rights

package

v3.24.0 Latest Latest Go to latest Published: Feb 2, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/TheThingsNetwork/lorawan-stack

Links

Open Source Insights

Documentation ¶

Overview ¶

Package rights implements rights fetching and checking.

Index ¶

Variables
func AuthInfo(ctx context.Context) (authInfo *ttnpb.AuthInfoResponse, err error)
func ListApplication(ctx context.Context, id *ttnpb.ApplicationIdentifiers) (rights *ttnpb.Rights, err error)
func ListClient(ctx context.Context, id *ttnpb.ClientIdentifiers) (rights *ttnpb.Rights, err error)
func ListGateway(ctx context.Context, id *ttnpb.GatewayIdentifiers) (rights *ttnpb.Rights, err error)
func ListOrganization(ctx context.Context, id *ttnpb.OrganizationIdentifiers) (rights *ttnpb.Rights, err error)
func ListUser(ctx context.Context, id *ttnpb.UserIdentifiers) (rights *ttnpb.Rights, err error)
func NewContext(ctx context.Context, rights *Rights) context.Context
func NewContextWithAuthInfo(ctx context.Context, authInfo *ttnpb.AuthInfoResponse) context.Context
func NewContextWithAuthInfoCache(ctx context.Context) context.Context
func NewContextWithCache(ctx context.Context) context.Context
func NewContextWithFetcher(ctx context.Context, fetcher Fetcher) context.Context
func RequireAny(ctx context.Context, ids ...*ttnpb.EntityIdentifiers) error
func RequireApplication(ctx context.Context, id *ttnpb.ApplicationIdentifiers, required ...ttnpb.Right) error
func RequireAuthentication(ctx context.Context) error
func RequireClient(ctx context.Context, id *ttnpb.ClientIdentifiers, required ...ttnpb.Right) (err error)
func RequireGateway(ctx context.Context, id *ttnpb.GatewayIdentifiers, required ...ttnpb.Right) (err error)
func RequireIsAdmin(ctx context.Context) error
func RequireOrganization(ctx context.Context, id *ttnpb.OrganizationIdentifiers, ...) (err error)
func RequireUniversal(ctx context.Context, required ...ttnpb.Right) error
func RequireUser(ctx context.Context, id *ttnpb.UserIdentifiers, required ...ttnpb.Right) (err error)
type AuthInfoFetcher
type AuthInfoFetcherFunc
- func (f AuthInfoFetcherFunc) AuthInfo(ctx context.Context) (*ttnpb.AuthInfoResponse, error)
type EntityFetcher
type EntityFetcherFunc
- func (f EntityFetcherFunc) ApplicationRights(ctx context.Context, ids *ttnpb.ApplicationIdentifiers) (*ttnpb.Rights, error)
- func (f EntityFetcherFunc) ClientRights(ctx context.Context, ids *ttnpb.ClientIdentifiers) (*ttnpb.Rights, error)
- func (f EntityFetcherFunc) GatewayRights(ctx context.Context, ids *ttnpb.GatewayIdentifiers) (*ttnpb.Rights, error)
- func (f EntityFetcherFunc) OrganizationRights(ctx context.Context, ids *ttnpb.OrganizationIdentifiers) (*ttnpb.Rights, error)
- func (f EntityFetcherFunc) UserRights(ctx context.Context, ids *ttnpb.UserIdentifiers) (*ttnpb.Rights, error)
type Fetcher
- func NewAccessFetcher(getConn func(ctx context.Context) *grpc.ClientConn, allowInsecure bool) Fetcher
- func NewInMemoryCache(fetcher Fetcher, successTTL, errorTTL time.Duration) Fetcher
type Map
- func NewMap(rights map[string]*ttnpb.Rights) *Map
- func (m *Map) GetRights(uid string) (*ttnpb.Rights, bool)
- func (m *Map) MissingRights(uid string, rights ...ttnpb.Right) []ttnpb.Right
- func (m *Map) SetRights(uid string, rights *ttnpb.Rights)
type Rights
- func (r *Rights) IncludesApplicationRights(appUID string, rights ...ttnpb.Right) bool
- func (r *Rights) IncludesClientRights(cliUID string, rights ...ttnpb.Right) bool
- func (r *Rights) IncludesGatewayRights(gtwUID string, rights ...ttnpb.Right) bool
- func (r *Rights) IncludesOrganizationRights(orgUID string, rights ...ttnpb.Right) bool
- func (r *Rights) IncludesUserRights(usrUID string, rights ...ttnpb.Right) bool
- func (r *Rights) MissingApplicationRights(appUID string, rights ...ttnpb.Right) []ttnpb.Right
- func (r *Rights) MissingClientRights(cliUID string, rights ...ttnpb.Right) []ttnpb.Right
- func (r *Rights) MissingGatewayRights(gtwUID string, rights ...ttnpb.Right) []ttnpb.Right
- func (r *Rights) MissingOrganizationRights(orgUID string, rights ...ttnpb.Right) []ttnpb.Right
- func (r *Rights) MissingUserRights(usrUID string, rights ...ttnpb.Right) []ttnpb.Right

Examples ¶

RequireApplication

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrNoUniversalRights = errors.DefinePermissionDenied(
		"no_universal_rights",
		"no universal rights",
	)
	ErrInsufficientUniversalRights = errors.DefinePermissionDenied(
		"insufficient_universal_rights",
		"insufficient universal rights",
		"missing",
	)
	ErrNoAdmin = errors.DefinePermissionDenied(
		"no_admin",
		"no admin",
	)
	ErrNoApplicationRights = errors.DefinePermissionDenied(
		"no_application_rights",
		"no rights for application `{uid}`",
	)
	ErrInsufficientApplicationRights = errors.DefinePermissionDenied(
		"insufficient_application_rights",
		"insufficient rights for application `{uid}`",
		"missing",
	)
	ErrNoClientRights = errors.DefinePermissionDenied(
		"no_client_rights",
		"no rights for client `{uid}`",
	)
	ErrInsufficientClientRights = errors.DefinePermissionDenied(
		"insufficient_client_rights",
		"insufficient rights for client `{uid}`",
		"missing",
	)
	ErrNoGatewayRights = errors.DefinePermissionDenied(
		"no_gateway_rights",
		"no rights for gateway `{uid}`",
	)
	ErrInsufficientGatewayRights = errors.DefinePermissionDenied(
		"insufficient_gateway_rights",
		"insufficient rights for gateway `{uid}`",
		"missing",
	)
	ErrNoOrganizationRights = errors.DefinePermissionDenied(
		"no_organization_rights",
		"no rights for organization `{uid}`",
	)
	ErrInsufficientOrganizationRights = errors.DefinePermissionDenied(
		"insufficient_organization_rights",
		"insufficient rights for organization `{uid}`",
		"missing",
	)
	ErrNoUserRights = errors.DefinePermissionDenied(
		"no_user_rights",
		"no rights for user `{uid}`",
	)
	ErrInsufficientUserRights = errors.DefinePermissionDenied(
		"insufficient_user_rights",
		"insufficient rights for user `{uid}`",
		"missing",
	)
)

Errors for no/insufficient rights.

Functions ¶

func AuthInfo ¶ added in v3.12.0

func AuthInfo(ctx context.Context) (authInfo *ttnpb.AuthInfoResponse, err error)

AuthInfo lists the authentication info with universal rights, whether the caller is admin and the authentication method.

func ListApplication ¶

func ListApplication(ctx context.Context, id *ttnpb.ApplicationIdentifiers) (rights *ttnpb.Rights, err error)

ListApplication lists the rights for the given application ID in the context.

func ListClient ¶

func ListClient(ctx context.Context, id *ttnpb.ClientIdentifiers) (rights *ttnpb.Rights, err error)

ListClient lists the rights for the given client ID in the context.

func ListGateway ¶

func ListGateway(ctx context.Context, id *ttnpb.GatewayIdentifiers) (rights *ttnpb.Rights, err error)

ListGateway lists the rights for the given gateway ID in the context.

func ListOrganization ¶

func ListOrganization(ctx context.Context, id *ttnpb.OrganizationIdentifiers) (rights *ttnpb.Rights, err error)

ListOrganization lists the rights for the given organization ID in the context.

func ListUser ¶

func ListUser(ctx context.Context, id *ttnpb.UserIdentifiers) (rights *ttnpb.Rights, err error)

ListUser lists the rights for the given user ID in the context.

func NewContext ¶

func NewContext(ctx context.Context, rights *Rights) context.Context

NewContext returns a derived context with the given rights.

func NewContextWithAuthInfo ¶ added in v3.12.0

func NewContextWithAuthInfo(ctx context.Context, authInfo *ttnpb.AuthInfoResponse) context.Context

NewContextWithAuthInfo returns a derived context with the authInfo.

func NewContextWithAuthInfoCache ¶ added in v3.12.0

func NewContextWithAuthInfoCache(ctx context.Context) context.Context

NewContextWithAuthInfoCache returns a derived context with an authentication info cache. This should only be used for request contexts.

func NewContextWithCache ¶

func NewContextWithCache(ctx context.Context) context.Context

NewContextWithCache returns a derived context with a rights cache. This should only be used for request contexts.

func NewContextWithFetcher ¶

func NewContextWithFetcher(ctx context.Context, fetcher Fetcher) context.Context

NewContextWithFetcher returns a new context with the given rights fetcher.

func RequireAny ¶

func RequireAny(ctx context.Context, ids ...*ttnpb.EntityIdentifiers) error

RequireAny checks that context contains any rights for each of the given entity identifiers.

func RequireApplication ¶

func RequireApplication(ctx context.Context, id *ttnpb.ApplicationIdentifiers, required ...ttnpb.Right) error

RequireApplication checks that context contains the required rights for the given application ID.

Example ¶

package main

import (
	"context"

	"go.thethings.network/lorawan-stack/v3/pkg/auth/rights"
	"go.thethings.network/lorawan-stack/v3/pkg/ttnpb"
)

func main() {
	var ( // Assume these come from a hypothetical Set RPC call.
		ctx context.Context
		dev ttnpb.EndDevice
	)

	if err := rights.RequireApplication(ctx, dev.Ids.ApplicationIds, ttnpb.Right_RIGHT_APPLICATION_DEVICES_WRITE); err != nil {
		// return nil, err
	}
}

Output:

func RequireAuthentication ¶ added in v3.21.0

func RequireAuthentication(ctx context.Context) error

RequireAuthentication confirms if the authentication information within a context contains any rights, if so, the request is considered to be authenticated.

func RequireClient ¶

func RequireClient(ctx context.Context, id *ttnpb.ClientIdentifiers, required ...ttnpb.Right) (err error)

RequireClient checks that context contains the required rights for the given client ID.

func RequireGateway ¶

func RequireGateway(ctx context.Context, id *ttnpb.GatewayIdentifiers, required ...ttnpb.Right) (err error)

RequireGateway checks that context contains the required rights for the given gateway ID.

func RequireIsAdmin ¶ added in v3.12.0

func RequireIsAdmin(ctx context.Context) error

RequireIsAdmin checks that the context is authenticated as admin.

func RequireOrganization ¶

func RequireOrganization(ctx context.Context, id *ttnpb.OrganizationIdentifiers, required ...ttnpb.Right) (err error)

RequireOrganization checks that context contains the required rights for the given organization ID.

func RequireUniversal ¶ added in v3.12.0

func RequireUniversal(ctx context.Context, required ...ttnpb.Right) error

RequireUniversal checks that the context contains the required universal rights.

func RequireUser ¶

func RequireUser(ctx context.Context, id *ttnpb.UserIdentifiers, required ...ttnpb.Right) (err error)

RequireUser checks that context contains the required rights for the given user ID.

Types ¶

type AuthInfoFetcher ¶ added in v3.12.0

type AuthInfoFetcher interface {
	AuthInfo(context.Context) (*ttnpb.AuthInfoResponse, error)
}

AuthInfoFetcher provides an interface for fetching authentication info.

type AuthInfoFetcherFunc ¶ added in v3.12.0

type AuthInfoFetcherFunc func(ctx context.Context) (*ttnpb.AuthInfoResponse, error)

AuthInfoFetcherFunc is a function thaty implements the AuthInfoFetcher interface.

func (AuthInfoFetcherFunc) AuthInfo ¶ added in v3.12.0

func (f AuthInfoFetcherFunc) AuthInfo(ctx context.Context) (*ttnpb.AuthInfoResponse, error)

AuthInfo implements the Fetcher interface.

type EntityFetcher ¶ added in v3.12.0

type EntityFetcher interface {
	ApplicationRights(context.Context, *ttnpb.ApplicationIdentifiers) (*ttnpb.Rights, error)
	ClientRights(context.Context, *ttnpb.ClientIdentifiers) (*ttnpb.Rights, error)
	GatewayRights(context.Context, *ttnpb.GatewayIdentifiers) (*ttnpb.Rights, error)
	OrganizationRights(context.Context, *ttnpb.OrganizationIdentifiers) (*ttnpb.Rights, error)
	UserRights(context.Context, *ttnpb.UserIdentifiers) (*ttnpb.Rights, error)
}

EntityFetcher provides an interface for fetching entity rights.

type EntityFetcherFunc ¶ added in v3.12.0

type EntityFetcherFunc func(ctx context.Context, ids *ttnpb.EntityIdentifiers) (*ttnpb.Rights, error)

EntityFetcherFunc is a function that implements the EntityFetcher interface.

A EntityFetcherFunc that returns all Application rights for any Application, would look like this:

fetcher := rights.EntityFetcherFunc(func(ctx context.Context, ids *ttnpb.EntityIdentifiers) (*ttnpb.Rights, error) {
	rights := ttnpb.AllApplicationRights // Instead this usually comes from an identity server or a database.
	return &rights, nil
})

func (EntityFetcherFunc) ApplicationRights ¶ added in v3.12.0

func (f EntityFetcherFunc) ApplicationRights(ctx context.Context, ids *ttnpb.ApplicationIdentifiers) (*ttnpb.Rights, error)

ApplicationRights implements the Fetcher interface.

func (EntityFetcherFunc) ClientRights ¶ added in v3.12.0

func (f EntityFetcherFunc) ClientRights(ctx context.Context, ids *ttnpb.ClientIdentifiers) (*ttnpb.Rights, error)

ClientRights implements the Fetcher interface.

func (EntityFetcherFunc) GatewayRights ¶ added in v3.12.0

func (f EntityFetcherFunc) GatewayRights(ctx context.Context, ids *ttnpb.GatewayIdentifiers) (*ttnpb.Rights, error)

GatewayRights implements the Fetcher interface.

func (EntityFetcherFunc) OrganizationRights ¶ added in v3.12.0

func (f EntityFetcherFunc) OrganizationRights(ctx context.Context, ids *ttnpb.OrganizationIdentifiers) (*ttnpb.Rights, error)

OrganizationRights implements the Fetcher interface.

func (EntityFetcherFunc) UserRights ¶ added in v3.12.0

func (f EntityFetcherFunc) UserRights(ctx context.Context, ids *ttnpb.UserIdentifiers) (*ttnpb.Rights, error)

UserRights implements the Fetcher interface.

type Fetcher ¶

type Fetcher interface {
	EntityFetcher
	AuthInfoFetcher
}

Fetcher provides an interface for rights fetching.

func NewAccessFetcher ¶

func NewAccessFetcher(getConn func(ctx context.Context) *grpc.ClientConn, allowInsecure bool) Fetcher

NewAccessFetcher returns a new rights fetcher that fetches from the Access role returned by getConn. The allowInsecure argument indicates whether it's allowed to send credentials over connections without TLS.

func NewInMemoryCache ¶

func NewInMemoryCache(fetcher Fetcher, successTTL, errorTTL time.Duration) Fetcher

NewInMemoryCache returns a new in-memory cache on top of the given fetcher. Successful responses are valid for the duration of successTTL, unsuccessful responses are valid for the duration of errorTTL.

type Map ¶ added in v3.23.0

type Map struct {
	// contains filtered or unexported fields
}

Map stores rights for a given ID.

func NewMap ¶ added in v3.23.0

func NewMap(rights map[string]*ttnpb.Rights) *Map

NewMap returns a pointer to a new Map.

func (*Map) GetRights ¶ added in v3.23.0

func (m *Map) GetRights(uid string) (*ttnpb.Rights, bool)

GetRights returns the rights stored in the map for a given UID, or nil if no value is present. The ok result indicates whether value was found in the map.

func (*Map) MissingRights ¶ added in v3.23.0

func (m *Map) MissingRights(uid string, rights ...ttnpb.Right) []ttnpb.Right

MissingRights returns the rights that are missing for the given RightsMap.

func (*Map) SetRights ¶ added in v3.23.0

func (m *Map) SetRights(uid string, rights *ttnpb.Rights)

SetRights sets the rights for the given UID.

type Rights ¶

type Rights struct {
	ApplicationRights  Map
	ClientRights       Map
	GatewayRights      Map
	OrganizationRights Map
	UserRights         Map
}

Rights for the request.

func (*Rights) IncludesApplicationRights ¶

func (r *Rights) IncludesApplicationRights(appUID string, rights ...ttnpb.Right) bool

IncludesApplicationRights returns whether the given rights are included for the given application.

func (*Rights) IncludesClientRights ¶

func (r *Rights) IncludesClientRights(cliUID string, rights ...ttnpb.Right) bool

IncludesClientRights returns whether the given rights are included for the given client.

func (*Rights) IncludesGatewayRights ¶

func (r *Rights) IncludesGatewayRights(gtwUID string, rights ...ttnpb.Right) bool

IncludesGatewayRights returns whether the given rights are included for the given gateway.

func (*Rights) IncludesOrganizationRights ¶

func (r *Rights) IncludesOrganizationRights(orgUID string, rights ...ttnpb.Right) bool

IncludesOrganizationRights returns whether the given rights are included for the given organization.

func (*Rights) IncludesUserRights ¶

func (r *Rights) IncludesUserRights(usrUID string, rights ...ttnpb.Right) bool

IncludesUserRights returns whether the given rights are included for the given user.

func (*Rights) MissingApplicationRights ¶

func (r *Rights) MissingApplicationRights(appUID string, rights ...ttnpb.Right) []ttnpb.Right

MissingApplicationRights returns the rights that are missing for the given application.

func (*Rights) MissingClientRights ¶

func (r *Rights) MissingClientRights(cliUID string, rights ...ttnpb.Right) []ttnpb.Right

MissingClientRights returns the rights that are missing for the given client.

func (*Rights) MissingGatewayRights ¶

func (r *Rights) MissingGatewayRights(gtwUID string, rights ...ttnpb.Right) []ttnpb.Right

MissingGatewayRights returns the rights that are missing for the given gateway.

func (*Rights) MissingOrganizationRights ¶

func (r *Rights) MissingOrganizationRights(orgUID string, rights ...ttnpb.Right) []ttnpb.Right

MissingOrganizationRights returns the rights that are missing for the given organization.

func (*Rights) MissingUserRights ¶

func (r *Rights) MissingUserRights(usrUID string, rights ...ttnpb.Right) []ttnpb.Right

MissingUserRights returns the rights that are missing for the given user.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
rightsutil

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL