ladonauth

package
v0.0.0-...-72c2bb7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 25, 2020 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrTxCreateFailed returned if we could not begin a transaction
	ErrTxCreateFailed = errors.New("could not begin transaction")
	// ErrRoleNotFound unable to find role for orgID
	ErrRoleNotFound = errors.New("role id does not exist")
	// ErrMismatchOrgID if a query ever returns data that doesn't match the requester orgID
	ErrMismatchOrgID = errors.New("org id returned does not match specified org id")
	// ErrMissingRoleName if a new role/updated role is missing the role name.
	ErrMissingRoleName = errors.New("missing role_name from role")
	// ErrMissingOrgID if a new role is missing the orgid.
	ErrMissingOrgID = errors.New("missing org id from new role")
	// ErrMemberNotFound if a member does not exist in any roles
	ErrMemberNotFound = errors.New("member was not found in any roles defined")
)
View Source 
var (
	// ErrInvalidDriver returned if driver is not postgres or mysql
	ErrInvalidDriver = errors.New("invalid drivername specified, must be mysql or postgres, pg, pgx")
)
View Source 
var (
	ErrNoRoleDefined = errors.New("unable to find role(s) for user")
)

Functions

This section is empty.

Types

type LadonAuthorizer 

type LadonAuthorizer struct {
	// contains filtered or unexported fields
}

LadonAuthorizer authorizers that a role is allowed access to a resource

func NewLadonAuthorizer 

func NewLadonAuthorizer(policyManager ladon.Manager, roleManager auth.RoleManager) *LadonAuthorizer

NewLadonAuthorizer returns a new authorizer backed by the policy and role managers

func (*LadonAuthorizer) GetRoles 

func (a *LadonAuthorizer) GetRoles(orgID, userID int) ([]*am.Role, error)

GetRoles looks up all roles applied to the userID of orgID

func (*LadonAuthorizer) IsAllowed 

func (a *LadonAuthorizer) IsAllowed(subject, resource, action string) error

IsAllowed checks that the subject is allowed to do action on resource, returns nil on is allowed, error otherwise.

func (*LadonAuthorizer) IsUserAllowed 

func (a *LadonAuthorizer) IsUserAllowed(orgID, userID int, resource, action string) error

IsUserAllowed iterates over all roles this user has applied to them and checks that their role is allowed to acces the resource. If isAllowed never returns nil, that means at least one role is allowed access. Otherwise return the last error seen.

type LadonPolicyManager 

type LadonPolicyManager struct {
	// contains filtered or unexported fields
}

LadonPolicyManager implements the ladon/Manager without requiring sqlx or migrations packages

func NewPolicyManager 

func NewPolicyManager(db *pgx.ConnPool, driverName string) *LadonPolicyManager

NewPolicyManager creates a new, uninitialized LadonPolicyManager

func (*LadonPolicyManager) Create 

func (s *LadonPolicyManager) Create(policy ladon.Policy) (err error)

Create inserts a new policy

func (*LadonPolicyManager) Delete 

func (s *LadonPolicyManager) Delete(id string) error

Delete removes a policy.

func (*LadonPolicyManager) FindPoliciesForResource 

func (s *LadonPolicyManager) FindPoliciesForResource(resource string) (ladon.Policies, error)

func (*LadonPolicyManager) FindPoliciesForSubject 

func (s *LadonPolicyManager) FindPoliciesForSubject(subject string) (ladon.Policies, error)

func (*LadonPolicyManager) FindRequestCandidates 

func (s *LadonPolicyManager) FindRequestCandidates(r *ladon.Request) (ladon.Policies, error)

FindRequestCandidates returns policies that potentially match a ladon.Request

func (*LadonPolicyManager) Get 

func (s *LadonPolicyManager) Get(id string) (ladon.Policy, error)

Get retrieves a policy.

func (*LadonPolicyManager) GetAll 

func (s *LadonPolicyManager) GetAll(limit, offset int64) (ladon.Policies, error)

GetAll returns all policies

func (*LadonPolicyManager) Init 

func (s *LadonPolicyManager) Init() error

Init ensures statements are properly mapped

func (*LadonPolicyManager) SetStatements 

func (s *LadonPolicyManager) SetStatements(statements *PolicyStatements)

SetStatements allows callers to just provide their own statements if they want to support something other than postgres/mysql Note you must call this before Init() if you wish to override the driver specific statements.

func (*LadonPolicyManager) Update 

func (s *LadonPolicyManager) Update(policy ladon.Policy) error

Update updates a policy in the database by deleting original and re-creating

type LadonRoleManager 

type LadonRoleManager struct {
	// contains filtered or unexported fields
}

LadonRoleManager manages user roles and groups

func NewRoleManager 

func NewRoleManager(db *pgx.ConnPool, driverName string) *LadonRoleManager

NewRoleManager returns a new LadonRoleManager

func (*LadonRoleManager) AddMembers 

func (r *LadonRoleManager) AddMembers(orgID int, roleID string, members []int) error

AddMembers iterates over every member for the group/roleid and adds it to the ladon_role_members table

func (*LadonRoleManager) CreateRole 

func (r *LadonRoleManager) CreateRole(g *am.Role) (string, error)

CreateRole with or without initial members. returns roleID

func (*LadonRoleManager) DeleteRole 

func (r *LadonRoleManager) DeleteRole(orgID int, roleID string) error

DeleteRole from the system, will return non-error if orgID and roleID are invalid

func (*LadonRoleManager) FindByMember 

func (r *LadonRoleManager) FindByMember(orgID int, member int, limit, offset int) ([]*am.Role, error)

FindByMember returns roles that a member belongs to

func (*LadonRoleManager) Get 

func (r *LadonRoleManager) Get(orgID int, roleID string) (*am.Role, error)

Get a role specified by roleID for the orgID

func (*LadonRoleManager) GetByName 

func (r *LadonRoleManager) GetByName(orgID int, roleName string) (*am.Role, error)

GetByName a role specified by roleName for the orgID

func (*LadonRoleManager) Init 

func (r *LadonRoleManager) Init() error

Init this role manager with a pgx connection pool TODO: test db tables exist

func (*LadonRoleManager) List 

func (r *LadonRoleManager) List(orgID int, limit, offset int) ([]*am.Role, error)

List all roles for an organization

func (*LadonRoleManager) RemoveMembers 

func (r *LadonRoleManager) RemoveMembers(orgID int, roleID string, members []int) error

RemoveMembers iterates over every member for the group/roleid and removes it from the ladon_role_members table

type PolicyStatements 

type PolicyStatements struct {
	QueryInsertPolicy             string
	QueryInsertPolicyActions      string
	QueryInsertPolicyActionsRel   string
	QueryInsertPolicyResources    string
	QueryInsertPolicyResourcesRel string
	QueryInsertPolicySubjects     string
	QueryInsertPolicySubjectsRel  string
	QueryRequestCandidates        string
	QueryPoliciesForSubject       string
	QueryPoliciesForResource      string
	// internal queries
	GetQuery     string
	GetAllQuery  string
	DeletePolicy string
}

PolicyStatements contains all policy related DB statements

func GetPolicyStatements 

func GetPolicyStatements(driverName string) *PolicyStatements

GetPolicyStatements returns statements specific to the db driver type

type RoleStatements 

type RoleStatements struct {
	QueryAddMembers    string
	QueryDeleteMembers string
	QueryDeleteRole    string
	QueryFindByMember  string
	QueryGetMember     string
	QueryGetRole       string
	QueryGetRoleByName string
	QueryInsertRole    string
	QueryList          string
}

RoleStatements hold queries necessary for the LadonRoleManager

func GetRoleStatements 

func GetRoleStatements(driverName string) *RoleStatements

GetRoleStatements populates the statements structure with our queries specific to roles

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.