README
¶
Bronzecod SSO SDK
Provides an interface to the bronzecod SSO server REST API for managing
- User accounts
- User Sessions
- Teams and Members
- API Accounts
- Permission list and access
- Organisation/enterprise entities
Usage
To connect to the API, you will need your API account API Key, API Secret, the baseURL for your platforms deployment.
With these, call Dial to create a new API connection and validate the credentials access.
connection, err := sso.Dial("https://example.com/", apiKey, apiSecret, nil)
if err != nil {
// handle connection error
// common causes:
// - incorrect baseURL
// - incorrect credentials
// - server running outside APIs configured whitelist
}
// use API connection here
If required, TLS configuration can be provided with the 4th argument.
Documentation
Each method in the SDK wraps the corresponding API endpoint in the reference manual provided with your deployment.
For specifics of each call, consult that manual.
Documentation on this specific package can be found in the Go reference documentation
Documentation
¶
Overview ¶
Package sso is a golang SDK for the Bronzecod SSO platforms REST API
it provides type safe bindings for the APIs core features and entities as well as the various API endpoints available to get, enumerate and mutate them.
Index ¶
- Variables
- type APIEndpoints
- type APIUser
- type APIWhitelistEntry
- type APIWhitelistRuleType
- type BufferCache
- type Connection
- type Membership
- type Notification
- type NotificationAction
- type NotificationEndpoints
- type Organisation
- type OrganisationEndpoints
- type PageDetails
- type Permission
- type PermissionEndpoints
- type PermissionQuery
- func (q *PermissionQuery) AccessEqual(key string, value string) *PermissionQuery
- func (q *PermissionQuery) AccessHas(key string, value string) *PermissionQuery
- func (q *PermissionQuery) AccessLike(key string, value string) *PermissionQuery
- func (q *PermissionQuery) AccessPresent(key string) *PermissionQuery
- func (q *PermissionQuery) IsValid() bool
- func (q *PermissionQuery) Limit(limit int) *PermissionQuery
- func (q *PermissionQuery) Page(page int) *PermissionQuery
- func (q *PermissionQuery) Product(id uuid.UUID) *PermissionQuery
- func (q *PermissionQuery) Source(id uuid.UUID) *PermissionQuery
- func (q *PermissionQuery) Target(id uuid.UUID) *PermissionQuery
- type PermissionSubject
- type PermissionType
- type Session
- type SessionEndpoints
- type Team
- type TeamsEndpoints
- type User
- type UserEndpoints
Constants ¶
This section is empty.
Variables ¶
View Source
var (
ErrQueryNoSubject = errors.New("must supply a source, target or product to query")
)
Functions ¶
This section is empty.
Types ¶
type APIEndpoints ¶ added in v1.1.1
type APIEndpoints interface {
// APICheckCredentials attempts to get an API user by its provided Key
// checking its credentials match, it has access to the provided service key
// and the IP is valid in its whitelist.
// it returns the API if the above conditions are met, or an error explaining the conditions failed
APICheckCredentials(key, secret, ip, service string) (APIUser, error)
// APIPlatformList returns a list of API users for the platform the requester is part of
// on the condition the requesting API is one authorized to do so.
// else it returns an error
APIPlatformList() ([]APIUser, error)
// APIGet will attempt to get an API by its canonical UUID, so long as it is part of the same platform as the requestor
// and the requestor has permission to make the request.
APIGet(id uuid.UUID) (APIUser, error)
// APIList returns a list of platform APIs whose IDs are found in the provided list
APIList(ids []uuid.UUID) ([]APIUser, error)
// APICreate will create a new API user in the platform with the provided details
// the APIs key is generated during creation and is found in the returned APIUser.
APICreate(email, name, password string, whitelist []APIWhitelistEntry, permissions map[string]string, product uuid.UUID) (APIUser, error)
// APIUpdateDetails updates the identified APIs details with the provided name and contact email
APIUpdateDetails(id uuid.UUID, name, email string) error
// APIUpdatePermissions updates the identified APIs access permission map with the provided set
// if merge is true, the existing permissions will be merged with the provided set
// otherwise it will replace the permissions entirely with those provided
APIUpdatePermissions(id uuid.UUID, permissions map[string]string, merge bool) error
// APIDelete removes an APIUser from the platform,
// also deleting all owned by the API user, and all permissions pointing to it.
// If the API user is owner of a target (has "Owner"=>"true" permission flag) this process will abort
APIDelete(id uuid.UUID) error
}
type APIUser ¶
type APIUser struct {
ID uuid.UUID `json:"id"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
Key string `json:"key"`
Email string `json:"email"`
Name string `json:"name"`
Platform uuid.UUID `json:"platform"`
Permission string `json:"permission"`
Whitelist []APIWhitelistEntry `json:"whitelist"`
Organisation *uuid.UUID `json:"organisation"`
}
APIUser represents a set of API credentials existing in a platform
type APIWhitelistEntry ¶
type APIWhitelistEntry struct {
Label string `json:"label"`
Type APIWhitelistRuleType `json:"type"`
Rule string `json:"rule"`
}
APIWhitelistEntry represents a single rule in an APIs whitelist
type APIWhitelistRuleType ¶
type APIWhitelistRuleType string
APIWhitelistRuleType is a string enumeration of supported rule types for API Whitelists
const ( // APIWhitelistTypeIP indicates a whitelist rule whitelists a single IP address APIWhitelistTypeIP APIWhitelistRuleType = "ipAddress" // APIWhitelistTypeRange indicates a whitelist rule whitelists a range of IP addresses APIWhitelistTypeRange APIWhitelistRuleType = "ipRange" // APIWhitelistTypeRegex indicates a whitelist rule allows all IP addresses that match the rules regular expression APIWhitelistTypeRegex APIWhitelistRuleType = "regex" )
list of API Whitelist Rule Types
type BufferCache ¶ added in v1.3.0
type Connection ¶
type Connection interface {
APIEndpoints
SessionEndpoints
UserEndpoints
TeamsEndpoints
PermissionEndpoints
OrganisationEndpoints
NotificationEndpoints
// SetCache sets a cache manager to allow api calls to be cached and reduce round trip times for common queries
SetCache(cache BufferCache)
// GetID gets the ID of the API user the SDK is connected as
GetID() uuid.UUID
// GetPlatformID gets the ID of the white label platform the API is connected as a part of
GetPlatformID() uuid.UUID
// GetHost gets the default hostname the platform is configured for
GetHost() string
// GetCookieKey gets the key the platform is configured for its session cookies to use
GetCookieKey() string
// UtilGetCookie gets the value of the cookie on the provided request (if it exists) that corresponds to a session
// in this APIs platform
UtilGetCookie(r *http.Request) string
// UtilGetChildPlatformCookie gets the value of the cookie on the provided request (if it exists) that corresponds to
// a session on the identified platform so long as that platform is either the current one, or one of its child platforms
UtilGetChildPlatformCookie(r *http.Request, platform uuid.UUID) (string, error)
// UtilSetSessionCookie sets a session cookie for this platform, equivalent to the user logging in through the dashboard
UtilSetSessionCookie(w http.ResponseWriter, domain, path string, session Session)
// AsPlatform returns a new connection using the same credentials but scoped to a child platform and variant.
// Requests with this new connection will act as though requested by an equivalent API on that platform, so long
// as that platform is a child of the one the requestor belongs to.
AsPlatform(id uuid.UUID, variant string) Connection
}
Connection is an instance of a connection to the bronzecod SSO server each function corresponds to a synchronous API call to the server
type Membership ¶
type Membership struct {
CreateAt time.Time `json:"createAt"`
UpdatedAt time.Time `json:"updatedAt"`
DeletedAt *time.Time `json:"deletedAt"`
Team uuid.UUID `json:"team"`
User uuid.UUID `json:"user"`
Label string `json:"label"`
Email string `json:"email"`
Admin bool `json:"admin"`
}
Membership respresents a users access to a team
type Notification ¶ added in v1.1.9
type Notification struct {
ID uuid.UUID `json:"id"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
DeletedAt *time.Time `json:"deletedAt"`
Platform uuid.UUID `json:"platform"`
Source *uuid.UUID `json:"source"`
Target []uuid.UUID `json:"target"`
Type string `json:"type"`
Title string `json:"title"`
Description string `json:"description"`
Actions []NotificationAction `json:"actions"`
}
Notification represents a notification visible to a user in their dashboard containing details for visualization in the dashboard and who it is visible too
type NotificationAction ¶ added in v1.1.9
type NotificationAction struct {
Type string `json:"type"`
Label string `json:"label"`
Event string `json:"event"`
}
NotificationAction define action buttons presented as part of a notification in the dashboard
type NotificationEndpoints ¶ added in v1.1.9
type NotificationEndpoints interface {
// NotificationQuery lists all notifications for the given user, optionally filtering them to only those targeting a
// given source or of a given type.
