Documentation
¶
Overview ¶
Package authz is used to authorize whether an identity has the required role.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddMemberResolver ¶
func AddOpenRolePermissions ¶
func AddRolePermissions ¶
Types ¶
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
func MustNew ¶
func MustNew(identity *auth.Identity) *Authorizer
func (*Authorizer) AddRoles ¶
func (a *Authorizer) AddRoles(roles ...string)
AddRoles adds roles that the identity has.
func (*Authorizer) AddRolesFromPolicies ¶
func (a *Authorizer) AddRolesFromPolicies(policies ...*iampb.Policy)
AddRolesFromPolicies extracts and persists roles for the identity from the given policies.
Warning: These roles will apply to all subsequent authorizer checks. For context-specific checks (e.g., checking individual row policies in a loop), pass policies directly to HasRole instead to avoid leaking permissions.
func (*Authorizer) HasPermission ¶
func (a *Authorizer) HasPermission(permission string, policies ...*iampb.Policy) bool
HasPermission returns true if the identity has the specified permission (or is a sytem identity), considering both previously added roles and those from the provided policies.
Note: Policies provided here are evaluated once and not persisted. To persist roles for subsequent checks (e.g., applying parent policies across multiple items in a List method), use AddRolesFromPolicies instead.
func (*Authorizer) HasRole ¶
func (a *Authorizer) HasRole(roles []string, policies ...*iampb.Policy) bool
HasRole returns true if the identity has one of the specified roles (or is a sytem identity), considering both previously added roles and those from the provided policies.
Note: Policies provided here are evaluated once and not persisted. To persist roles for subsequent checks (e.g., applying parent policies across multiple items in a List method), use AddRolesFromPolicies instead.
Source Files