model

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2026 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Overview

Package model defines the core SFBAC domain types shared across layers.

Index

Constants

View Source 
const (
	MetaRoleRead        = "role:read"
	MetaRoleWrite       = "role:write"
	MetaRoleAssign      = "role:assign"
	MetaOperationRead   = "operation:read"
	MetaOperationWrite  = "operation:write"
	MetaOperationAssign = "operation:assign"
	MetaResourceRead    = "resource:read"
	MetaResourceWrite   = "resource:write"
	MetaUserRead        = "user:read"
)

Meta operation names used to authorize Sforza's own administrative APIs.

View Source 
const AdminRole = "authorization:admin"

AdminRole is the bootstrap administrator role created in every tenant.

Variables

View Source 
var MetaOperations = map[string]string{
	MetaRoleRead:        "role",
	MetaRoleWrite:       "role",
	MetaRoleAssign:      "role",
	MetaOperationRead:   "operation",
	MetaOperationWrite:  "operation",
	MetaOperationAssign: "operation",
	MetaResourceRead:    "resource",
	MetaResourceWrite:   "resource",
	MetaUserRead:        "user",
}

MetaOperations maps every meta operation to its meta resource.

Functions

func IsMetaOperation 

func IsMetaOperation(operation string) bool

IsMetaOperation reports whether the operation belongs to Sforza's own meta authorization model.

func OperationResource 

func OperationResource(operation string) string

OperationResource extracts the resource part of an operation name ("product:read" -> "product"). It returns "" when the name has no "resource:action" shape.

Types

type OperationScope 

type OperationScope struct {
	Operation string `json:"operation"`
	Scope     Scope  `json:"scope"`
}

OperationScope is the effective (operation, scope) pair returned by permission queries.

type Scope 

type Scope string

Scope is the visibility scope attached to an (operation, subject) pair. 

const (
	// ScopeFull grants access to all records of the operation.
	ScopeFull Scope = "FULL"
	// ScopeEmpty grants access to no records.
	ScopeEmpty Scope = "EMPTY"
	// ScopeRestricted grants access to an explicit set of record IDs.
	ScopeRestricted Scope = "RESTRICTED"
)

func (Scope) Valid 

func (s Scope) Valid() bool

Valid reports whether s is one of the supported scopes.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.