security

package

v0.0.0-...-a757527 Latest Latest Go to latest Published: Apr 12, 2020 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/andrewstucki/web-app-tools

Links

Open Source Insights

README ¶

Security

This folder contains some simple RBAC helpers

Documentation ¶

Index ¶

Constants
func AddUserToNamespace(ctx context.Context, role Role, id, user uuid.UUID) error
func Register(roles ...Role)
func RegisterManager(namespaceManager NamespaceManager)
func RemoveUserFromNamespace(ctx context.Context, id, user uuid.UUID) error
func SetRole(ctx context.Context, role Role, user uuid.UUID) error
func UnsetRole(ctx context.Context, user uuid.UUID) error
type Action
- func (a Action) String() string
type Evaluator
- func WithNamespaceAndUser(namespace, user uuid.UUID) *Evaluator
- func WithUser(user uuid.UUID) *Evaluator
- func (e *Evaluator) Can(ctx context.Context, action Action, resource Resource) (bool, error)
- func (e *Evaluator) Policies(ctx context.Context) ([]Policy, error)
type NamespaceManager
type NamespaceRole
type Policy
- func (p Policy) String() string
type Resource
- func (r Resource) String() string
- func (r Resource) Sub(resources ...Resource) Resource
type Role

Constants ¶

View Source

const (
	// ActionAll matches any action
	ActionAll = Action("*")

	// ActionCreate should be used for creation actions
	ActionCreate = Action("create")
	// ActionRead should be used for reading actions
	ActionRead = Action("read")
	// ActionUpdate should be used for updating actions
	ActionUpdate = Action("update")
	// ActionDelete should be used for deletion actions
	ActionDelete = Action("delete")
	// ActionList should be used for listing actions
	ActionList = Action("list")

	// ResourceAll matches any resource
	ResourceAll = Resource("*")
)

Variables ¶

This section is empty.

Functions ¶

func AddUserToNamespace ¶

func AddUserToNamespace(ctx context.Context, role Role, id, user uuid.UUID) error

AddUserToNamespace sets the role of a user in the given namespace

func Register ¶

func Register(roles ...Role)

Register adds roles to the internal role manager

func RegisterManager ¶

func RegisterManager(namespaceManager NamespaceManager)

RegisterManager sets the global namespace manager

func RemoveUserFromNamespace ¶

func RemoveUserFromNamespace(ctx context.Context, id, user uuid.UUID) error

RemoveUserFromNamespace removes the role of a user in the given namespace

func SetRole ¶

func SetRole(ctx context.Context, role Role, user uuid.UUID) error

SetRole sets the role of a user in the global namespace

func UnsetRole ¶

func UnsetRole(ctx context.Context, user uuid.UUID) error

UnsetRole removes the role of a user in the global namespace

Types ¶

type Action ¶

type Action string

Action represents what the user is trying to do

func (Action) String ¶

func (a Action) String() string

String returns the representation of an action as a string

type Evaluator ¶

type Evaluator struct {
	// contains filtered or unexported fields
}

Evaluator implements a permissions evaluation engine

func WithNamespaceAndUser ¶

func WithNamespaceAndUser(namespace, user uuid.UUID) *Evaluator

WithNamespaceAndUser initializes a policy evaluation engine for the given namespace

func WithUser ¶

func WithUser(user uuid.UUID) *Evaluator

WithUser initializes a policy evaluation engine for the global namespace

func (*Evaluator) Can ¶

func (e *Evaluator) Can(ctx context.Context, action Action, resource Resource) (bool, error)

Can evaluates whether or not a user has permission to do something

func (*Evaluator) Policies ¶

func (e *Evaluator) Policies(ctx context.Context) ([]Policy, error)

Policies returns policies for the user

type NamespaceManager ¶

type NamespaceManager interface {
	// AddUserToNamespace sets the role of a user in the given namespace
	AddUserToNamespace(ctx context.Context, role Role, id, user uuid.UUID) error
	// RemoveUserFromNamespace removes the role of a user in the given namespace
	RemoveUserFromNamespace(ctx context.Context, id, user uuid.UUID) error
	// RolesFor is used in gathering all of the roles for both the global and given namespace for
	// a given user
	RolesFor(ctx context.Context, globalNamespace, namespace, user uuid.UUID) ([]NamespaceRole, error)
}

NamespaceManager is the main storage interface for storing roles based off of namespaces (including the global namespace)

type NamespaceRole ¶

type NamespaceRole interface {
	// Namespace is the uuid of the namespace the role is associated with
	Namespace() uuid.UUID
	// Name is the name of the role initially registered with the global manager
	Name() string
}

NamespaceRole is a storage interface that each manager should implement

type Policy ¶

type Policy struct {
	Resource `json:"resource"`
	Action   `json:"action"`
}

Policy associates a resource with an action

func (Policy) String ¶

func (p Policy) String() string

String returns the representation of a policy as a string

type Resource ¶

type Resource string

Resource represents what is trying to be accessed

func (Resource) String ¶

func (r Resource) String() string

String returns the representation of a resource as a string

func (Resource) Sub ¶

func (r Resource) Sub(resources ...Resource) Resource

Sub return a sub resource of the given resource

type Role ¶

type Role struct {
	Name     string
	Policies []Policy
}

Role is an association of a name and a set of policies

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
memory
testing

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL