rights

package
v3.11.0-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 9, 2021 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package rights implements rights fetching and checking.

Index

Examples

Constants

This section is empty.

Variables

View Source
var (
	ErrNoApplicationRights = errors.DefinePermissionDenied(
		"no_application_rights",
		"no rights for application `{uid}`",
	)
	ErrInsufficientApplicationRights = errors.DefinePermissionDenied(
		"insufficient_application_rights",
		"insufficient rights for application `{uid}`",
	)
	ErrNoClientRights = errors.DefinePermissionDenied(
		"no_client_rights",
		"no rights for client `{uid}`",
	)
	ErrInsufficientClientRights = errors.DefinePermissionDenied(
		"insufficient_client_rights",
		"insufficient rights for client `{uid}`",
	)
	ErrNoGatewayRights = errors.DefinePermissionDenied(
		"no_gateway_rights",
		"no rights for gateway `{uid}`",
	)
	ErrInsufficientGatewayRights = errors.DefinePermissionDenied(
		"insufficient_gateway_rights",
		"insufficient rights for gateway `{uid}`",
	)
	ErrNoOrganizationRights = errors.DefinePermissionDenied(
		"no_organization_rights",
		"no rights for organization `{uid}`",
	)
	ErrInsufficientOrganizationRights = errors.DefinePermissionDenied(
		"insufficient_organization_rights",
		"insufficient rights for organization `{uid}`",
	)
	ErrNoUserRights = errors.DefinePermissionDenied(
		"no_user_rights",
		"no rights for user `{uid}`",
	)
	ErrInsufficientUserRights = errors.DefinePermissionDenied(
		"insufficient_user_rights",
		"insufficient rights for user `{uid}`",
	)
)

Errors for no/insufficient rights.

Functions

func ListApplication

func ListApplication(ctx context.Context, id ttnpb.ApplicationIdentifiers) (rights *ttnpb.Rights, err error)

ListApplication lists the rights for the given application ID in the context.

func ListClient

func ListClient(ctx context.Context, id ttnpb.ClientIdentifiers) (rights *ttnpb.Rights, err error)

ListClient lists the rights for the given client ID in the context.

func ListGateway

func ListGateway(ctx context.Context, id ttnpb.GatewayIdentifiers) (rights *ttnpb.Rights, err error)

ListGateway lists the rights for the given gateway ID in the context.

func ListOrganization

func ListOrganization(ctx context.Context, id ttnpb.OrganizationIdentifiers) (rights *ttnpb.Rights, err error)

ListOrganization lists the rights for the given organization ID in the context.

func ListUser

func ListUser(ctx context.Context, id ttnpb.UserIdentifiers) (rights *ttnpb.Rights, err error)

ListUser lists the rights for the given user ID in the context.

func NewContext

func NewContext(ctx context.Context, rights Rights) context.Context

NewContext returns a derived context with the given rights.

func NewContextWithCache

func NewContextWithCache(ctx context.Context) context.Context

NewContextWithCache returns a derived context with a rights cache. This should only be used for request contexts.

func NewContextWithFetcher

func NewContextWithFetcher(ctx context.Context, fetcher Fetcher) context.Context

NewContextWithFetcher returns a new context with the given rights fetcher.

func RequireAny

func RequireAny(ctx context.Context, ids ...*ttnpb.EntityIdentifiers) error

RequireAny checks that context contains any rights for each of the given entity identifiers.

func RequireApplication

func RequireApplication(ctx context.Context, id ttnpb.ApplicationIdentifiers, required ...ttnpb.Right) (err error)

RequireApplication checks that context contains the required rights for the given application ID.

Example
package main

import (
	"context"

	"go.thethings.network/lorawan-stack/v3/pkg/auth/rights"
	"go.thethings.network/lorawan-stack/v3/pkg/ttnpb"
)

func main() {
	var ( // Assume these come from a hypothetical Set RPC call.
		ctx context.Context
		dev ttnpb.EndDevice
	)

	if err := rights.RequireApplication(ctx, dev.ApplicationIdentifiers, ttnpb.RIGHT_APPLICATION_DEVICES_WRITE); err != nil {
		// return nil, err
	}
}
Output:

func RequireClient

func RequireClient(ctx context.Context, id ttnpb.ClientIdentifiers, required ...ttnpb.Right) (err error)

RequireClient checks that context contains the required rights for the given client ID.

func RequireGateway

func RequireGateway(ctx context.Context, id ttnpb.GatewayIdentifiers, required ...ttnpb.Right) (err error)

RequireGateway checks that context contains the required rights for the given gateway ID.

func RequireOrganization

func RequireOrganization(ctx context.Context, id ttnpb.OrganizationIdentifiers, required ...ttnpb.Right) (err error)

RequireOrganization checks that context contains the required rights for the given organization ID.

func RequireUser

func RequireUser(ctx context.Context, id ttnpb.UserIdentifiers, required ...ttnpb.Right) (err error)

RequireUser checks that context contains the required rights for the given user ID.

