acl

package module
Version: v0.0.0-...-d10489e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 25, 2016 License: BSD-2-Clause Imports: 4 Imported by: 35

README

postgresql-acl

acl Library

acl parses PostgreSQL's ACL syntax and returns a usable structure. Library documentation is available at https://godoc.org/github.com/sean-/postgresql-acl.

package main

import (
	"fmt"

	"github.com/sean-/postgresql-acl"
)

func structToString() acl.ACL {
	return acl.ACL{
		Role:         "foo",
		GrantedBy:    "bar",
		Privileges:   acl.Usage | acl.Create,
		GrantOptions: acl.Create,
	}
}

func stringToStruct() acl.Schema {
	// Parse an aclitem string
	aclitem, err := acl.Parse("foo=C*U/bar")
	if err != nil {
		panic(fmt.Sprintf("bad: %v", err))
	}

	// Verify that ACL permissions are appropriate for a schema type
	schema, err := acl.NewSchema(aclitem)
	if err != nil {
		panic(fmt.Sprintf("bad: %v", err))
	}

	return schema
}

func main() {
	fmt.Printf("ACL Struct to String: %+q\n", structToString().String())
	fmt.Printf("ACL String to Struct: %#v\n", stringToStruct().String())
}
ACL Struct to String: "foo=UC*/bar"
ACL String to Struct: "foo=UC*/bar"

Supported PostgreSQL aclitem Types

  • column permissions
  • database
  • domain
  • foreign data wrappers
  • foreign server
  • function
  • language
  • large object
  • schema
  • sequences
  • table
  • table space
  • type

Notes

The output from String() should match the ordering of characters in aclitem.

The target of each of these ACLs (e.g. schema name, table name, etc) is not contained within PostgreSQLs aclitem and it is expected this value is managed elsewhere in your object model.

Arrays of aclitem are supposed to be iterated over by the caller. For example:

const schema = "public"
var name, owner string
var acls []string
err := conn.QueryRow("SELECT n.nspname, pg_catalog.pg_get_userbyid(n.nspowner), COALESCE(n.nspacl, '{}'::aclitem[])::TEXT[] FROM pg_catalog.pg_namespace n WHERE n.nspname = $1", schema).Scan(&name, &owner, pq.Array(&acls))
if err == nil {
    for _, acl := range acls {
        acl, err = pgacl.NewSchema(acl)
        if err != nil {
            return err
        }
        // ...
    }
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ACL

type ACL struct {
	Privileges   Privileges
	GrantOptions Privileges
	Role         string
	GrantedBy    string
}

ACL represents a single PostgreSQL `aclitem` entry.

func Parse

func Parse(aclStr string) (ACL, error)

Parse parses a PostgreSQL aclitem string and returns an ACL

func (ACL) GetGrantOption

func (a ACL) GetGrantOption(priv Privileges) bool

GetGrantOption returns true if the acl has the grant option set for the specified priviledge.

func (ACL) GetPrivilege

func (a ACL) GetPrivilege(priv Privileges) bool

GetPriviledge returns true if the acl has the specified priviledge set.

func (ACL) String

func (a ACL) String() string

String produces a PostgreSQL aclitem-compatible string

type Column

type Column struct {
	ACL
}

Column models the privileges of a column aclitem

func NewColumn

func NewColumn(acl ACL) (Column, error)

NewColumn parses an ACL object and returns a Column object.

type Database

type Database struct {
	ACL
}

Database models the privileges of a database aclitem

func NewDatabase

func NewDatabase(acl ACL) (Database, error)

NewDatabase parses an ACL object and returns a Database object.

type Domain

type Domain struct {
	ACL
}

Domain models the privileges of a domain aclitem

func NewDomain

func NewDomain(acl ACL) (Domain, error)

NewDomain parses an ACL object and returns a Domain object.

type ForeignDataWrapper

type ForeignDataWrapper struct {
	ACL
}

ForeignDataWrapper models the privileges of a domain aclitem

func NewForeignDataWrapper

func NewForeignDataWrapper(acl ACL) (ForeignDataWrapper, error)

NewForeignDataWrapper parses an ACL object and returns a ForeignDataWrapper object.

type ForeignServer

type ForeignServer struct {
	ACL
}

ForeignServer models the privileges of a foreign server aclitem

func NewForeignServer

func NewForeignServer(acl ACL) (ForeignServer, error)

NewForeignServer parses an ACL object and returns a ForeignServer object.

type Function

type Function struct {
	ACL
}

Function models the privileges of a function aclitem

func NewFunction

func NewFunction(acl ACL) (Function, error)

NewFunction parses an ACL object and returns a Function object.

type Language

type Language struct {
	ACL
}

Language models the privileges of a language aclitem

func NewLanguage

func NewLanguage(acl ACL) (Language, error)

NewLanguage parses an ACL object and returns a Language object.

type LargeObject

type LargeObject struct {
	ACL
}

LargeObject models the privileges of a large object aclitem

func NewLargeObject

func NewLargeObject(acl ACL) (LargeObject, error)

NewLargeObject parses an ACL object and returns a LargeObject object.

type Privileges

type Privileges uint16

Privileges represents a PostgreSQL ACL bitmask

const (
	NoPrivs Privileges = 0

	// Ordering taken from postgresql/src/include/nodes/parsenodes.h
	Insert Privileges = 1 << iota
	Select
	Update
	Delete
	Truncate
	References
	Trigger
	Execute
	Usage
	Create
	Temporary
	Connect
)

See postgresql/src/include/utils/acl.h for inspiration. Like PostgreSQL, "rights" refer to the combined grant option and privilege bits fields.

type Schema

type Schema struct {
	ACL
}

Schema models the privileges of a schema aclitem

func NewSchema

func NewSchema(acl ACL) (Schema, error)

NewSchema parses an ACL object and returns a Schema object.

func (Schema) Grants

func (s Schema) Grants(target string) []string

Grants returns a list of SQL queries that constitute the privileges specified in the receiver for the target schema.

func (Schema) Merge

func (s Schema) Merge(x Schema) Schema

Merge adds the argument's attributes to the receiver for values that are composable or not set and returns a new Schema object with the resulting values. Be careful with the role "" which is implicitly interpreted as the PUBLIC role.

func (Schema) Revokes

func (s Schema) Revokes(target string) []string

Revokes returns a list of SQL queries that remove the privileges specified in the receiver from the target schema.

type Sequence

type Sequence struct {
	ACL
}

Sequence models the privileges of a sequence aclitem

func NewSequence

func NewSequence(acl ACL) (Sequence, error)

NewSequence parses a PostgreSQL ACL string for a sequence and returns a Sequence object

type Table

type Table struct {
	ACL
}

Table models the privileges of a table aclitem

func NewTable

func NewTable(acl ACL) (Table, error)

NewTable parses a PostgreSQL ACL string for a table and returns a Table object

type Tablespace

type Tablespace struct {
	ACL
}

Tablespace models the privileges of a tablespace aclitem

func NewTablespace

func NewTablespace(acl ACL) (Tablespace, error)

NewTablespace parses an ACL object and returns a Tablespace object.

type Type

type Type struct {
	ACL
}

Type models the privileges of a type aclitem

func NewType

func NewType(acl ACL) (Type, error)

NewType parses an ACL object and returns a Type object.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL