rbac

package module

v0.1.0 Latest Latest Go to latest Published: Jun 20, 2023 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ameliaikeda/rbac

Links

Open Source Insights

Documentation ¶

Overview ¶

Package rbac is a generic library based on code generation to create a role-based access control system.

It is designed in a way that makes it simple, and includes middleware to gate requests based on context.

Index ¶

func Can(ctx context.Context, perm Permission, subjects ...any) bool
func SetDefaultRoles(roles []Role)
func User(ctx context.Context) values.User
type Permission
type Role
- func Roles(ctx context.Context) []Role
- func (r Role) Can(ctx context.Context, perm Permission, subjects ...any) bool
- func (r Role) Has(perm Permission) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Can ¶

func Can(ctx context.Context, perm Permission, subjects ...any) bool

Can uses the current context values to determine if an action can be taken.

Usage: if rbac.Can(ctx, permissions.SpecificationCreate) {}

func SetDefaultRoles ¶

func SetDefaultRoles(roles []Role)

SetDefaultRoles is something that should ideally be called from an init function. While it is concurrency-safe for read and write access, it's not advisable to change state between requests.

func User ¶

func User(ctx context.Context) values.User

Types ¶

type Permission ¶

type Permission struct {
	ID          string
	Name        string
	Description string

	// Subjects are things this permission can be applied against, such as a database ID, or a special marker.
	Subjects []string
}

Permission holds information on something a role is allowed to do, as well as any subjects within it.

func (Permission) AnyValidSubject ¶

func (p Permission) AnyValidSubject(ctx context.Context, subjects ...any) bool

AnyValidSubject is the inverse of ValidSubject, using logical OR.

func (Permission) Equals ¶

func (p Permission) Equals(cmp Permission) bool

Equals checks two permissions are the same. They can have differing subjects, but if the IDs match, they are treated the same for checks that a user has a role.

func (Permission) ValidSubject ¶

func (p Permission) ValidSubject(ctx context.Context, check any) bool

ValidSubject loops through all subjects on a Permission, returning true if any match. Special behavior is assigned to the constants subject.Wildcard and subject.Self.

- subject.Wildcard will allow any subject as if it matched. - subject.Self will use any available auth in the context to validate against a subject (user) ID.

func (Permission) ValidSubjects ¶

func (p Permission) ValidSubjects(ctx context.Context, subjects ...any) bool

ValidSubjects checks that all given subjects are valid. If you need a logical OR, see AnyValidSubject.

func (Permission) WithSubjects ¶

func (p Permission) WithSubjects(subjects []string) Permission

WithSubjects adds subjects to the current permission. Usage is e.g. permission.Create.WithSubjects([]string{"foo"})

type Role ¶

type Role struct {
	ID          string
	Name        string
	Description string
	Permissions []Permission

	// CustomMappings holds any extra data at generation time used to map this role to another system.
	CustomMappings map[string]string
}

Role is a base unit that can be assigned a group or a user, and contains a set of permissions.

- A user MAY have many roleLookup - A user MAY have many groups - A group MAY have many roleLookup

A user's roleLookup are usually determined as a flattened set of all group roleLookup, plus all direct user roleLookup. The method of obtaining a user's roleLookup is left up to the implementer or middleware.

Roles are considered equal if the ID value matches, but a role with an empty ID will never match another role.

func Roles ¶

func Roles(ctx context.Context) []Role

Roles returns a list of roleLookup in the current context. The roleLookup must have been set up globally.

func (Role) Can ¶

func (r Role) Can(ctx context.Context, perm Permission, subjects ...any) bool

Can checks if a role has a specific permission. If a subject is passed, they are verified via logical AND.

func (Role) Has ¶

func (r Role) Has(perm Permission) bool

Has checks if a role has a specific permission, regardless of subjects.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
rbac
generator
core
mapping
yaml
middleware
http Package http sets up various middleware methods for HTTP requests, and includes options to set defaults.	Package http sets up various middleware methods for HTTP requests, and includes options to set defaults.
subject Package subject declares methods and constants for checking a permission's subjects.	Package subject declares methods and constants for checking a permission's subjects.
values

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL