Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrFieldIncomplete = errors.New("incomplete fields") ErrEmptyStructure = errors.New("empty structure") )
define a set of errors
Functions ¶
This section is empty.
Types ¶
type Permission ¶
type Permission struct { // AuthorizedRoles defines roles that allow access to specified resource // Accepted type: non-empty string, * // *: means any role, but visitors should have at least one role, // non-empty string: specified role AuthorizedRoles []string `json:"authorized_roles" yaml:"authorized_roles"` // ForbiddenRoles defines roles that not allow access to specified resource // ForbiddenRoles has a higher priority than AuthorizedRoles // Accepted type: non-empty string, * // *: means any role, but visitors should have at least one role, // non-empty string: specified role // ForbiddenRoles []string `json:"forbidden_roles" yaml:"forbidden_roles"` // AllowAnyone has a higher priority than ForbiddenRoles/AuthorizedRoles // If set to true, anyone will be able to pass authentication. // Note that this will include people without any role. AllowAnyone bool `json:"allow_anyone" yaml:"allow_anyone"` }
Permission is used to define permission control information
func (*Permission) IsGranted ¶
func (p *Permission) IsGranted(roles []string) (PermissionState, error)
IsGranted is used to determine whether the given role can pass the authentication of *Permission.
func (*Permission) IsValid ¶
func (p *Permission) IsValid() error
IsValid is used to test the validity of the Rule
type PermissionState ¶
type PermissionState uint8
PermissionState identifies the status of the permission
const ( // PermissionUnknown is an initial state, usually specified when an error occurs PermissionUnknown PermissionState = iota // PermissionGranted means permission is granted PermissionGranted // PermissionUngranted means permission is ungranted PermissionUngranted // PermissionNeglected means could not find the matching rule in the list of rules PermissionNeglected )
func (PermissionState) IsGranted ¶
func (state PermissionState) IsGranted() bool
IsGranted is used to determine whether the current request is granted in a strict sense. Note that it only returns true when state equals PermissionGranted Because we recommend that you configure permissions for all possible requests to prevent forgetting to configure some addresses * If you want it to return true when PermissionNeglected as well, you should use IsLooselyGranted
func (PermissionState) IsLooselyGranted ¶
func (state PermissionState) IsLooselyGranted() bool
IsLooselyGranted is used to determine whether a request is authorized in a non-strict sense It returns true when state equals PermissionGranted or PermissionNeglected * This means if you forget to configure some addresses, they may be accessed by anyone.
func (PermissionState) IsNeglected ¶
func (state PermissionState) IsNeglected() bool
IsNeglected is used to determine if the current state is equal to PermissionNeglected PermissionNeglected means could not find the matching rule in the list of rules
func (PermissionState) String ¶
func (state PermissionState) String() string
type Query ¶
type Query Resource
Query defines the data structure of the query parameters
func (*Query) GetArguments ¶
GetArguments is used to convert the current argument to a string slice
type Resource ¶
type Resource struct { // Host defines the host of the resource, allowing wildcards to be used. Host string `json:"host" yaml:"host"` // Path defines the path of the resource, allowing wildcards to be used. Path string `json:"path" yaml:"path"` // Method defines the method of the resource, allowing wildcards to be used. Method string `json:"method" yaml:"method"` }
Resource defines resources
func (*Resource) GetArguments ¶
GetArguments is used to convert the current argument to a string slice
type Rule ¶
type Rule struct { // The ID controls the priority of the rule. // The higher the ID means the higher the priority of the rule. // When a request is matched to more than one rule, // then authentication will only use the permission configuration for the rule with the highest ID value. // If there are multiple rules that are the largest ID, then one of them will be used randomly. ID int `json:"id" yaml:"id"` *Resource `yaml:",inline"` *Permission `yaml:",inline"` }
Rule is used to define the relationship between "resource" and "permission"
type Rules ¶
type Rules []*Rule
Rules is the list of Rule
func (Rules) IsRolesGranted ¶
func (rules Rules) IsRolesGranted(roles []string) (PermissionState, error)
IsRolesGranted is used to determine whether the current role is admitted by the current rule.