// if deployed in a multi-platform environment, the platform may be specified to query in a sub-platform
NotificationQuery(user uuid.UUID, platform, source *uuid.UUID, types []string) ([]Notification, error)
// NotificationNew creates a new notification in the platform with the given details
// the source is optional for read/display, an empty target list will create a platform wide notification
// the remaining type, title, description and actions are used for rendering the notification in the user dashboard
NotificationNew(source *uuid.UUID, targets []uuid.UUID, msgType, title, description string, actions []NotificationAction, platform *uuid.UUID) (Notification, error)
// NotificationDelete deletes the identified notification from the platform, removing it from all users visibility
NotificationDelete(id uuid.UUID) error
}
type Organisation ¶ added in v1.1.0
type Organisation struct {
ID uuid.UUID `json:"id"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
Platform uuid.UUID `json:"platform"`
Name string `json:"name"`
Logo string `json:"logo"`
UserLimit int `json:"userLimit"`
TeamLimit int `json:"teamLimit"`
PermissionLimit int `json:"permissionLimit"`
}
Organisation represents a user facing organisational unit, used for building enterprise entities in consumer facing dashboards. An organisation consists of public facing identifiers (name and logo) and a set of constraints on the number of users, teams and permissions that may exist as members of an organisation (a value of 0 denotes no limitation).
Teams are the base unit attached to an organisation and are limited directly Users are counted as unique users that are members of those teams, and Permissions are counted as permissions to unique targets from those teams
type OrganisationEndpoints ¶ added in v1.1.1
type OrganisationEndpoints interface {
// OrganisationList will load all organisations in the platform
OrganisationList() ([]Organisation, error)
// OrganisationsUserManages will load all organisations the identified user is a manager of
OrganisationsUserManages(userID uuid.UUID) ([]Organisation, error)
// OrganisationsUserMember will load all organisations the identified user is a member of
OrganisationsUserMember(userID uuid.UUID) ([]Organisation, error)
// OrganisationGet will load the identified organisation from the platform
OrganisationGet(id uuid.UUID) (Organisation, error)
// OrganisationGetManagers will load all the memberships identifying the managers of the identified organisation
OrganisationGetManagers(orgID uuid.UUID) ([]Membership, error)
// OrganisationGetUsers will load all users who are members of the identified organisation
OrganisationGetUsers(orgID uuid.UUID) ([]User, error)
// OrganisationGetTeams will load all teams making a part of the organisation
OrganisationGetTeams(orgID uuid.UUID) ([]Team, error)
// OrganisationHasManager checks if the identified user is a manager of the identified organisation
OrganisationHasManager(orgID, userID uuid.UUID) (bool, error)
// OrganisationManagerToEntity checks if the identified manager, manages the organisation containing the user,api or team targeted
OrganisationManagerToEntity(managerID, targetID uuid.UUID) (bool, error)
// OrganisationNew creates a new organisation in the platform with the given name logo and constraints
// any teams whose ID are in the provided list will be added to the organisation
// (unless they are part of another organisation, which will generate an error)
OrganisationNew(name, logo string, userLimit, teamLimit, permissionLimit int, teamIDs []uuid.UUID) (Organisation, error)
// OrganisationUpdateDetails will update the identified organisation's name and logo
OrganisationUpdateDetails(id uuid.UUID, name, logo string) error
// OrganisationUpdateConstraints will update the identified organisations constraint limits on the number of users,
// teams and permissions it may have
OrganisationUpdateConstraints(id uuid.UUID, userLimit, teamLimit, permissionLimit int) error
// OrganisationDelete will delete the identified organisation, removing its teams from it, but without deleting them
OrganisationDelete(id uuid.UUID) error
// OrganisationTeamAddExisting will add an existing team to the identified organisation
OrganisationTeamAddExisting(orgID, teamID uuid.UUID) error
// OrganisationTeamAddNew will create a new team in the organisation with the provided name and first admin member
OrganisationTeamAddNew(orgID uuid.UUID, teamName string, firstMember uuid.UUID) error
// OrganisationTeamRemove will remove the identified team from the identified organisation
OrganisationTeamRemove(orgID, teamID uuid.UUID) error
// OrganisationManagerAdd will add the specified user as a manager of the organisation
OrganisationManagerAdd(orgID, userID uuid.UUID) error
OrganisationManagerUpdateLabels(orgID, manager uuid.UUID, name, email string) error
// OrganisationManagerSetAdmin will change the identified manager of an organisations status as an administrator
// of that organisation to the provided value
OrganisationManagerSetAdmin(orgID, manager uuid.UUID, admin bool) error
// OrganisationManagerRemove will remove the provided user as a manager of the organisation
OrganisationManagerRemove(orgID, user uuid.UUID) error
}
type PageDetails ¶
PageDetails wraps pagination requests that either limit the number of results returned to "Size" and/or offset the results to "Page" increments of size (starting at 0)
type Permission ¶
type Permission struct {
ID uint `json:"id"`
CreateAt time.Time `json:"createAt"`
UpdatedAt time.Time `json:"updatedAt"`
DeletedAt *time.Time `json:"deletedAt"`
Product uuid.UUID `json:"product"`
Title string `json:"title"`
Source uuid.UUID `json:"source"`
Target uuid.UUID `json:"target"`
Access map[string]string `json:"access"`
Name string `json:"name,omitempty"` // name of the source team/user/api if known
Type PermissionType `json:"type,omitempty"` // type of source, see below
}
Permission is the access of a user/team to a given target
type PermissionEndpoints ¶ added in v1.1.1
type PermissionEndpoints interface {
// PermissionSubjectsAvailable returns a list of subjects (teams, users, apis) that are available as permission
// subjects in your platform (intended for use in administrative tools only, no scoping is provided)
PermissionSubjectsAvailable(types []PermissionType, childPlatform *uuid.UUID) ([]PermissionSubject, error)
// PermissionSubjectsGet returns a single subject (team, user or api) that has the corresponding ID in your platform
PermissionSubjectsGet(id uuid.UUID) (PermissionSubject, error)
// PermissionOwner gets the current owner permission for the provided target
PermissionOwner(target uuid.UUID) (Permission, error)
// PermissionLinks gets a list of all permissions that give source access to target
PermissionLinks(source, target uuid.UUID, page *PageDetails) ([]Permission, error)
// PermissionListForTarget gets a list of all permissions that target the identified target.
// if a list of products is specified, only permissions of those products will be returned.
// an empty array or nil will return all permissions for the target
PermissionListForTarget(target uuid.UUID, products []uuid.UUID, page *PageDetails) ([]Permission, error)
// PermissionListForSource gets a list of all permissions the provided source has.
// if a product is provided it will limit the results to only permissions of that product type.
// a nil product will return all permissions for the source
PermissionListForSource(source uuid.UUID, product *uuid.UUID, page *PageDetails) ([]Permission, error)
// PermissionQuery conducts a generic query of permissions within the callers platform
PermissionQuery(query PermissionQuery) ([]Permission, error)
// PermissionNew creates a new permission giving source access to target.
// identifies the product this permission belongs to and sets the current label and access permissions
PermissionNew(source, target, product uuid.UUID, label string, permissions map[string]string) (Permission, error)
// PermissionNewBatch creates a list of new permissions for a group of sources to a given target
PermissionNewBatch(sources []uuid.UUID, target, product uuid.UUID, label string, permissions map[string]string) (Permission, error)
// PermissionRename renames all permissions for a given target to reflect a change in targets identifiable name
PermissionRename(target uuid.UUID, label string) error
// PermissionUpdate updates the identified permissions access rules
// if merge is true, the provided list will keep existing rules, only overriding those defined here
// if false, the permissions are set to the provided map
// NOTE: this will never change the ownership flag
PermissionUpdate(id uint, permission map[string]string, merge bool) error
// PermissionUpdateForTarget will merge the provided permission map for all permissions to the target of the given product
// NOTE: this will never change the ownership flag
PermissionUpdateForTarget(target uuid.UUID, permission map[string]string, product uuid.UUID) error
// PermissionTransferOwnership will transfer the current owner of target to recipient
// NOTE: only one permission for a target may be owner at a time
PermissionTransferOwnership(target, recipient uuid.UUID) error
// PermissionDelete will remove a given permission and its associated access
PermissionDelete(id uint) error
// PermissionDeleteLinks will remove all direct permissions from source to target
// NOTE: this will not alter indirect permissions such as a users access to target through a team they are a member of
PermissionDeleteLinks(source, target uuid.UUID) error
// PermissionDeleteTarget will delete all permissions referencing target, optionally restricted to the listed product families
PermissionDeleteTarget(target uuid.UUID, products []uuid.UUID) error
// PermissionDeleteBatch will delete all permissions in the provided list of IDs
PermissionDeleteBatch(ids []uint) error
}
type PermissionQuery ¶
type PermissionQuery struct {
// contains filtered or unexported fields
}
PermissionQuery wraps the details to query platform permissions by source, target or product, with further optional query by access keys subject to different conditions
NOTE: permission conditions behave as a logical OR with each other i.e. "Owner" equals "true" OR "Admin" equals "true" OR "team" has token "edit-members"
func PermissionQueryByProduct ¶
func PermissionQueryByProduct(id uuid.UUID) *PermissionQuery
PermissionQueryByProduct creates a new query that will return permissions with the given product
func PermissionQueryBySource ¶
func PermissionQueryBySource(id uuid.UUID) *PermissionQuery
PermissionQueryBySource creates a new query that will return permissions with the given source
func PermissionQueryByTarget ¶
func PermissionQueryByTarget(id uuid.UUID) *PermissionQuery
PermissionQueryByTarget creates a new query that will return permissions with the given target
func (*PermissionQuery) AccessEqual ¶
func (q *PermissionQuery) AccessEqual(key string, value string) *PermissionQuery
AccessEqual queries for permissions who's permissions under the given key exactly matches the provided value
func (*PermissionQuery) AccessHas ¶
func (q *PermissionQuery) AccessHas(key string, value string) *PermissionQuery
AccessHas queries for permissions that have a given token in the given access key
func (*PermissionQuery) AccessLike ¶
func (q *PermissionQuery) AccessLike(key string, value string) *PermissionQuery
AccessLike queries for permissions that have a matching token (or partial token) in the given access key
func (*PermissionQuery) AccessPresent ¶
func (q *PermissionQuery) AccessPresent(key string) *PermissionQuery
AccessPresent queries for permissions that have the provided permission key present in any form
func (*PermissionQuery) IsValid ¶
func (q *PermissionQuery) IsValid() bool
IsValid returns whether the provided query is a valid query that can be executed
func (*PermissionQuery) Limit ¶
func (q *PermissionQuery) Limit(limit int) *PermissionQuery
func (*PermissionQuery) Page ¶
func (q *PermissionQuery) Page(page int) *PermissionQuery
func (*PermissionQuery) Product ¶
func (q *PermissionQuery) Product(id uuid.UUID) *PermissionQuery
Product sets the query to only find permissions of the given product
func (*PermissionQuery) Source ¶
func (q *PermissionQuery) Source(id uuid.UUID) *PermissionQuery
Source sets the query to find permissions with the given source
func (*PermissionQuery) Target ¶
func (q *PermissionQuery) Target(id uuid.UUID) *PermissionQuery
Target sets the query to find permissions with the given target
type PermissionSubject ¶
type PermissionSubject struct {
ID uuid.UUID `json:"id"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
Name string `json:"name"`
Email string `json:"email"`
Type PermissionType `json:"type"`
Platform uuid.UUID `json:"platform"`
Organisation *uuid.UUID `json:"organisation"`
}
type PermissionType ¶
type PermissionType string
PermissionType is the type of entity that has access to the target
const ( // PermissionTypeUnknown the source of the permission is not recorded in the platforms sso PermissionTypeUnknown PermissionType = "unknown" // PermissionTypeTeam the source of the permission is a group/team PermissionTypeTeam PermissionType = "team" // PermissionTypeUser the source of the permission is a user account PermissionTypeUser PermissionType = "user" // PermissionTypeAPI the source of the permission is an API account PermissionTypeAPI PermissionType = "api" )
type Session ¶
type Session struct {
Key string `json:"key"`
CreatedAt time.Time `json:"createdAt"`
Expires time.Time `json:"expires"`
Revoked bool `json:"revoked"`
UserID uuid.UUID `json:"userID"`
Component string `json:"component"`
}
Session represents a current user session, where key is the value stored in the cookie
type SessionEndpoints ¶ added in v1.1.1
type SessionEndpoints interface {
// SessionList will list all sessions that correspond to the provided user ID
// component will optionally restrict the returned sessions to that component, use an empty string ("") for all
SessionList(user uuid.UUID, component string) ([]Session, error)
// SessionCheck checks if the given session token is valid
SessionCheck(token string) (bool, error)
// SessionKey will get the current platforms session key (cookie key), or, if a parent platform,
// the session key of one of it child platforms
SessionKey(platform *uuid.UUID) (string, error)
// SessionLogin creates a new session for a user given the provided credentials
// component namespaces the session and represents the tool/platform the session exists for.
// the default is "Web", common alternatives are "Mobile-App", "Desktop" and "Admin-Portal"
//
// The return values are
// the user the credentials correspond to
// the session key to assign to a cookie or other mechanism to identify the new session
// any errors encountered processing the request
SessionLogin(username, password, component string) (User, Session, error)
// SessionLogout till terminate the session corresponding to the provided key, making it invalid for further authentication
SessionLogout(key string) error
// SessionRevokeOther will revoke all of a users sessions other than the one with the provided session key
// component may be used to restrict that to a certain component, if an empty string, it will revoke sessions in all components
SessionRevokeOther(key, component string) error
// SessionExtend will extend the session with the provided key to the current time + the platforms configured extension time (see platform config)
SessionExtend(key string) error
// SessionMigrateRequest creates a session migration token and url.
// to migrate a users session to the new domain, redirect them to the provided URL
// after authenticating their account, they will be redirected to returnURL with the additional
// query parameter `return` which should match token.
// Pass the value of return to SessionMigrateResolve to retrieve the user and session details, so they
// may be applied to the new domain
SessionMigrateRequest(returnURL, component string) (token string, url string, err error)
// SessionMigrateResolve will collect the session migration data corresponding to the provided token
// to initiate a migrate request see SessionMigrateRequest
SessionMigrateResolve(token string) (User, Session, error)
}
type Team ¶
type Team struct {
ID uuid.UUID `json:"id"`
Name string `json:"name"`
Admin *bool `json:"admin,omitempty"`
Members []Membership `json:"members"`
Organisation *uuid.UUID `json:"organisation"`
}
Team represents a group of users/apis that have access to entities as a group
type TeamsEndpoints ¶ added in v1.1.1
type TeamsEndpoints interface {
// TeamGet will load a team from the platform with the given ID
TeamGet(id uuid.UUID) (Team, error)
// TeamPlatform will load all teams in the current platform
TeamPlatform() ([]Team, error)
// TeamListForUser will list all teams the identified user has access too
TeamListForUser(userID uuid.UUID) ([]Team, error)
// TeamMemberExists identifies if a given User is a member of the given Team
TeamMemberExists(team, user uuid.UUID) (bool, error)
// TeamMemberGet retrieves a users membership to a team
TeamMemberGet(team, user uuid.UUID) (Membership, error)
// TeamMemberListForTeam lists all memberships for the identified team
TeamMemberListForTeam(team uuid.UUID) ([]Membership, error)
// TeamMemberListForUser lists all memberships a given user has
TeamMemberListForUser(userID uuid.UUID) ([]Membership, error)
// TeamNew creates a new team in the platform with the given name
// creating it first user (and admin) as initialUser
TeamNew(name string, initialUser uuid.UUID) (Team, error)
// TeamRename renames the identified team to the provided new name
TeamRename(id uuid.UUID, newName string) error
TeamSetOrganisation(id uuid.UUID, orgID *uuid.UUID) error
// TeamDelete removes a team from the platform, removing all its memberships and permissions
TeamDelete(id uuid.UUID) error
// TeamMemberAdd adds a new member to the team (not as an admin),
// member should be a User or APIUser
TeamMemberAdd(team, member uuid.UUID) (Membership, error)
// TeamMemberUpdateLabels will update the display name and contact email for a membership
//
// NOTE: this is a fallback for legacy platforms, Users and APIUsers will automatically update
// their corresponding memberships when their details are updated.
