permissions

package
v0.0.0-...-eee4e15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 6, 2025 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HasPermissionsInRealms

func HasPermissionsInRealms(ctx context.Context, realms map[invocations.ID]string, permissions ...realms.Permission) (bool, string, error)

HasPermissionsInRealms checks multiple invocations' realms for the specified permissions. Returns:

  • whether the caller has all permissions in all invocations' realms
  • description of the first identified missing permission for an invocation (if applicable)
  • an error if one occurred

func QuerySubRealmsNonEmpty

func QuerySubRealmsNonEmpty(ctx context.Context, project string, attrs realms.Attrs, permission realms.Permission) ([]string, error)

QuerySubRealmsNonEmpty returns subRealms that the user has the given permission in the given project. It returns an appstatus annotated error if there is no realm in which the user has the permission.

func VerifyInvocation

func VerifyInvocation(ctx context.Context, id invocations.ID, permissions ...realms.Permission) error

VerifyInvocation checks if the caller has the specified permissions on the realm that the invocation with the specified id belongs to. There must must be a valid Spanner transaction in the given context, which may be a span.Single().

func VerifyInvocationByName

func VerifyInvocationByName(ctx context.Context, invName string, permissions ...realms.Permission) error

VerifyInvocationByName does the same as VerifyInvocation but accepts an invocation name instead of an invocations.ID. There must must be a valid Spanner transaction in the given context, which may be a span.Single().

func VerifyInvocations

func VerifyInvocations(ctx context.Context, ids invocations.IDSet, permissions ...realms.Permission) (err error)

VerifyInvocations checks multiple invocations' realms for the specified permissions. There must must be a valid Spanner transaction in the given context, which may be a span.Single().

func VerifyInvocationsByName

func VerifyInvocationsByName(ctx context.Context, invNames []string, permissions ...realms.Permission) error

VerifyInvocationsByName does the same as VerifyInvocations but accepts invocation names instead of an invocations.IDSet. There must must be a valid Spanner transaction in the given context, which may be a span.Single().

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL