypeTemplate, "update"},
		{resource.TypeTemplate, "delete"},
		{resource.TypeTemplateKind, "read"},
		{resource.TypeMessage, "read"},
		{resource.TypeMessage, "create"},
	},

	"pre_ns_editor": {
		{resource.TypeNamespace, "read"},
		{resource.TypeNamespace, "create"},
		{resource.TypeNamespace, "update"},
		{resource.TypeNamespace, "delete"},
		{resource.TypeDeliveryKind, "read"},
		{resource.TypeMessageKind, "read"},
		{resource.TypeMessageKind, "create"},
		{resource.TypeMessageKind, "update"},
		{resource.TypeMessageKind, "delete"},
		{resource.TypeTemplate, "read"},
		{resource.TypeTemplate, "create"},
		{resource.TypeTemplate, "update"},
		{resource.TypeTemplate, "delete"},
		{resource.TypeTemplateKind, "read"},
		{resource.TypeMessage, "read"},
		{resource.TypeMessage, "create"},
	},

	"ns_writer": {
		{resource.TypeNamespace, "read"},
		{resource.TypeDeliveryKind, "read"},
		{resource.TypeMessageKind, "read"},
		{resource.TypeTemplate, "read"},
		{resource.TypeTemplate, "create"},
		{resource.TypeTemplate, "update"},
		{resource.TypeMessage, "read"},
		{resource.TypeMessage, "create"},
	},

	"ns_reader": {
		{resource.TypeNamespace, "read"},
		{resource.TypeDeliveryKind, "read"},
		{resource.TypeMessageKind, "read"},
		{resource.TypeTemplate, "read"},
		{resource.TypeMessage, "read"},
	},

	"message_writer": {
		{resource.TypeDeliveryKind, "read"},
		{resource.TypeMessageKind, "read"},
		{resource.TypeMessage, "create"},
	},

	"message_reader": {
		{resource.TypeMessage, "read"},
	},
}

RolePermissions defines the permissions that each roles have.

Functions

func SetUserRoles 

func SetUserRoles(ctx context.Context, roles []*Role) context.Context

Types

type AppAuthorizer 

type AppAuthorizer struct {
	// contains filtered or unexported fields
}

func NewAuthorizer 

func NewAuthorizer(na action.NamespaceActioner) *AppAuthorizer

func (*AppAuthorizer) AuthorizeOperation 

func (a *AppAuthorizer) AuthorizeOperation(
	ctx context.Context,
	namespaceID uuid.UUID,
	rt resource.Type,
	op string,
) error

func (*AppAuthorizer) AuthorizedNamespaces 

func (a *AppAuthorizer) AuthorizedNamespaces(ctx context.Context, rt resource.Type, op string) ([]uuid.UUID, error)

type Authorizer 

type Authorizer interface {
	AuthorizeOperation(ctx context.Context, namespaceID uuid.UUID, rt resource.Type, op string) error
	AuthorizedNamespaces(ctx context.Context, rt resource.Type, op string) ([]uuid.UUID, error)
}

type Permission 

type Permission struct {
	ResourceType resource.Type
	Operation    string
}

Permission represents an operation on a resource type.

type Role 

type Role struct {
	Code        string    `json:"code"`
	NamespaceID uuid.UUID `json:"namespaceId"`
}

func ParseAuthToken 

func ParseAuthToken(token string) ([]*Role, error)

func UserRoles 

func UserRoles(ctx context.Context) []*Role

type UnsecuredAuthorizer added in v0.0.3 

type UnsecuredAuthorizer struct {
	// contains filtered or unexported fields
}

func NewUnsecuredAuthorizer added in v0.0.3 

func NewUnsecuredAuthorizer(na action.NamespaceActioner) *UnsecuredAuthorizer

func (*UnsecuredAuthorizer) AuthorizeOperation added in v0.0.3 

func (a *UnsecuredAuthorizer) AuthorizeOperation(_ context.Context, _ uuid.UUID, _ resource.Type, _ string) error

func (*UnsecuredAuthorizer) AuthorizedNamespaces added in v0.0.3 

func (a *UnsecuredAuthorizer) AuthorizedNamespaces(_ context.Context, _ resource.Type, _ string) ([]uuid.UUID, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.