Documentation
¶
Index ¶
- Constants
- Variables
- func AreActionsAllowed(allowedActions, actions []hub.Action) bool
- func IsActionAllowed(allowedActions []hub.Action, action hub.Action) bool
- func IsPredefinedPolicyValid(predefinedPolicy string) bool
- type Authorizer
- func (a *Authorizer) Authorize(ctx context.Context, input *hub.AuthorizeInput) error
- func (a *Authorizer) GetAllowedActions(ctx context.Context, userID, orgName string) ([]hub.Action, error)
- func (a *Authorizer) WillUserBeLockedOut(ctx context.Context, newPolicy *hub.AuthorizationPolicy, userID string) (bool, error)
- type AuthorizerMock
- func (m *AuthorizerMock) Authorize(ctx context.Context, input *hub.AuthorizeInput) error
- func (m *AuthorizerMock) GetAllowedActions(ctx context.Context, userID, orgName string) ([]hub.Action, error)
- func (m *AuthorizerMock) WillUserBeLockedOut(ctx context.Context, newPolicy *hub.AuthorizationPolicy, userID string) (bool, error)
Constants ¶
const ( // AllowedActionsQuery represents the authorization's policy query used to // get the actions a given user is allowed to perform. AllowedActionsQuery = "data.artifacthub.authz.allowed_actions" )
Variables ¶
var ( // AllowedActionsQueryRef represents a reference to AllowedActionsQuery. AllowedActionsQueryRef = ast.MustParseRef(AllowedActionsQuery) )
Functions ¶
func AreActionsAllowed ¶
AreActionsAllowed checks if a given list of actions are allowed checking against the list of allowed actions provided.
func IsActionAllowed ¶
IsActionAllowed checks if a given action is allowed checking against the list of allowed actions provided.
func IsPredefinedPolicyValid ¶
IsPredefinedPolicyValid checks if the provided predefined policy is valid.
Types ¶
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer is in charge of authorizing actions that users intend to perform.
func NewAuthorizer ¶
func NewAuthorizer(db hub.DB) (*Authorizer, error)
NewAuthorizer creates a new Authorizer instance.
func (*Authorizer) Authorize ¶
func (a *Authorizer) Authorize(ctx context.Context, input *hub.AuthorizeInput) error
Authorize allows or denies if an action can be performed based on the input provided and the organization authorization policy. It queries the policy for all the actions the user is allowed to perform and checks if the action provided in the input is in that list.
func (*Authorizer) GetAllowedActions ¶
func (a *Authorizer) GetAllowedActions(ctx context.Context, userID, orgName string) ([]hub.Action, error)
GetAllowedActions returns the actions a given user is allowed to perform in the provided organization. We'll obtain them querying the organization authorization policy.
func (*Authorizer) WillUserBeLockedOut ¶
func (a *Authorizer) WillUserBeLockedOut( ctx context.Context, newPolicy *hub.AuthorizationPolicy, userID string, ) (bool, error)
WillUserBeLockedOut checks if the user will be locked out if the new policy provided is applied to the organization.
type AuthorizerMock ¶
AuthorizerMock is a mock implementation of the hub Authorizer interface.
func (*AuthorizerMock) Authorize ¶
func (m *AuthorizerMock) Authorize(ctx context.Context, input *hub.AuthorizeInput) error
Authorize implements the Authorizer interface.
func (*AuthorizerMock) GetAllowedActions ¶
func (m *AuthorizerMock) GetAllowedActions(ctx context.Context, userID, orgName string) ([]hub.Action, error)
GetAllowedActions implements the Authorizer interface.
func (*AuthorizerMock) WillUserBeLockedOut ¶
func (m *AuthorizerMock) WillUserBeLockedOut( ctx context.Context, newPolicy *hub.AuthorizationPolicy, userID string, ) (bool, error)
WillUserBeLockedOut implements the Authorizer interface.
Source Files