Documentation ¶
Index ¶
- type AccessCheck
- type Assertion
- type AssertionParameters
- type Permission
- type PermissionSet
- type Registry
- func (self *Registry) AddResource(resource string, parents ...string)
- func (self *Registry) AddRole(role string, parents ...string)
- func (self *Registry) Allow(role, operation, resource string, assertFunc *Assertion) error
- func (self *Registry) Deny(role, operation, resource string, assertFunc *Assertion) error
- func (self *Registry) IsAllowed(role, operation, resource string, checkAllowed bool, ...) (AccessCheck, error)
- func (self *Registry) IsAnyAllowed(roles []string, operation, resource string, params *AssertionParameters) (AccessCheck, error)
- type Set
- type StringMapSet
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessCheck ¶
type AccessCheck struct {
// contains filtered or unexported fields
}
func (AccessCheck) Check ¶
func (self AccessCheck) Check() bool
type AssertionParameters ¶
type AssertionParameters map[string]interface{}
type Permission ¶
type Permission struct {
Role, Resource, Operation string
}
type PermissionSet ¶
type PermissionSet map[Permission]Assertion
func (PermissionSet) Add ¶
func (self PermissionSet) Add(perm Permission, assertion *Assertion)
func (PermissionSet) Contains ¶
func (self PermissionSet) Contains(perm Permission) bool
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry contains the Access Control List
func NewRegistry ¶
func NewRegistry() *Registry
func (*Registry) AddResource ¶
AddResource creates a resource or appends parents to a special resource
func (*Registry) Allow ¶
Allow creates a rule which allows the role and it's children to operate the resource
func (*Registry) Deny ¶
Deny creates a role which will deny the role and it's children from operating upon the resource
func (*Registry) IsAllowed ¶
func (self *Registry) IsAllowed(role, operation, resource string, checkAllowed bool, params *AssertionParameters) (AccessCheck, error)
IsAllowed checks the role has the ability to run the specified operation on the given resource. If the access is denied, this method will return False; if the access is allowed, this method will return True; if there is not any rule for the access, this method will return None.
func (*Registry) IsAnyAllowed ¶
func (self *Registry) IsAnyAllowed(roles []string, operation, resource string, params *AssertionParameters) (AccessCheck, error)
IsAnyAllowed checks whether any of the roles have the ability to execute the operation against the resource
type StringMapSet ¶
func (StringMapSet) AddOrUpdate ¶
func (self StringMapSet) AddOrUpdate(key string, values ...string)
func (StringMapSet) Contains ¶
func (self StringMapSet) Contains(key string) bool