resources

package
v2.2.0-rc1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 3, 2020 License: AGPL-3.0 Imports: 13 Imported by: 80

Documentation

Overview

Package resources provides extendable service Handler for managing resource-policy based data.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type PoliciesCleaner

type PoliciesCleaner struct {
	Dao     dao.DAO
	Options PoliciesCleanerOptions
	LogCtx  context.Context
}

func (*PoliciesCleaner) Handle

func (c *PoliciesCleaner) Handle(ctx context.Context, msg *idm.ChangeEvent) error

Clean resources in the current DAO based on the delete events

type PoliciesCleanerOptions

type PoliciesCleanerOptions struct {
	SubscribeRoles bool
	SubscribeUsers bool
}

type PoliciesLoaderFunc

type PoliciesLoaderFunc func(ctx context.Context, resourceId string, resourceClient interface{}) (policies []*service.ResourcePolicy, e error)

Signature for a function that can load policies from a given resource

type ResourceProviderHandler

type ResourceProviderHandler struct {
	ResourceName   string
	ServiceName    string
	PoliciesLoader PoliciesLoaderFunc
}

"Abstract" class that can be implemented by REST handlers to add Policies checking capabilities

func (*ResourceProviderHandler) IsAllowed

func (r *ResourceProviderHandler) IsAllowed(ctx context.Context, resourceId string, action service.ResourcePolicyAction, resourceClient interface{}) (err error)

IsAllowed matches a resourceId against a policy Action It uses the PoliciesLoader function to first grab the policies associated to this resource, then use an in-memory warden to check the policies stack.

func (*ResourceProviderHandler) IsContextEditable

func (r *ResourceProviderHandler) IsContextEditable(ctx context.Context, resourceId string, policies []*service.ResourcePolicy) bool

IsContextEditable can be used for outputting results with a flag telling wether this resource can be edited by the currently logged user

func (*ResourceProviderHandler) MatchPolicies

func (r *ResourceProviderHandler) MatchPolicies(ctx context.Context, resourceId string, policies []*service.ResourcePolicy, action service.ResourcePolicyAction, subjects ...string) bool

MatchPolicies creates an memory-based policy stack checker to check if action is allowed or denied. It uses a DenyByDefault strategy

func (*ResourceProviderHandler) RestToServiceResourcePolicy

func (r *ResourceProviderHandler) RestToServiceResourcePolicy(ctx context.Context, input *rest.ResourcePolicyQuery) (output *service.ResourcePolicyQuery, e error)

RestToServiceResourcePolicy transforms input rest.ResourcePolicy to service.ResourcePolicy that can be used internally

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL