authorization

package

v0.0.2 Latest Latest Go to latest Published: Sep 2, 2021 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/savannahghi/onboarding

Links

Open Source Insights

README ¶

Documentation

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. Here the meanings are:

subject: the logged-in user name
object: the URL path for the web resource like "dataset1/item1"
action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

The request_definition is how we interact with Casbin. We define our authorization requests to be in the format we want e.g user_id, feature, action (with action being either edit or view

[request_definition] r = user_id, feature, action

The policy_definition is how we store permissions. In Casbin’s terminology, “policy” is equivalent to our concept of a “permission.” We define our policies to be stored in the format user_id, feature, action, mirroring how we send requests to Casbin to verify permissions. [policy_definition] p = user_id, feature, action

The role_definition in this case is used to create the feature hierarchy. The first _ indicates the parent feature and the second _ indicates the child feature. This is a little opaque, but functionally this block defines a “grouping policy” in the format g(a, b) where we can basically store and verify the relationship between a pair of strings (which in our case are parent and child features names). [role_definition] g = _, _

The policy_effect defines what action is taken if a request is matched according to the matcher in the configuration(which we’ll take a look at later). In this block, we’re basically saying that if some policy is matched, the effect is allow. [policy_effect] e = some(where (p.eft == allow))

matchers defines the boolean expression needed to satisfy an authorization request with existing policies.

Documentation ¶

Index ¶

func CheckAuthorization(subject string, permission dto.PermissionInput) (bool, error)
func CheckPemissions(subject string, input dto.PermissionInput) (bool, error)
func IsAuthorized(user *dto.UserInfo, permission dto.PermissionInput) (bool, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckAuthorization ¶

func CheckAuthorization(subject string, permission dto.PermissionInput) (bool, error)

CheckAuthorization is used to check the user permissions

func CheckPemissions ¶

func CheckPemissions(subject string, input dto.PermissionInput) (bool, error)

CheckPemissions is used to check whether the permissions of a subject are set

func IsAuthorized ¶

func IsAuthorized(user *dto.UserInfo, permission dto.PermissionInput) (bool, error)

IsAuthorized checks if the subject identified by their email has permission to access the specified resource currently only known internal anonymous users and external API Integrations emails are checked, internal and default logged in users have access by default. for subjects identified by their phone number normalize the phone and omit the first (+) character

Types ¶

This section is empty.

Source Files ¶

View all Source files

auth.go

Directories ¶

Path	Synopsis
permission

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL