openfga

package
v0.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 7, 2026 License: MIT Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CheckRequest

type CheckRequest struct {
	User     string
	Relation string
	Object   string
}

CheckRequest defines an authorization check.

type Checker

type Checker interface {
	Check(ctx context.Context, req CheckRequest) (bool, error)
}

Checker is the interface for authorization checks.

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client wraps OpenFGA SDK for authorization checks.

func NewClient

func NewClient(cfg Config) (*Client, error)

NewClient creates an OpenFGA client.

func (*Client) Check

func (c *Client) Check(ctx context.Context, req CheckRequest) (bool, error)

Check performs an authorization check against OpenFGA.

func (*Client) DeleteTuple

func (c *Client) DeleteTuple(ctx context.Context, user, relation, object string) error

DeleteTuple deletes a relationship tuple from OpenFGA.

func (*Client) SeedPermissions

func (c *Client) SeedPermissions(ctx context.Context, permissions []PermissionDef) error

SeedPermissions seeds role-permission tuples into OpenFGA. Idempotent: safe to call on every startup. Each action becomes a tuple: role:<role>#can_<action> → <resource>:<action>.

func (*Client) WriteAuthorizationModel

func (c *Client) WriteAuthorizationModel(ctx context.Context, model openfga.WriteAuthorizationModelRequest) (string, error)

WriteAuthorizationModel writes an authorization model to OpenFGA.

func (*Client) WriteTuple

func (c *Client) WriteTuple(ctx context.Context, user, relation, object string) error

WriteTuple writes a relationship tuple to OpenFGA.

type Config

type Config struct {
	APIURL  string
	StoreID string
}

Config holds OpenFGA connection settings.

type PermissionDef

type PermissionDef struct {
	Role     string   `json:"role"`
	Resource string   `json:"resource"`
	Actions  []string `json:"actions"`
}

PermissionDef defines a role-to-actions mapping for seeding.

func DefaultPermissions

func DefaultPermissions(resource string) []PermissionDef

DefaultPermissions returns a sensible default set of permissions matching the CRUD entry pattern.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL