Documentation
¶
Index ¶
- Constants
- func AllowPermissionInArrowBase(opts *validationOptions)
- type ArrowPermission
- type ExclusionPermission
- type Metadata
- type Model
- func (m *Model) Invert() *Model
- func (m *Model) Reader() (io.Reader, error)
- func (m *Model) StepRelation(r *Relation, subjs ...ObjectName) []*RelationRef
- func (m *Model) Validate(opts ...ValidationOption) error
- func (m *Model) ValidateRelation(on ObjectName, oid ObjectID, rn RelationName, sn ObjectName, sid ObjectID, ...) error
- func (m *Model) Write(w io.Writer) error
- type Object
- type ObjectID
- type ObjectName
- type Permission
- func (p *Permission) AddTerm(pt *PermissionTerm)
- func (p *Permission) IsExclusion() bool
- func (p *Permission) IsIntersection() bool
- func (p *Permission) IsUnion() bool
- func (p *Permission) Terms() []*PermissionTerm
- func (p *Permission) Types() RelationRefs
- func (p *Permission) TypesContain(rr RelationRef) bool
- type PermissionTerm
- type PermissionTerms
- type Permissions
- type RelOrPerm
- type Relation
- type RelationAssignment
- type RelationName
- type RelationRef
- type RelationRefs
- type Relations
- type ValidationOption
Constants ¶
View Source
const ( ObjectNameSeparator = "^" SubjectRelationSeparator = "#" GeneratedPermissionPrefix = "$" )
View Source
const ( ModelVersion int = 5 ArrowSymbol = "->" WildcardSymbol = "*" )
Variables ¶
This section is empty.
Functions ¶
func AllowPermissionInArrowBase ¶ added in v0.1.5
func AllowPermissionInArrowBase(opts *validationOptions)
Types ¶
type ArrowPermission ¶
type ExclusionPermission ¶
type ExclusionPermission struct {
Include *PermissionTerm `json:"include,omitempty"`
Exclude *PermissionTerm `json:"exclude,omitempty"`
}
type Model ¶
type Model struct {
Version int `json:"version"`
Objects map[ObjectName]*Object `json:"types"`
Metadata *Metadata `json:"metadata"`
// contains filtered or unexported fields
}
func (*Model) StepRelation ¶ added in v0.1.1
func (m *Model) StepRelation(r *Relation, subjs ...ObjectName) []*RelationRef
func (*Model) Validate ¶ added in v0.1.0
func (m *Model) Validate(opts ...ValidationOption) error
Validate enforces the model's internal consistency.
It enforces the following rules:
- Within an object, a permission cannot share the same name as a relation.
- Direct relations must reference existing objects .
- Wildcard relations must reference existing objects.
- Subject relations must reference existing object#relation pairs.
- Arrow permissions (relation->rel_or_perm) must reference existing relations/permissions.
func (*Model) ValidateRelation ¶ added in v0.1.0
func (m *Model) ValidateRelation(on ObjectName, oid ObjectID, rn RelationName, sn ObjectName, sid ObjectID, srn RelationName) error
type Object ¶
type Object struct {
Relations Relations `json:"relations,omitempty"`
Permissions Permissions `json:"permissions,omitempty"`
}
func (*Object) HasPermission ¶ added in v0.1.0
func (o *Object) HasPermission(name RelationName) bool
func (*Object) HasRelOrPerm ¶ added in v0.1.0
func (o *Object) HasRelOrPerm(name RelationName) bool
func (*Object) HasRelation ¶ added in v0.1.0
func (o *Object) HasRelation(name RelationName) bool
func (*Object) SubjectTypes ¶ added in v0.1.4
func (o *Object) SubjectTypes(name RelationName) []ObjectName
SubjectTypes returns the list of possible subject types for the given relation or permission.
type ObjectName ¶
type ObjectName string
func (ObjectName) String ¶ added in v0.0.14
func (on ObjectName) String() string
type Permission ¶
type Permission struct {
Union PermissionTerms `json:"union,omitempty"`
Intersection PermissionTerms `json:"intersection,omitempty"`
Exclusion *ExclusionPermission `json:"exclusion,omitempty"`
SubjectTypes []ObjectName `json:"subject_types,omitempty"`
Intermediates RelationRefs `json:"intermediates,omitempty"`
}
func (*Permission) AddTerm ¶ added in v0.1.4
func (p *Permission) AddTerm(pt *PermissionTerm)
func (*Permission) IsExclusion ¶ added in v0.1.0
func (p *Permission) IsExclusion() bool
func (*Permission) IsIntersection ¶ added in v0.1.0
func (p *Permission) IsIntersection() bool
func (*Permission) IsUnion ¶ added in v0.1.0
func (p *Permission) IsUnion() bool
func (*Permission) Terms ¶ added in v0.1.0
func (p *Permission) Terms() []*PermissionTerm
func (*Permission) Types ¶ added in v0.1.5
func (p *Permission) Types() RelationRefs
func (*Permission) TypesContain ¶ added in v0.2.8
func (p *Permission) TypesContain(rr RelationRef) bool
type PermissionTerm ¶ added in v0.1.0
type PermissionTerm struct {
Base RelationName `json:"base,omitempty"`
RelOrPerm RelationName `json:"rel_or_perm"`
SubjectTypes []ObjectName `json:"subject_types,omitempty"`
Intermediates RelationRefs `json:"intermediates,omitempty"`
}
func (*PermissionTerm) IsArrow ¶ added in v0.1.0
func (pr *PermissionTerm) IsArrow() bool
func (*PermissionTerm) String ¶ added in v0.1.4
func (pr *PermissionTerm) String() string
func (*PermissionTerm) Types ¶ added in v0.1.9
func (pr *PermissionTerm) Types() RelationRefs
type PermissionTerms ¶ added in v0.1.4
type PermissionTerms []*PermissionTerm
func (PermissionTerms) Contains ¶ added in v0.1.4
func (pts PermissionTerms) Contains(pt *PermissionTerm) bool
type Permissions ¶ added in v0.2.9
type Permissions map[RelationName]*Permission
type RelOrPerm ¶ added in v0.2.8
type RelOrPerm interface {
TypesContain(rel RelationRef) bool
}
type Relation ¶
type Relation struct {
Union []*RelationRef `json:"union,omitempty"`
SubjectTypes []ObjectName `json:"subject_types,omitempty"`
Intermediates RelationRefs `json:"intermediates,omitempty"`
}
func (*Relation) AddRef ¶ added in v0.1.4
func (r *Relation) AddRef(rr *RelationRef)
func (*Relation) AllRefs ¶ added in v0.1.5
func (r *Relation) AllRefs() []RelationRef
func (*Relation) Types ¶ added in v0.1.5
func (r *Relation) Types() RelationRefs
func (*Relation) TypesContain ¶ added in v0.2.8
func (r *Relation) TypesContain(rr RelationRef) bool
type RelationAssignment ¶ added in v0.1.0
type RelationAssignment int
const ( RelationAssignmentUnknown RelationAssignment = iota RelationAssignmentDirect RelationAssignmentSubject RelationAssignmentWildcard )
type RelationName ¶
type RelationName string
func InverseRelation ¶ added in v0.1.4
func InverseRelation(on ObjectName, rn RelationName, srn ...RelationName) RelationName
func PermForRel ¶ added in v0.1.5
func PermForRel(rn RelationName) RelationName
func (RelationName) String ¶ added in v0.0.14
func (rn RelationName) String() string
type RelationRef ¶ added in v0.1.0
type RelationRef struct {
Object ObjectName `json:"object,omitempty"`
Relation RelationName `json:"relation,omitempty"`
}
func NewRelationRef ¶ added in v0.1.0
func NewRelationRef(on ObjectName, rn RelationName) *RelationRef
func (*RelationRef) Assignment ¶ added in v0.1.0
func (rr *RelationRef) Assignment() RelationAssignment
func (*RelationRef) IsDirect ¶ added in v0.1.0
func (rr *RelationRef) IsDirect() bool
func (*RelationRef) IsSubject ¶ added in v0.1.0
func (rr *RelationRef) IsSubject() bool
func (*RelationRef) IsWildcard ¶ added in v0.1.0
func (rr *RelationRef) IsWildcard() bool
func (*RelationRef) String ¶ added in v0.1.0
func (rr *RelationRef) String() string
type RelationRefs ¶ added in v0.1.5
type RelationRefs []RelationRef
type Relations ¶ added in v0.2.9
type Relations map[RelationName]*Relation
type ValidationOption ¶ added in v0.1.5
type ValidationOption func(*validationOptions)
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.