perms

package
v0.0.0-...-0e38fd1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 9, 2025 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package perms defines permissions used to control access to Tree Status resources, and related methods.

Package perms defines permissions used to control access to Tree Status resources, and related methods.

Index

Constants

This section is empty.

Variables

View Source
var (
	// PermGetStatusLimited allows users to get status, but does not allow seeing PII (username).
	PermGetStatusLimited = realms.RegisterPermission("treestatus.status.getLimited")

	// PermListStatusLimited allows users to list status, but does not allow seeing PII (username).
	PermListStatusLimited = realms.RegisterPermission("treestatus.status.listLimited")

	// PermGetStatus allows users to get status, including PII.
	// Note that the user also needs to be a Googler, in addition to having the permission.
	PermGetStatus = realms.RegisterPermission("treestatus.status.get")

	// PermListStatus allows users to list status, including PII.
	// Note that the user also needs to be a Googler, in addition to having the permission.
	PermListStatus = realms.RegisterPermission("treestatus.status.list")

	// PermCreateStatus allows users to create status.
	PermCreateStatus = realms.RegisterPermission("treestatus.status.create")

	// PermListTree allows users to list trees.
	PermListTree = realms.RegisterPermission("treestatus.trees.list")

	// PermGetTree allows users to get a tree.
	PermGetTree = realms.RegisterPermission("treestatus.trees.get")
)

All permissions in this file are checked against "<luciproject>:<subrealm>" realm, where the <luciproject> refers to the primary project of the tree. If subrealm is not specified, default to be "@project".

Functions

func HasCreateStatusPermission

func HasCreateStatusPermission(ctx context.Context, treeName string) (allowed bool, message string, err error)

HasCreateStatusPermission returns if the user can create a status in a tree. If the user has no permission, an error message will also be returned. err will be returned if there is some error during the ACL check.

func HasGetStatusLimitedPermission

func HasGetStatusLimitedPermission(ctx context.Context, treeName string) (allowed bool, message string, err error)

HasGetStatusLimitedPermission returns if the user can get the status (without PII) of a tree. If the user has no permission, an error message will also be returned. err will be returned if there is some error during the ACL check.

func HasGetStatusPermission

func HasGetStatusPermission(ctx context.Context, treeName string) (allowed bool, message string, err error)

HasGetStatusPermission returns if the user can get the status (with PII) of a tree. If the user has no permission, an error message will also be returned. err will be returned if there is some error during the ACL check.

func HasGetTreePermission

func HasGetTreePermission(ctx context.Context, treeName string) (allowed bool, message string, err error)

HasGetTreePermission returns if the user can get a tree. If the user has no permission, an error message will also be returned. err will be returned if there is some error during the ACL check.

func HasListStatusLimitedPermission

func HasListStatusLimitedPermission(ctx context.Context, treeName string) (allowed bool, message string, err error)

HasListStatusLimitedPermission returns if the user can list the statuses (without PII) of a tree. If the user has no permission, an error message will also be returned. err will be returned if there is some error during the ACL check.

func HasListStatusPermission

func HasListStatusPermission(ctx context.Context, treeName string) (allowed bool, message string, err error)

HasListStatusPermission returns if the user can list the statuses (without PII) of a tree. If the user has no permission, an error message will also be returned. err will be returned if there is some error during the ACL check.

func HasProjectPermission

func HasProjectPermission(ctx context.Context, project string, subrealm string, permission realms.Permission) (bool, error)

HasProjectPermission returns if the caller has the given permission in the subrealm of the given project. This method only returns an error if there is some AuthDB issue.

func HasQueryTreesPermission

func HasQueryTreesPermission(ctx context.Context, treeName string) (allowed bool, message string, err error)

HasQueryTreesPermission returns if the user can query trees. If the user has no permission, an error message will also be returned. err will be returned if there is some error during the ACL check.

Types

type FakeAuthBuilder

type FakeAuthBuilder struct {
	// contains filtered or unexported fields
}

FakeAuthBuilder creates some fake identity, only used for testing.

func FakeAuth

func FakeAuth() *FakeAuthBuilder

func (*FakeAuthBuilder) Anonymous

func (a *FakeAuthBuilder) Anonymous() *FakeAuthBuilder

func (*FakeAuthBuilder) SetInContext

func (a *FakeAuthBuilder) SetInContext(ctx context.Context) context.Context

func (*FakeAuthBuilder) WithAuditAccess

func (a *FakeAuthBuilder) WithAuditAccess() *FakeAuthBuilder

func (*FakeAuthBuilder) WithPermissionInRealm

func (a *FakeAuthBuilder) WithPermissionInRealm(permission realms.Permission, realm string) *FakeAuthBuilder

func (*FakeAuthBuilder) WithReadAccess

func (a *FakeAuthBuilder) WithReadAccess() *FakeAuthBuilder

func (*FakeAuthBuilder) WithWriteAccess

func (a *FakeAuthBuilder) WithWriteAccess() *FakeAuthBuilder

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL