policy

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 3, 2026 License: GPL-3.0 Imports: 8 Imported by: 0

Documentation

Overview

Package policy enforces authorization and action risk.

Package policy enforces RBAC (role → allowed permission/risk) plus per-connection ownership/sharing grants, using embedded Casbin. Risk levels come from route metadata — never client-supplied.

Index

Constants

This section is empty.

Variables

View Source
var ErrForbidden = errors.New("policy: forbidden")

ErrForbidden is the deny-by-default authorization failure.

Functions

This section is empty.

Types

type AccessInput

type AccessInput struct {
	User       models.User
	Permission string
	Risk       plugin.RiskLevel

	// Connection context. ConnectionID == "" means a non-connection route (e.g.
	// the plugin catalog), which only needs the role/risk gate.
	ConnectionID string
	OwnerID      string
	HasGrant     bool
	GrantAccess  models.Access
}

AccessInput is everything an authorization decision needs. The caller (the route wrapper) resolves the connection + the user's grant before calling.

type Enforcer

type Enforcer struct {
	// contains filtered or unexported fields
}

Enforcer answers authorization decisions. It is safe for concurrent use.

func New

func New() (*Enforcer, error)

New builds an enforcer seeded with the default role policies.

func (*Enforcer) AddRolePermissionPolicy

func (en *Enforcer) AddRolePermissionPolicy(role models.Role, permission string, risk plugin.RiskLevel) error

AddRolePermissionPolicy grants a role a route permission/risk pair.

func (*Enforcer) AddRolePolicy

func (en *Enforcer) AddRolePolicy(role models.Role, risk plugin.RiskLevel) error

AddRolePolicy grants a role an additional risk level (extensibility hook).

func (*Enforcer) Authorize

func (en *Enforcer) Authorize(in AccessInput) error

Authorize applies both gates (deny-by-default):

  1. the user's role must permit the route's permission/risk, and
  2. for connection routes, the user must own it or hold a grant.

Admin is a user-management role, not a super-user: it grants no implicit access to other users' connections.

func (*Enforcer) LoadStorePolicies

func (en *Enforcer) LoadStorePolicies(ctx context.Context, policies store.PolicyStore) error

LoadStorePolicies loads additive policy rows from the control-plane store.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL