acl

package

v2.1.1+incompatible Latest Latest Go to latest Published: May 22, 2017 License: BSD-3-Clause Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package acl contains functions to enforce access control lists. It allows you to register multiple security policies for enforcing ACLs for users or HTTP requests. The specific policy to use must be specified from a command line argument and cannot be changed on-the-fly.

Index ¶

Constants
func CheckAccessActor(actor, role string) error
func CheckAccessHTTP(req *http.Request, role string) error
func RegisterPolicy(name string, policy Policy)
func SendError(w http.ResponseWriter, err error)
type FallbackPolicy
- func (fp FallbackPolicy) CheckAccessActor(actor, role string) error
- func (fp FallbackPolicy) CheckAccessHTTP(req *http.Request, role string) error
type Policy

Constants ¶

View Source

const (
	ADMIN      = "admin"
	DEBUGGING  = "debugging"
	MONITORING = "monitoring"
)

This is a list of predefined roles. Applications are free to invent more roles, as long as the acl policies they use can understand what they mean.

Variables ¶

This section is empty.

Functions ¶

func CheckAccessActor ¶

func CheckAccessActor(actor, role string) error

CheckAccessActor uses the current security policy to verify if an actor has access to the role.

func CheckAccessHTTP ¶

func CheckAccessHTTP(req *http.Request, role string) error

CheckAccessHTTP uses the current security policy to verify if an actor in an http request has access to the role.

func RegisterPolicy ¶

func RegisterPolicy(name string, policy Policy)

RegisterPolicy registers a security policy. This function must be called before the first call to CheckAccess happens, preferably through an init. This will ensure that the requested policy can be found by other acl functions when needed.

func SendError ¶

func SendError(w http.ResponseWriter, err error)

SendError is a convenience function that sends an ACL error as an HTTP response.

Types ¶

type FallbackPolicy ¶

type FallbackPolicy struct{}

FallbackPolicy is the policy that's used if the requested policy cannot be found. It rejects all access.

func (FallbackPolicy) CheckAccessActor ¶

func (fp FallbackPolicy) CheckAccessActor(actor, role string) error

CheckAccessActor disallows all actor access.

func (FallbackPolicy) CheckAccessHTTP ¶

func (fp FallbackPolicy) CheckAccessHTTP(req *http.Request, role string) error

CheckAccessHTTP disallows all HTTP access.

type Policy ¶

type Policy interface {
	// CheckAccessActor can be called to verify if an actor
	// has access to the role.
	CheckAccessActor(actor, role string) error
	// CheckAccessHTTP can be called to verify if an actor in
	// the http request has access to the role.
	CheckAccessHTTP(req *http.Request, role string) error
}

Policy defines the interface that needs to be satisfied by ACL policy implementors.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL