users

package
v4.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 10, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	AutoLoadPolicySeconds int `env:"USER_ACCESSOR_AUTOLOAD_SECONDS" envDefault:"10"`
	// contains filtered or unexported fields
}

Config has the configuration for the users service.

type Service

type Service interface {
	// UserFromJWT returns the User associated to the http request's JWT token.
	// This function can return ErrorAuthJWTInvalid if the token cannot be
	// read, or ErrorAuthNoUser no user with such identity exists in the DB.
	UserFromJWT(r *http.Request) (*users.User, bool, *gz.ErrMsg)
	// VerifyOwner checks if the 'owner' arg is an organization or a user. If the
	// 'owner' is an organization, it verifies that the given 'user' arg has the expected
	// permission in the organization. If the 'owner' is a user, it verifies that the
	// 'user' arg is the same as the owner.
	// Dev note: this is an alternative implementation of ign-fuelserver UserService's VerifyOwner.
	VerifyOwner(owner, user string, p per.Action) (bool, *gz.ErrMsg)
	// CanPerformWithRole checks if the 'owner' arg is an organization or a
	// user. If the 'owner' is an organization, it verifies that the given 'user' arg
	// is authorized to act as the given Role (or above) in the organization.
	// If the 'owner' is a user, it verifies that the 'user' arg is the same as
	// the owner.
	// As a third alternative, if 'owner' is nil then it checks if the 'user' is part
	// of the System Admins.
	CanPerformWithRole(owner *string, user string, role per.Role) (bool, *gz.ErrMsg)
	// QueryForResourceVisibility checks the relationship between requestor (user)
	// and the resource owner to formulate a database query to determine whether a
	// resource is visible to the user
	QueryForResourceVisibility(q *gorm.DB, owner *string, user *users.User) *gorm.DB
	// IsAuthorizedForResource checks if user has the permission to perform an action on a
	// resource.
	IsAuthorizedForResource(user, resource string, action per.Action) (bool, *gz.ErrMsg)
	// AddResourcePermission adds a user (or group) permission on a resource
	AddResourcePermission(user, resource string, action per.Action) (bool, *gz.ErrMsg)
	// AddScore creates a score entry for a simulation.
	AddScore(groupID *string, competition *string, circuit *string, owner *string, score *float64,
		sources *string) *gz.ErrMsg
	// IsSystemAdmin returns a bool indicating if the given user is a system admin.
	IsSystemAdmin(user string) bool
	// GetUserFromUsername returns the user database entry from the username
	GetUserFromUsername(username string) (*users.User, *gz.ErrMsg)
	// GetOrganization gets a user's organization database entry from the username
	GetOrganization(username string) (*users.Organization, *gz.ErrMsg)
	StartAutoLoadPolicy()
}

Service is used by the cloudsim server to remotely get Users and their membership to Organizations.

func NewService

func NewService(resourcePermissions *per.Permissions, db *gorm.DB, sysAdmin string) (Service, error)

NewService initializes a new Service.

type UserAccessorDataMock

type UserAccessorDataMock struct {
	// contains filtered or unexported fields
}

UserAccessorDataMock allows us to configure the Service with mock data used in tests.

func NewUserAccessorDataMock

func NewUserAccessorDataMock(ctx context.Context, ua Service, sysadminIdentiy, application string) *UserAccessorDataMock

NewUserAccessorDataMock ...

func (*UserAccessorDataMock) ReloadEverything

func (m *UserAccessorDataMock) ReloadEverything(ctx context.Context) *gz.ErrMsg

ReloadEverything ...

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL