permissions

package

v0.0.0-...-4436486 Latest Latest Go to latest Published: Jan 17, 2020 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

bitbucket.org/ignitionrobotics/ign-fuelserver

Documentation ¶

Index ¶

Constants
type Action
- func ActionFrom(str string) Action
- func (a Action) String() string
type Enforcer
type Permissions
type Role
- func RoleFrom(str string) (Role, *ign.ErrMsg)
- func (r Role) String() string

Constants ¶

View Source

const (
	// PolicyUser is the index of 'user' in a casbin policy tuple
	PolicyUser = iota
	// PolicyResource is the index of 'resource' in a casbin policy tuple
	PolicyResource
	// PolicyAction is the index of 'action' in a casbin policy tuple
	PolicyAction
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

func ActionFrom ¶

func ActionFrom(str string) Action

ActionFrom returns the Action value corresponding to the given string. It will return -1 if not found.

func (Action) String ¶

func (a Action) String() string

String function will return the english name of the Action

type Enforcer ¶

type Enforcer interface {
	LoadPolicy() error
	Enforce(rvals ...interface{}) bool
	DeleteUser(user string) bool
	DeleteRole(role string)
	DeletePermission(permission ...string) bool
	DeleteRolesForUser(user string) bool
	DeleteRoleForUser(user string, role string) bool
	AddRoleForUser(user string, role string) bool
	AddPermissionForUser(user string, permission ...string) bool
	DeletePermissionForUser(user string, permission ...string) bool
	DeletePermissionsForUser(user string) bool
	GetUsersForRole(name string) []string
	GetRolesForUser(name string) []string
	HasRoleForUser(name string, role string) bool
	HasPermissionForUser(user string, permission ...string) bool
	RemoveFilteredPolicy(fieldIndex int, fieldValues ...string) bool
}

Enforcer is the interface that matches all casbin enforcer implementations used by ign. It was created to allow other backends to use Permissions passing their own Enforcer.

type Permissions ¶

type Permissions struct {
	// contains filtered or unexported fields
}

Permissions struct contains a data object for interfacing with permissions db

func (*Permissions) AddPermission ¶

func (p *Permissions) AddPermission(user, resource string, action Action) (bool, *ign.ErrMsg)

AddPermission adds a user (or group) permission on a resource

func (*Permissions) AddRoleForUser ¶

func (p *Permissions) AddRoleForUser(user, role string) (bool, *ign.ErrMsg)

AddRoleForUser adds a role for a user

func (*Permissions) AddUserGroupRole ¶

func (p *Permissions) AddUserGroupRole(user, group string, role Role) (bool, *ign.ErrMsg)

AddUserGroupRole adds a role for a user in a group

func (*Permissions) AddUserGroupRoleString ¶

func (p *Permissions) AddUserGroupRoleString(user, group, role string) (bool, *ign.ErrMsg)

AddUserGroupRoleString is same as AddUserGroupRole but receives a role name as a string. It will fail if the role name is not 'owner', 'admin' or 'member'.

func (*Permissions) CompareRoles ¶

func (p *Permissions) CompareRoles(role1, role2 Role) int

CompareRoles compares the the given roles following this order: SystemAdmin > Owner > Admin > Member. It returns a positive number if role1 has more privileges than role2. A zero value if they are equal, and a negative value otherwise.

func (*Permissions) DBTable ¶

func (p *Permissions) DBTable() *gormadapter.CasbinRule

DBTable returns the DB table used by casbin

func (*Permissions) GetGroupsAndRolesForUser ¶

func (p *Permissions) GetGroupsAndRolesForUser(user string) map[string]string

GetGroupsAndRolesForUser gets the groups and roles that a user has, in the form of a map with groups as keys and the user role in those groups as values.

func (*Permissions) GetGroupsForUser ¶

func (p *Permissions) GetGroupsForUser(user string) []string

GetGroupsForUser returns the list of groups a user belongs to.

func (*Permissions) GetUserRoleForGroup ¶

func (p *Permissions) GetUserRoleForGroup(user, group string) (Role, *ign.ErrMsg)

GetUserRoleForGroup returns the role of a user in a group. If the user does not belong to the group then returns an error.

func (*Permissions) GetUsersForGroup ¶

func (p *Permissions) GetUsersForGroup(group string) []string

GetUsersForGroup gets the users that belong to a group.

func (*Permissions) HasRoleForUser ¶

func (p *Permissions) HasRoleForUser(user, role string) bool

HasRoleForUser checks and see if a user has the specified role

func (*Permissions) Init ¶

func (p *Permissions) Init(db *gorm.DB, sysAdmin string) error

Init initializes permissions with an existing database connection

func (*Permissions) InitWithEnforcerAndAdapter ¶

func (p *Permissions) InitWithEnforcerAndAdapter(e Enforcer, a *gormadapter.Adapter, sysAdmin string) error

InitWithEnforcerAndAdapter initializes permissions with a given pair of enforcer and adapter.

func (*Permissions) IsAuthorized ¶

func (p *Permissions) IsAuthorized(user, resource string, action Action) (bool, *ign.ErrMsg)

IsAuthorized checks if user has the permission to perform an action on a resource

func (*Permissions) IsAuthorizedForRole ¶

func (p *Permissions) IsAuthorizedForRole(user, group string, role Role) (bool, *ign.ErrMsg)

IsAuthorizedForRole returns true if the user is authorized to act as the given role (or above) in the group. Eg. A group Owner can act as Admin. But a Member cannot.

func (*Permissions) IsSystemAdmin ¶

func (p *Permissions) IsSystemAdmin(user string) bool

IsSystemAdmin returns a bool indicating if the given user is a system admin.

func (*Permissions) Reload ¶

func (p *Permissions) Reload(sysAdmin string) error

Reload reloads all casbin data sysAdmin argument can contain a list of usernames separated by comma.

func (*Permissions) RemoveGroup ¶

func (p *Permissions) RemoveGroup(group string) (bool, *ign.ErrMsg)

RemoveGroup removes a role in a group. This should remove all policies involving the role

func (*Permissions) RemovePermission ¶

func (p *Permissions) RemovePermission(user, resource string, action Action) (bool, *ign.ErrMsg)

RemovePermission removes a user (or group) permission on a resource

func (*Permissions) RemoveResource ¶

func (p *Permissions) RemoveResource(resource string) (bool, *ign.ErrMsg)

RemoveResource removes a resource and all policies involving the resource

func (*Permissions) RemoveRole ¶

func (p *Permissions) RemoveRole(role string) (bool, *ign.ErrMsg)

RemoveRole removes all policies involving the role

func (*Permissions) RemoveRoleForUser ¶

func (p *Permissions) RemoveRoleForUser(user, role string) (bool, *ign.ErrMsg)

RemoveRoleForUser removes a role from a user

func (*Permissions) RemoveRolePermissions ¶

func (p *Permissions) RemoveRolePermissions(group string) (bool, *ign.ErrMsg)

RemoveRolePermissions removes role permissions associated with a group

func (*Permissions) RemoveUser ¶

func (p *Permissions) RemoveUser(user string) (bool, *ign.ErrMsg)

RemoveUser removes all policies involving the user

func (*Permissions) RemoveUserFromGroup ¶

func (p *Permissions) RemoveUserFromGroup(user, group string) (bool, *ign.ErrMsg)

RemoveUserFromGroup removes all roles from a user in a group

func (*Permissions) RemoveUserGroupRole ¶

func (p *Permissions) RemoveUserGroupRole(user, group string, role Role) (bool, *ign.ErrMsg)

RemoveUserGroupRole removes a role from a user in a group

func (*Permissions) SetRolePermissions ¶

func (p *Permissions) SetRolePermissions(group string) (bool, *ign.ErrMsg)

SetRolePermissions sets up role permissions for a group

func (*Permissions) UserBelongsToGroup ¶

func (p *Permissions) UserBelongsToGroup(user, group string) bool

UserBelongsToGroup returns true if the user belongs to the group.

type Role ¶

type Role int

Role - type int

const (
	// System admin role
	SystemAdmin Role = iota
	// Owner role
	Owner
	// Admin role
	Admin
	// Member role
	Member
)

A list of roles

func RoleFrom ¶

func RoleFrom(str string) (Role, *ign.ErrMsg)

RoleFrom returns the Role value corresponding to the given string. It will return -1 if not found.

func (Role) String ¶

func (r Role) String() string

String function will return the english name of the Role

Source Files ¶

View all Source files

permissions.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL