README
¶
Scopie
Go implementation of scopie.
Example
import (
"errors"
"github.com/miniscruff/scopie-go"
)
type User struct {
Rules []string
}
type BlogPost struct {
Author User
Content string
}
var userStore map[string]User = map[string]User{
"elsa": User{
Rules: []string{"allow/blog/create|update"},
},
"belle": User{
Rules: []string{"allow/blog/create"},
},
}
var blogStore map[string]BlogPost = map[string]BlogPost{}
func createBlog(username, blogSlug, blogContent string) error {
user := users[username]
allowed, err := scopie.IsAllowed([]string{"blog/create"}, user.rules, nil)
if err != nil {
return err
}
if !allowed {
return errors.New("not allowed to create a blog post")
}
blogStore[blogSlug] = BlogPost{
Author: user,
Content: blogContent,
}
return nil
}
func updateBlog(username, blogSlug, blogContent string) error {
user := users[username]
allowed, err := scopie.IsAllowed([]string{"blog/update"}, user.rules, nil) {
if err != nil {
return err
}
if !allowed {
return errors.New("not allowed to update this blog post")
}
blogPosts[blogSlug] = BlogPost{
author: user,
content: blogContent,
}
return nil
}
Documentation
¶
Index ¶
Examples ¶
Constants ¶
const ( BlockSeperator = byte('/') ArraySeperator = byte('|') VariablePrefix = byte('@') Wildcard = byte('*') AllowPermission = "allow" DenyPermission = "deny" )
Variables ¶
This section is empty.
Functions ¶
func IsAllowed ¶
IsAllowed returns whether or not the scopes are allowed with the given rules. Is Allowed Spec is the function specification.
Scopes specifies one or more scopes our actor must match. When using more then one scope, they are treated as a series of OR conditions, and an actor will be allowed if they match any of the scopes.
Rules specifies one or more rules our requesting scopes has to have to be allowed access. An optional dictionary or map of variable to values. Variable keys should not start with `@`
isAllowed, err := IsAllowed(
[]string{"accounts/thor/edit",
"allow/accounts/@username/*",
map[string]string{"username": "thor"},
)
if err != nil {
return fmt.Errorf("invalid scope or rule: %w", err)
}
if !isAllowed {
return fmt.Errorf("unauthorized")
}
Example ¶
userRules := []string{"allow/blog/create|update"}
allowed, err := IsAllowed([]string{"blog/create"}, userRules, nil)
if err != nil {
panic("invalid scopes or rules")
}
if !allowed {
panic("can not create a new blog")
}
// create the blog here
func ValidateScopes ¶ added in v0.3.0
ValidateScopes checks whether or not the given scopes or rules are valid given the requirements outlined in the specification. Validate Scopes Spec is the function specification.
err := ValidateScopes("allow/accounts/@username/*")
if err != nil {
return fmt.Errorf("scope is invalid: %w", err)
}
Example ¶
userRules := []string{"allow/blog/create|update"}
err := ValidateScopes(userRules)
if err != nil {
panic("invalid scopes or rules")
}
// save rules
Types ¶
type IsAllowedFunc ¶ added in v0.2.0
IsAllowedFunc is a type wrapper for IsAllowed that can be used as a dependency.
type ValidateScopeFunc ¶ added in v0.2.0
ValidateScopeFunc is a type wrapper for ValidateScopes that can be used as a dependency.
Source Files
Directories