TeamMemberUpdateLabels(team, member uuid.UUID, name, email string) error
// TeamMemberSetAdmin will set the team members admin status within the team
TeamMemberSetAdmin(team, member uuid.UUID, admin bool) error
// TeamMemberRemove will remove the given member from the team
TeamMemberRemove(team, member uuid.UUID) error
}
type User ¶
type User struct {
ID uuid.UUID `json:"id"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
API uuid.UUID `json:"api"`
Email string `json:"email"`
Name string `json:"name"`
SignupIP string `json:"signupIP"`
Admin bool `json:"admin"`
Banned bool `json:"banned"`
Confirmed bool `json:"confirmed"`
Metadata map[string]string `json:"metadata"`
Organisation *uuid.UUID `json:"organisation"`
}
User represents a set of account credentials for a human user of a platform and authentication for the platforms auth portal.
type UserEndpoints ¶ added in v1.1.1
type UserEndpoints interface {
// UserExists checks if a user exists in the callers platform with the provided username
UserExists(username string) (bool, error)
// UserGet loads a user from the callers platform that has the provided ID (if one exists)
UserGet(id uuid.UUID) (User, error)
// UserGetUsername loads a user from the callers platform by their username (if one exists)
UserGetUsername(username string) (User, error)
// UserGetSession loads the user in the callers platform for which the provided cookie token applies (if valid)
UserGetSession(cookie string) (bool, User, error)
// UsersPlatform loads the list of all users on the callers platform
UsersPlatform() ([]User, error)
// UserSignup creates a new user with the provided details in the callers platform
UserSignup(name, email, password, signupIP string, metadata map[string]string, notify bool) (User, error)
// UserUpdate updates a platform user corresponding to the provided ID, updating their name and contact email
// as well as those of all memberships that user has
UserUpdate(id uuid.UUID, name, email string) error
// UserBan updates a platform users banned status to the provided state
UserBan(id uuid.UUID, state bool) error
UserSetOrganisation(id uuid.UUID, orgID *uuid.UUID) error
// UserDelete removes a user and all their memberships and permissions from the platform
UserDelete(id uuid.UUID) error
// UserTermsAccept adds a Terms and Conditions acceptance flag to the identified user for the latest configured terms
UserTermsAccept(id uuid.UUID) error
// UserPasswordReset sends a password reset request email to the identified platform user
UserPasswordReset(id uuid.UUID) error
// UserReconfirm sends an email confirmation email to the identified platform user, setting their confirmation status to false if it is not already
UserReconfirm(id uuid.UUID) error
// UserUnlock resets the "locked till" time on a user caused by too many failed login attempts
UserUnlock(id uuid.UUID) error
// UserUpdateMetadata sets the users metadata properties to the provided map
UserUpdateMetadata(id uuid.UUID, metadata map[string]string) error
// UserMergeMetadata merges the provided metadata map with the users metadata
UserMergeMetadata(id uuid.UUID, metadata map[string]string) error
}
Source Files
¶
- api-core.go
- api-get.go
- api-mutate.go
- cache.go
- connection.go
- doc.go
- interface.go
- notification-core.go
- notification-mutate.go
- organisation-core.go
- organisation-get.go
- organisation-mutate.go
- permission-core.go
- permission-get.go
- permission-mutate.go
- permission-query.go
- session-migrate.go
- sessions.go
- team-mutate.go
- teams-core.go
- teams-get.go
- user-core.go
- user-get.go
- user-mutate.go
- util.go
Click to show internal directories.
Click to hide internal directories.