rbac

package
v1.17.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 27, 2023 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package rbac implements authorization.

Index

Constants

This section is empty.

Variables

View Source
var (
	// PermissionMap is the list of permissions mapped to their name and
	// description.
	PermissionMap = map[Permission][2]string{
		AuditRead:      {"AuditRead", "read event and audit logs"},
		APIKeyRead:     {"APIKeyRead", "view information about API keys, including statistics"},
		APIKeyWrite:    {"APIKeyWrite", "create, update, and delete API keys"},
		CodeIssue:      {"CodeIssue", "issue codes"},
		CodeBulkIssue:  {"CodeBulkIssue", "issue codes in bulk, if bulk issue is enabled on the realm"},
		CodeRead:       {"CodeRead", "lookup code status"},
		CodeExpire:     {"CodeExpire", "expire codes"},
		SettingsRead:   {"SettingsRead", "read realm settings"},
		SettingsWrite:  {"SettingsWrite", "update realm settings"},
		StatsRead:      {"StatsRead", "view realm statistics"},
		MobileAppRead:  {"MobileAppRead", "view mobile app information"},
		MobileAppWrite: {"MobileAppWrite", "create, update, and delete mobile apps"},
		UserRead:       {"UserRead", "view user information"},
		UserWrite:      {"UserWrite", "create, update, and delete users"},
	}

	// NamePermissionMap is the map of permission names to their value.
	NamePermissionMap map[string]Permission
)

Functions

func Can

func Can(given Permission, target Permission) bool

Can returns true if the given resource has permission to perform the provided permissions.

func PermissionNames

func PermissionNames(p Permission) []string

PermissionNames returns the list of permissions included in the given permission.

Types

type Permission

type Permission int64

Permission is a granular permission. It is an integer instead of a uint because most database systems lack unsigned integer types.

const (

	// Audit
	AuditRead Permission

	// API keys
	APIKeyRead
	APIKeyWrite

	// Codes
	CodeIssue
	CodeBulkIssue
	CodeRead
	CodeExpire

	// Realm settings
	SettingsRead
	SettingsWrite

	// Realm statistics
	StatsRead

	// Mobile apps
	MobileAppRead
	MobileAppWrite

	// Users
	UserRead
	UserWrite
)
const (
	// LegacyRealmUser is a quick reference to the old "user" permissions.
	LegacyRealmUser Permission = CodeIssue | CodeBulkIssue | CodeRead | CodeExpire

	// LegacyRealmAdmin is a quick reference to the old "realm admin" permissions.
	LegacyRealmAdmin Permission = AuditRead |
		APIKeyRead | APIKeyWrite |
		CodeIssue | CodeBulkIssue | CodeRead | CodeExpire |
		SettingsRead | SettingsWrite |
		StatsRead |
		MobileAppRead | MobileAppWrite |
		UserRead | UserWrite
)

func AddImplied added in v0.19.1

func AddImplied(target Permission) Permission

AddImplied adds any missing implied permissions.

func CompileAndAuthorize

func CompileAndAuthorize(actorPermission Permission, toUpdate []Permission) (Permission, error)

CompileAndAuthorize compiles a new permission bit from the given toUpdate permissions. It verifies that the calling permission has a superset of all provided permissions (to prevent privilege escalation).

func ImpliedBy

func ImpliedBy(permission Permission) []Permission

ImpliedBy returns any permissions that cause this permission to be added automatically. The return may be nil.

func (Permission) Description

func (p Permission) Description() (string, error)

Description returns the description.

func (Permission) Implied

func (p Permission) Implied() []Permission

Implied returns the additional implied permissions, if any.

func (Permission) String

func (p Permission) String() string

String implements stringer.

func (Permission) Value

func (p Permission) Value() (driver.Value, error)

Value returns the permissions value as an integer for sql drivers.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL