crudguard

package

v0.23.0 Latest Latest Go to latest Published: Apr 23, 2026 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/goliatone/go-users

Links

Open Source Insights

Documentation ¶

Index ¶

func DefaultPolicyMap(readAction, writeAction types.PolicyAction) map[crud.CrudOperation]types.PolicyAction
func DefaultScopeExtractor(_ crud.Context, actor *auth.ActorContext) (types.ScopeFilter, error)
type Adapter
- func NewAdapter(cfg Config) (*Adapter, error)
- func (a *Adapter) Enforce(in GuardInput) (GuardResult, error)
type BypassConfig
type Config
type GuardInput
type GuardResult
type ScopeExtractor

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DefaultPolicyMap ¶

func DefaultPolicyMap(readAction, writeAction types.PolicyAction) map[crud.CrudOperation]types.PolicyAction

DefaultPolicyMap maps the standard CRUD verbs to the supplied read/write PolicyActions. Create/Update/Delete (and their batch variants) map to the write action while list/show map to the read action.

func DefaultScopeExtractor ¶

func DefaultScopeExtractor(_ crud.Context, actor *auth.ActorContext) (types.ScopeFilter, error)

DefaultScopeExtractor builds the requested scope from the actor context.

Types ¶

type Adapter ¶

type Adapter struct {
	// contains filtered or unexported fields
}

Adapter turns go-crud operations into scope guard enforcement calls.

func NewAdapter ¶

func NewAdapter(cfg Config) (*Adapter, error)

NewAdapter constructs a Guard adapter and validates the supplied config.

func (*Adapter) Enforce ¶

func (a *Adapter) Enforce(in GuardInput) (GuardResult, error)

Enforce resolves the actor, derives the requested scope, optionally bypasses, and finally enforces the scope guard with the mapped PolicyAction.

type BypassConfig ¶

type BypassConfig struct {
	Enabled bool
	Reason  string
}

BypassConfig explicitly allows guard skips for whitelisted routes (e.g. schema exports). It must never be enabled by default.

type Config ¶

type Config struct {
	Guard          scope.Guard
	Logger         types.Logger
	PolicyMap      map[crud.CrudOperation]types.PolicyAction
	ScopeExtractor ScopeExtractor
	FallbackAction types.PolicyAction
}

Config drives Adapter construction.

type GuardInput ¶

type GuardInput struct {
	Context   crud.Context
	Operation crud.CrudOperation
	TargetID  uuid.UUID
	Scope     types.ScopeFilter
	Bypass    *BypassConfig
}

GuardInput captures per-request parameters supplied by transports.

type GuardResult ¶

type GuardResult struct {
	Actor        types.ActorRef
	Scope        types.ScopeFilter
	Operation    crud.CrudOperation
	Bypassed     bool
	BypassReason string
}

GuardResult reports the resolved scope and actor metadata returned by the adapter.

type ScopeExtractor ¶

type ScopeExtractor func(ctx crud.Context, actor *auth.ActorContext) (types.ScopeFilter, error)

ScopeExtractor builds a requested ScopeFilter from the crud context prior to guard evaluation. Implementations may inspect query parameters or request bodies to derive tenant/org filters.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL