rbac

package module
v0.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 27, 2025 License: MIT Imports: 9 Imported by: 4

README

RBAC

Installation

go get -u github.com/gowool/rbac
Install Fx Module
go get -u github.com/gowool/rbac/fx

License

Distributed under MIT License, please see license file within the code for more details.

Documentation

Index

Constants

View Source 
const (
	DecisionDeny = iota + 1
	DecisionAllow
)

Variables

View Source 
var (
	ErrRoleNotFound = errors.New("role not found")
	ErrInvalidRole  = errors.New("role must be a string or implement the Role interface")
)
View Source 
var ErrCircularReference = errors.New("circular reference detected")
View Source 
var ErrDeny = errors.New("deny")

Functions

func RequestAuthorizer 

func RequestAuthorizer(authorizer Authorizer, actions func(*http.Request) []string) func(*http.Request) error

func WithAssertions 

func WithAssertions(ctx context.Context, assertions ...Assertion) context.Context

func WithClaims 

func WithClaims(ctx context.Context, claims *Claims) context.Context

func WithRequestInfo added in v0.0.3 

func WithRequestInfo(ctx context.Context, info RequestInfo) context.Context

func WithTarget added in v0.0.2 

func WithTarget(ctx context.Context, target *Target) context.Context

Types

type AccessConfig 

type AccessConfig struct {
	Role        string   `json:"role,omitempty" yaml:"role,omitempty"`
	Permissions []string `json:"permissions,omitempty" yaml:"permissions,omitempty"`
}

type Assertion 

type Assertion interface {
	Assert(ctx context.Context, role Role, permission string) (bool, error)
}

func CtxAssertions 

func CtxAssertions(ctx context.Context) []Assertion

type AssertionFunc 

type AssertionFunc func(ctx context.Context, role Role, permission string) (bool, error)

func (AssertionFunc) Assert 

func (f AssertionFunc) Assert(ctx context.Context, role Role, permission string) (bool, error)

type AuthorizationChecker 

type AuthorizationChecker interface {
	IsGranted(ctx context.Context, role any, permission string, assertions ...Assertion) bool
}

type Authorizer 

type Authorizer interface {
	Authorize(ctx context.Context, claims *Claims, target *Target) (Decision, error)
}

type Claims 

type Claims struct {
	Subject  Subject
	Metadata map[string]any
}

func CtxClaims 

func CtxClaims(ctx context.Context) *Claims

type Config 

type Config struct {
	CreateMissingRoles bool           `json:"createMissingRoles,omitempty" yaml:"createMissingRoles,omitempty"`
	RoleHierarchy      []RoleConfig   `json:"roleHierarchy,omitempty" yaml:"roleHierarchy,omitempty"`
	AccessControl      []AccessConfig `json:"accessControl,omitempty" yaml:"accessControl,omitempty"`
}

type Decision 

type Decision int8

func (Decision) String 

func (d Decision) String() string

type DefaultAuthorizer 

type DefaultAuthorizer struct {
	// contains filtered or unexported fields
}

func NewDefaultAuthorizer 

func NewDefaultAuthorizer(rbac *RBAC) *DefaultAuthorizer

func (*DefaultAuthorizer) Authorize 

func (a *DefaultAuthorizer) Authorize(ctx context.Context, claims *Claims, target *Target) (d Decision, err error)

type DefaultRole 

type DefaultRole struct {
	// contains filtered or unexported fields
}

func NewRole 

func NewRole(name string) *DefaultRole

func (*DefaultRole) AddChild 

func (r *DefaultRole) AddChild(child Role) error

func (*DefaultRole) AddParent 

func (r *DefaultRole) AddParent(parent Role) error

func (*DefaultRole) AddPermissions 

func (r *DefaultRole) AddPermissions(permission string, rest ...string)

func (*DefaultRole) Children 

func (r *DefaultRole) Children() []Role

func (*DefaultRole) HasAncestor 

func (r *DefaultRole) HasAncestor(role Role) bool

func (*DefaultRole) HasDescendant 

func (r *DefaultRole) HasDescendant(role Role) bool

func (*DefaultRole) HasPermission 

func (r *DefaultRole) HasPermission(permission string) bool

func (*DefaultRole) Name 

func (r *DefaultRole) Name() string

func (*DefaultRole) Parents 

func (r *DefaultRole) Parents() []Role

func (*DefaultRole) Permissions 

func (r *DefaultRole) Permissions(children bool) []string

func (*DefaultRole) RePermissions added in v0.0.5 

func (r *DefaultRole) RePermissions(children bool) []*regexp.Regexp

func (*DefaultRole) String 

func (r *DefaultRole) String() string

type RBAC 

type RBAC struct {
	// contains filtered or unexported fields
}

func New 

func New() *RBAC

func NewWithConfig 

func NewWithConfig(cfg Config) (*RBAC, error)

func (*RBAC) AddRole 

func (rbac *RBAC) AddRole(role any, parents ...any) error

func (*RBAC) Apply 

func (rbac *RBAC) Apply(cfg Config) error

func (*RBAC) CreateMissingRoles 

func (rbac *RBAC) CreateMissingRoles() bool

func (*RBAC) HasRole 

func (rbac *RBAC) HasRole(role any) (bool, error)

func (*RBAC) IsGranted 

func (rbac *RBAC) IsGranted(ctx context.Context, role any, permission string, assertions ...Assertion) bool

func (*RBAC) IsGrantedE 

func (rbac *RBAC) IsGrantedE(ctx context.Context, role any, permission string, assertions ...Assertion) (bool, error)

func (*RBAC) Role 

func (rbac *RBAC) Role(name string) (Role, error)

func (*RBAC) Roles 

func (rbac *RBAC) Roles() []Role

func (*RBAC) SetCreateMissingRoles 

func (rbac *RBAC) SetCreateMissingRoles(createMissingRoles bool) *RBAC

type RequestInfo added in v0.0.3 

type RequestInfo struct {
	Method     string
	Host       string
	RequestURI string
	Pattern    string
	RemoteAddr string
	Header     http.Header
	URL        url.URL
	IsTLS      bool
}

func CtxRequestInfo added in v0.0.3 

func CtxRequestInfo(ctx context.Context) RequestInfo

type Role 

type Role interface {
	fmt.Stringer
	Name() string
	AddPermissions(permission string, rest ...string)
	HasPermission(permission string) bool
	Permissions(children bool) []string
	RePermissions(children bool) []*regexp.Regexp
	AddParent(Role) error
	Parents() []Role
	AddChild(Role) error
	Children() []Role
	HasAncestor(role Role) bool
	HasDescendant(role Role) bool
}

type RoleConfig 

type RoleConfig struct {
	Role     string   `json:"role,omitempty" yaml:"role,omitempty"`
	Parents  []string `json:"parents,omitempty" yaml:"parents,omitempty"`
	Children []string `json:"children,omitempty" yaml:"children,omitempty"`
}

type Subject 

type Subject interface {
	Identifier() string
	Roles() []string
}

type Target 

type Target struct {
	Action     string
	Assertions []Assertion
	Metadata   map[string]any
}

func CtxTarget added in v0.0.2 

func CtxTarget(ctx context.Context) *Target

Source Files

View all Source files

Directories

Path Synopsis
fx module

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.