access

package
v0.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	FeatureId = security.FeatureId("AC", security.FeatureOrderAccess)
)
View Source 
var Module = &bootstrap.Module{
	Name:       "access control",
	Precedence: security.MinSecurityPrecedence + 30,
	Options: []fx.Option{
		fx.Invoke(register),
	},
}

Functions

func Authenticated 

func Authenticated(auth security.Authentication) (bool, error)

func DenyAll 

func DenyAll(_ security.Authentication) (bool, error)

func NewPermissionMatcher 

func NewPermissionMatcher(permission string) *permissionMatcher

func PermitAll 

func PermitAll(_ security.Authentication) (bool, error)

Types

type AccessControl 

type AccessControl struct {
	// contains filtered or unexported fields
}

func (*AccessControl) AllowIf 

func (ac *AccessControl) AllowIf(cf ControlFunc) *AccessControlFeature

func (*AccessControl) Authenticated 

func (ac *AccessControl) Authenticated() *AccessControlFeature

func (*AccessControl) CustomDecisionMaker 

func (ac *AccessControl) CustomDecisionMaker(dmf DecisionMakerFunc) *AccessControlFeature

CustomDecisionMaker override ControlFunc. Order and AcrMatcher are still applied

func (*AccessControl) DenyAll 

func (ac *AccessControl) DenyAll() *AccessControlFeature

func (*AccessControl) HasPermissions 

func (ac *AccessControl) HasPermissions(permissions ...string) *AccessControlFeature

func (*AccessControl) Order 

func (ac *AccessControl) Order() int

Order implements order.Ordered

func (*AccessControl) PermitAll 

func (ac *AccessControl) PermitAll() *AccessControlFeature

func (*AccessControl) WithOrder 

func (ac *AccessControl) WithOrder(order int) *AccessControl

type AccessControlConfigurer 

type AccessControlConfigurer struct {
}

func (*AccessControlConfigurer) Apply 

func (acc *AccessControlConfigurer) Apply(feature security.Feature, ws security.WebSecurity) error

type AccessControlFeature 

type AccessControlFeature struct {
	// contains filtered or unexported fields
}

func Configure 

func Configure(ws security.WebSecurity) *AccessControlFeature

func New 

func New() *AccessControlFeature

New Standard security.Feature entrypoint, DSL style. Used with security.WebSecurity

func (*AccessControlFeature) Identifier 

func (f *AccessControlFeature) Identifier() security.FeatureIdentifier

Identifier implements security.Feature

func (*AccessControlFeature) Request 

func (f *AccessControlFeature) Request(matcher AcrMatcher) *AccessControl

Request configure access control of requests matching given AcrMatcher

type AccessControlMiddleware 

type AccessControlMiddleware struct {
	// contains filtered or unexported fields
}

func NewAccessControlMiddleware 

func NewAccessControlMiddleware(decisionMakers ...DecisionMakerFunc) *AccessControlMiddleware

func (*AccessControlMiddleware) ACHandlerFunc 

func (ac *AccessControlMiddleware) ACHandlerFunc() gin.HandlerFunc

type AcrMatcher 

type AcrMatcher web.RequestMatcher

AcrMatcher short for Access Control RequestDetails Matcher, accepts *http.Request or http.Request

type ConditionWithControlFunc 

type ConditionWithControlFunc struct {
	Description string
	ControlFunc ControlFunc
}

ConditionWithControlFunc is a common ControlCondition implementation backed by ControlFunc

func (*ConditionWithControlFunc) And 

func (m *ConditionWithControlFunc) And(matchers ...matcher.Matcher) matcher.ChainableMatcher

func (*ConditionWithControlFunc) Matches 

func (m *ConditionWithControlFunc) Matches(i interface{}) (bool, error)

func (*ConditionWithControlFunc) MatchesWithContext 

func (m *ConditionWithControlFunc) MatchesWithContext(c context.Context, _ interface{}) (bool, error)

func (*ConditionWithControlFunc) Or 

func (m *ConditionWithControlFunc) Or(matchers ...matcher.Matcher) matcher.ChainableMatcher

func (ConditionWithControlFunc) String 

func (m ConditionWithControlFunc) String() string

type ControlCondition 

type ControlCondition matcher.ChainableMatcher

ControlCondition extends web.RequestMatcher, and matcher.ChainableMatcher it is used together with web.RoutedMapping's "Condition" for a convienent config of securities only matcher.ChainableMatcher's .MatchesWithContext (context.Context, interface{}) (bool, error) is used Matches(interface{}) (bool, error) should return regular as if the context is empty

In addition, implementation should also return AccessDeniedError when condition didn't match. web.Registrar will propagate this error along the handler chain until it's handled by errorhandling middleware

func RequirePermissions 

func RequirePermissions(expr string) ControlCondition

RequirePermissions returns ControlCondition using HasPermissionsWithExpr e.g. RequirePermissions("P1 && P2 && !(P3 || P4)"), means security.Permissions contains both P1 and P2 but not contains neither P3 nor P4 see HasPermissionsWithExpr for expression syntax

type ControlFunc 

type ControlFunc func(security.Authentication) (decision bool, reason error)

ControlFunc make access control decision based on security.Authentication "decision" indicate whether the access is grated "reason" is optional and is used when access is denied. if not specified, security.NewAccessDeniedError will be used

func HasPermissions 

func HasPermissions(permissions ...string) ControlFunc

HasPermissions returns a ControlFunc that checks permissions of current auth. If the given auth doesn't contain all specified permission, the ControlFunc returns false and a security.AccessDeniedError

func HasPermissionsWithExpr 

func HasPermissionsWithExpr(expr string) ControlFunc

HasPermissionsWithExpr takes an expression and returns a ControlFunc that evaluate security.Permissions against the given expression.

The expression is composed by 1 or more expression-unit combined using logical operands and brackets. supported expresion-unit are:

  • !<permission>
  • <permission> && <permission>
  • <permission> || <permission>

where <permission> stands for "security.Permissions.Has(<permission>)" which yields bool result e.g. "P1 && P2 && !(P3 || P4)", means security.Permissions contains both P1 and P2 but not contains neither P3 nor P4

type DecisionMakerFunc 

type DecisionMakerFunc func(context.Context, *http.Request) (handled bool, decision error)

DecisionMakerFunc determine if current user can access to given http.Request if the given request is not handled by this function, return false, nil if the given request is handled and the access is granted, return true, nil otherwise, return true, security.ErrorTypeCodeAccessControl error

func MakeDecisionMakerFunc 

func MakeDecisionMakerFunc(matcher AcrMatcher, cf ControlFunc) DecisionMakerFunc

func WrapDecisionMakerFunc 

func WrapDecisionMakerFunc(matcher AcrMatcher, dmf DecisionMakerFunc) DecisionMakerFunc

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.