Types

type Fetcher

Fetcher interface for rights fetching.

func NewAccessFetcher

func NewAccessFetcher(getConn func(ctx context.Context) *grpc.ClientConn, allowInsecure bool) Fetcher

NewAccessFetcher returns a new rights fetcher that fetches from the Access role returned by getConn. The allowInsecure argument indicates whether it's allowed to send credentials over connections without TLS.

func NewInMemoryCache

func NewInMemoryCache(fetcher Fetcher, successTTL, errorTTL time.Duration) Fetcher

NewInMemoryCache returns a new in-memory cache on top of the given fetcher. Successful responses are valid for the duration of successTTL, unsuccessful responses are valid for the duration of errorTTL.

type FetcherFunc

type FetcherFunc func(ctx context.Context, ids ttnpb.Identifiers) (*ttnpb.Rights, error)

FetcherFunc is a function that implements the Fetcher interface.

A FetcherFunc that returns all Application rights for any Application, would look like this:

fetcher := rights.FetcherFunc(func(ctx context.Context, ids ttnpb.Identifiers) (*ttnpb.Rights, error) {
	rights := ttnpb.AllApplicationRights // Instead this usually comes from an identity server or a database.
	return &rights, nil
})

func (FetcherFunc) ApplicationRights

func (f FetcherFunc) ApplicationRights(ctx context.Context, ids ttnpb.ApplicationIdentifiers) (*ttnpb.Rights, error)

ApplicationRights implements the Fetcher interface.

func (FetcherFunc) ClientRights

func (f FetcherFunc) ClientRights(ctx context.Context, ids ttnpb.ClientIdentifiers) (*ttnpb.Rights, error)

ClientRights implements the Fetcher interface.

func (FetcherFunc) GatewayRights

func (f FetcherFunc) GatewayRights(ctx context.Context, ids ttnpb.GatewayIdentifiers) (*ttnpb.Rights, error)

GatewayRights implements the Fetcher interface.

func (FetcherFunc) OrganizationRights

func (f FetcherFunc) OrganizationRights(ctx context.Context, ids ttnpb.OrganizationIdentifiers) (*ttnpb.Rights, error)

OrganizationRights implements the Fetcher interface.

func (FetcherFunc) UserRights

func (f FetcherFunc) UserRights(ctx context.Context, ids ttnpb.UserIdentifiers) (*ttnpb.Rights, error)

UserRights implements the Fetcher interface.

type Rights

type Rights struct {
	ApplicationRights  map[string]*ttnpb.Rights
	ClientRights       map[string]*ttnpb.Rights
	GatewayRights      map[string]*ttnpb.Rights
	OrganizationRights map[string]*ttnpb.Rights
	UserRights         map[string]*ttnpb.Rights
}

Rights for the request.

func (Rights) IncludesApplicationRights

func (r Rights) IncludesApplicationRights(appUID string, rights ...ttnpb.Right) bool

IncludesApplicationRights returns whether the given rights are included for the given application.

func (Rights) IncludesClientRights

func (r Rights) IncludesClientRights(cliUID string, rights ...ttnpb.Right) bool

IncludesClientRights returns whether the given rights are included for the given client.

func (Rights) IncludesGatewayRights

func (r Rights) IncludesGatewayRights(gtwUID string, rights ...ttnpb.Right) bool

IncludesGatewayRights returns whether the given rights are included for the given gateway.

func (Rights) IncludesOrganizationRights

func (r Rights) IncludesOrganizationRights(orgUID string, rights ...ttnpb.Right) bool

IncludesOrganizationRights returns whether the given rights are included for the given organization.

func (Rights) IncludesUserRights

func (r Rights) IncludesUserRights(usrUID string, rights ...ttnpb.Right) bool

IncludesUserRights returns whether the given rights are included for the given user.

func (Rights) MissingApplicationRights

func (r Rights) MissingApplicationRights(appUID string, rights ...ttnpb.Right) []ttnpb.Right

MissingApplicationRights returns the rights that are missing for the given application.

func (Rights) MissingClientRights

func (r Rights) MissingClientRights(cliUID string, rights ...ttnpb.Right) []ttnpb.Right

MissingClientRights returns the rights that are missing for the given client.

func (Rights) MissingGatewayRights

func (r Rights) MissingGatewayRights(gtwUID string, rights ...ttnpb.Right) []ttnpb.Right

MissingGatewayRights returns the rights that are missing for the given gateway.

func (Rights) MissingOrganizationRights

func (r Rights) MissingOrganizationRights(orgUID string, rights ...ttnpb.Right) []ttnpb.Right

MissingOrganizationRights returns the rights that are missing for the given organization.

func (Rights) MissingUserRights

func (r Rights) MissingUserRights(usrUID string, rights ...ttnpb.Right) []ttnpb.Right

MissingUserRights returns the rights that are missing for the given user.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL