can

package
v1.5.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 11, 2017 License: MIT Imports: 3 Imported by: 34

Documentation

Overview

Package can implements basic role-based permissions for golang - controlling who can.Do certain actions for a given database table.

Index

Constants

View Source 
const (
	ManageResource = iota
	ListResource   // Does not check ownership
	CreateResource // Does not check ownership
	ShowResource
	UpdateResource
	DestroyResource
)

Verbs used to authorise actions on resources. Manages allows any action on a resource, and all verbs after Creates check ownership of the resource with OwnedBy().

View Source 
const (
	Anything = "*" // Allow actions on any resource
)

Resource identifier used to short-circuit checks on resource identity in conjuction with ManageResource

Variables

This section is empty.

Functions

func Authorise 

func Authorise(role int64, v Verb, id string)

Authorise adds this ability to the list of abilities for this role. Usage: can.Authorise(role.Admin, can.ManageResource, "pages")

func AuthoriseOwner 

func AuthoriseOwner(role int64, v Verb, id string)

AuthoriseOwner adds this ability to the list of abilities for this role for resources owned by this user. Usage: can.AuthoriseOwner(role.Reader, can.ShowResource, "pages")

func Create 

func Create(r Resource, u User) error

Create returns an error if this action is not authorised for this user

func Destroy 

func Destroy(r Resource, u User) error

Destroy returns an error if this action is not authorised for this user

func Do 

func Do(v Verb, r Resource, u User) error

Do returns an error if this action is not allowed, or nil if it is allowed

func List 

func List(r Resource, u User) error

List returns an error if this action is not authorised for this user

func Manage 

func Manage(r Resource, u User) error

Manage returns an error if all actions are not authorised for this user

func Show 

func Show(r Resource, u User) error

Show returns an error if this action is not authorised for this user

func Update 

func Update(r Resource, u User) error

Update returns an error if this action is not authorised for this user

Types

type Ability 

type Ability struct {
	// contains filtered or unexported fields
}

Ability represents an authorisation for an action for a given role

func (*Ability) Allow 

func (a *Ability) Allow(v Verb, r Resource, u User) error

Allow returns an error if the action is not allowed, or nil if it is

func (*Ability) CheckOwner 

func (a *Ability) CheckOwner() bool

CheckOwner returns true if this ability should check ownership

func (*Ability) String 

func (a *Ability) String() string

String returns a string description of this ability.

type Resource 

type Resource interface {
	OwnedBy(int64) bool // for ownership check, passed a UserID
	ResourceID() string // for check against abilities registered on this resource
}

Resource defines the interface for resources

type User 

type User interface {
	RoleID() int64 // for role check
	UserID() int64 // for ownership check
}

User defines the interface for users which must have numeric roles

type Verb 

type Verb int

Verb represents the action taken on resources

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.