Documentation ¶
Index ¶
- type ACE
- type ACL
- type Action
- type DefaultAuthorizationPolicy
- type Policy
- type Principals
- type System
- func (s System) CreateGroup(groupName string) (model.Group, error)
- func (s System) CreatePerm(permName string) (model.Permission, error)
- func (s System) CreateUser(userName, password string, perms []string) (*model.User, error)
- func (s System) GetToken(name string, roles []string) (string, error)
- func (s System) GetUserPrincipals(userName string) (Principals, error)
- func (s System) GiveGroup(userID, groupID int64) error
- func (s System) GivePerm(groupID, permID int64) error
- func (s System) VerifyUserPassword(userName, givenPassword string) (valid bool, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACE ¶
type ACE struct { Action Action // Allow or Deny Principal string // can be a user, group or any string Permission string // a permission string "CanDeleteUsers" }
ACE (access control entry) is one element of an ACL
type Action ¶
type Action int
Action can be either Deny (0) or Allow (1) see the constants declared below
type DefaultAuthorizationPolicy ¶
type DefaultAuthorizationPolicy struct{}
DefaultAuthorizationPolicy is the policy used by default in Hermes it implements the Policy interface
func (DefaultAuthorizationPolicy) Permits ¶
func (p DefaultAuthorizationPolicy) Permits(acl ACL, principals Principals, permission string) bool
Permits implements the Policy interface by checking if the given principals are permitted the given permission in the context of the given ACL
type Policy ¶
type Policy interface {
Permits(acl ACL, principals Principals, permission string) bool
}
Policy is the interface an authorization policy must implement An authorization policy is a policy that allows or denies access after a user has been authenticated
type Principals ¶
type Principals []string
Principals is a collection of principals
func (Principals) Contains ¶
func (p Principals) Contains(princip string) bool
Contains tests if a principal is present in the list
type System ¶
type System struct { JwtSecret string // contains filtered or unexported fields }
System is responsible to verify if an actor that claims to be is really what is says... (ie: authentication)
func New ¶
func New(m *model.Model, db *yago.DB, l hermes.Logger, duration time.Duration, jwtSecret string) *System
New is a constructor that sets up a auth.System. duration is used to determine how long a token produced by this system will last. jwtSecret is the secret string that will be used as a key to
func (System) CreateGroup ¶
CreateGroup is used to create a group.
func (System) CreatePerm ¶
func (s System) CreatePerm(permName string) (model.Permission, error)
CreatePerm is used to create a permission.
func (System) CreateUser ¶
CreateUser is a method used to create a new user in the system and setting its password in the database
func (System) GetToken ¶
GetToken generates a token with claims corresponding to the name and roles you give. This token is signed with the auth.System secret
func (System) GetUserPrincipals ¶
func (s System) GetUserPrincipals(userName string) (Principals, error)
GetUserPrincipals is a method used to find the principals of a user by name. Principals are strings representing (generally) permissions