Redirected from 
README
¶
accesspolicy
This initiative employs a declarative and explicit strategy for handling access control in Go projects. It is consolidated in a single location and presented in a manner that is comprehensible to individuals with lesser technical expertise. If you have experience with other declarative access frameworks, like AWS' IAM, you will find the syntax to be familiar.
Example:
package main
const rootUserID = 1
func isRoot(ctx context.Context, user User, action Action) bool {
return user.GetID() == rootUserID
}
func main() {
// Define a policy
policy := Policy{
Statements: []Statement{
{
Actions: Actions{ActionAll},
Principal: PrincipalAuthenticated,
Conditions: Conditions{
isRoot,
},
Effect: EffectAllow,
},
{
Actions: Actions{ActionAnySafe},
Principal: PrincipalAuthenticated,
Effect: EffectAllow,
},
},
}
// Define a user and an action
ctx := context.Background()
usr := &user{id: rootUserID}
action := HTTPMethodAction(http.MethodGet)
// Enforce the policy
if policy.HasPermission(ctx, usr, action) {
// Allow
} else {
// Deny
}
}
type user struct{ id uint }
func (u *user) GetID() uint { return u.id }
func (u *user) IsAnonymous() bool { return u.id == 0 }
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ActionAll = Action{"*", false} ActionAnySafe = Action{"any_safe", true} )
Functions ¶
This section is empty.
Types ¶
type Action ¶
func HTTPMethodAction ¶
type Conditions ¶
type Conditions []Condition
type Principal ¶
type Principal string
func GroupPrincipal ¶
GroupPrincipal will match any user that is in any of the groups
func PermissionPrincipal ¶
PermissionPrincipal will match any user that has all the permissions TODO: support OR ?
func UserPrincipal ¶
UserPrincipal will match any user whose ID is in the list
Source Files
Click to show internal directories.
Click to hide internal directories.