Documentation
¶
Index ¶
- type CheckRequest
- type Checker
- type Client
- func (c *Client) Check(ctx context.Context, req CheckRequest) (bool, error)
- func (c *Client) DeleteTuple(ctx context.Context, user, relation, object string) error
- func (c *Client) SeedPermissions(ctx context.Context, permissions []PermissionDef) error
- func (c *Client) WriteAuthorizationModel(ctx context.Context, model openfga.WriteAuthorizationModelRequest) (string, error)
- func (c *Client) WriteTuple(ctx context.Context, user, relation, object string) error
- type Config
- type PermissionDef
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CheckRequest ¶
CheckRequest defines an authorization check.
type Checker ¶
type Checker interface {
Check(ctx context.Context, req CheckRequest) (bool, error)
}
Checker is the interface for authorization checks.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client wraps OpenFGA SDK for authorization checks.
func (*Client) DeleteTuple ¶
DeleteTuple deletes a relationship tuple from OpenFGA.
func (*Client) SeedPermissions ¶
func (c *Client) SeedPermissions(ctx context.Context, permissions []PermissionDef) error
SeedPermissions seeds role-permission tuples into OpenFGA. Idempotent: safe to call on every startup. Each action becomes a tuple: role:<role>#can_<action> → <resource>:<action>.
func (*Client) WriteAuthorizationModel ¶
func (c *Client) WriteAuthorizationModel(ctx context.Context, model openfga.WriteAuthorizationModelRequest) (string, error)
WriteAuthorizationModel writes an authorization model to OpenFGA.
type PermissionDef ¶
type PermissionDef struct {
Role string `json:"role"`
Resource string `json:"resource"`
Actions []string `json:"actions"`
}
PermissionDef defines a role-to-actions mapping for seeding.
func DefaultPermissions ¶
func DefaultPermissions(resource string) []PermissionDef
DefaultPermissions returns a sensible default set of permissions matching the CRUD entry pattern.
Click to show internal directories.
Click to hide internal directories.