Documentation ¶
Index ¶
- Variables
- type LadonAuthorizer
- type LadonPolicyManager
- func (s *LadonPolicyManager) Create(policy ladon.Policy) (err error)
- func (s *LadonPolicyManager) Delete(id string) error
- func (s *LadonPolicyManager) FindPoliciesForResource(resource string) (ladon.Policies, error)
- func (s *LadonPolicyManager) FindPoliciesForSubject(subject string) (ladon.Policies, error)
- func (s *LadonPolicyManager) FindRequestCandidates(r *ladon.Request) (ladon.Policies, error)
- func (s *LadonPolicyManager) Get(id string) (ladon.Policy, error)
- func (s *LadonPolicyManager) GetAll(limit, offset int64) (ladon.Policies, error)
- func (s *LadonPolicyManager) Init() error
- func (s *LadonPolicyManager) SetStatements(statements *PolicyStatements)
- func (s *LadonPolicyManager) Update(policy ladon.Policy) error
- type LadonRoleManager
- func (r *LadonRoleManager) AddMembers(orgID int, roleID string, members []int) error
- func (r *LadonRoleManager) CreateRole(g *am.Role) (string, error)
- func (r *LadonRoleManager) DeleteRole(orgID int, roleID string) error
- func (r *LadonRoleManager) FindByMember(orgID int, member int, limit, offset int) ([]*am.Role, error)
- func (r *LadonRoleManager) Get(orgID int, roleID string) (*am.Role, error)
- func (r *LadonRoleManager) GetByName(orgID int, roleName string) (*am.Role, error)
- func (r *LadonRoleManager) Init() error
- func (r *LadonRoleManager) List(orgID int, limit, offset int) ([]*am.Role, error)
- func (r *LadonRoleManager) RemoveMembers(orgID int, roleID string, members []int) error
- type PolicyStatements
- type RoleStatements
Constants ¶
This section is empty.
Variables ¶
var ( // ErrTxCreateFailed returned if we could not begin a transaction ErrTxCreateFailed = errors.New("could not begin transaction") // ErrRoleNotFound unable to find role for orgID ErrRoleNotFound = errors.New("role id does not exist") // ErrMismatchOrgID if a query ever returns data that doesn't match the requester orgID ErrMismatchOrgID = errors.New("org id returned does not match specified org id") // ErrMissingRoleName if a new role/updated role is missing the role name. ErrMissingRoleName = errors.New("missing role_name from role") // ErrMissingOrgID if a new role is missing the orgid. ErrMissingOrgID = errors.New("missing org id from new role") // ErrMemberNotFound if a member does not exist in any roles ErrMemberNotFound = errors.New("member was not found in any roles defined") )
var ( // ErrInvalidDriver returned if driver is not postgres or mysql ErrInvalidDriver = errors.New("invalid drivername specified, must be mysql or postgres, pg, pgx") )
var (
ErrNoRoleDefined = errors.New("unable to find role(s) for user")
)
Functions ¶
This section is empty.
Types ¶
type LadonAuthorizer ¶
type LadonAuthorizer struct {
// contains filtered or unexported fields
}
LadonAuthorizer authorizers that a role is allowed access to a resource
func NewLadonAuthorizer ¶
func NewLadonAuthorizer(policyManager ladon.Manager, roleManager auth.RoleManager) *LadonAuthorizer
NewLadonAuthorizer returns a new authorizer backed by the policy and role managers
func (*LadonAuthorizer) GetRoles ¶
func (a *LadonAuthorizer) GetRoles(orgID, userID int) ([]*am.Role, error)
GetRoles looks up all roles applied to the userID of orgID
func (*LadonAuthorizer) IsAllowed ¶
func (a *LadonAuthorizer) IsAllowed(subject, resource, action string) error
IsAllowed checks that the subject is allowed to do action on resource, returns nil on is allowed, error otherwise.
func (*LadonAuthorizer) IsUserAllowed ¶
func (a *LadonAuthorizer) IsUserAllowed(orgID, userID int, resource, action string) error
IsUserAllowed iterates over all roles this user has applied to them and checks that their role is allowed to acces the resource. If isAllowed never returns nil, that means at least one role is allowed access. Otherwise return the last error seen.
type LadonPolicyManager ¶
type LadonPolicyManager struct {
// contains filtered or unexported fields
}
LadonPolicyManager implements the ladon/Manager without requiring sqlx or migrations packages
func NewPolicyManager ¶
func NewPolicyManager(db *pgx.ConnPool, driverName string) *LadonPolicyManager
NewPolicyManager creates a new, uninitialized LadonPolicyManager
func (*LadonPolicyManager) Create ¶
func (s *LadonPolicyManager) Create(policy ladon.Policy) (err error)
Create inserts a new policy
func (*LadonPolicyManager) Delete ¶
func (s *LadonPolicyManager) Delete(id string) error
Delete removes a policy.
func (*LadonPolicyManager) FindPoliciesForResource ¶
func (s *LadonPolicyManager) FindPoliciesForResource(resource string) (ladon.Policies, error)
func (*LadonPolicyManager) FindPoliciesForSubject ¶
func (s *LadonPolicyManager) FindPoliciesForSubject(subject string) (ladon.Policies, error)
func (*LadonPolicyManager) FindRequestCandidates ¶
FindRequestCandidates returns policies that potentially match a ladon.Request
func (*LadonPolicyManager) Get ¶
func (s *LadonPolicyManager) Get(id string) (ladon.Policy, error)
Get retrieves a policy.
func (*LadonPolicyManager) GetAll ¶
func (s *LadonPolicyManager) GetAll(limit, offset int64) (ladon.Policies, error)
GetAll returns all policies
func (*LadonPolicyManager) Init ¶
func (s *LadonPolicyManager) Init() error
Init ensures statements are properly mapped
func (*LadonPolicyManager) SetStatements ¶
func (s *LadonPolicyManager) SetStatements(statements *PolicyStatements)
SetStatements allows callers to just provide their own statements if they want to support something other than postgres/mysql Note you must call this before Init() if you wish to override the driver specific statements.
type LadonRoleManager ¶
type LadonRoleManager struct {
// contains filtered or unexported fields
}
LadonRoleManager manages user roles and groups
func NewRoleManager ¶
func NewRoleManager(db *pgx.ConnPool, driverName string) *LadonRoleManager
NewRoleManager returns a new LadonRoleManager
func (*LadonRoleManager) AddMembers ¶
func (r *LadonRoleManager) AddMembers(orgID int, roleID string, members []int) error
AddMembers iterates over every member for the group/roleid and adds it to the ladon_role_members table
func (*LadonRoleManager) CreateRole ¶
func (r *LadonRoleManager) CreateRole(g *am.Role) (string, error)
CreateRole with or without initial members. returns roleID
func (*LadonRoleManager) DeleteRole ¶
func (r *LadonRoleManager) DeleteRole(orgID int, roleID string) error
DeleteRole from the system, will return non-error if orgID and roleID are invalid
func (*LadonRoleManager) FindByMember ¶
func (r *LadonRoleManager) FindByMember(orgID int, member int, limit, offset int) ([]*am.Role, error)
FindByMember returns roles that a member belongs to
func (*LadonRoleManager) Init ¶
func (r *LadonRoleManager) Init() error
Init this role manager with a pgx connection pool TODO: test db tables exist
func (*LadonRoleManager) RemoveMembers ¶
func (r *LadonRoleManager) RemoveMembers(orgID int, roleID string, members []int) error
RemoveMembers iterates over every member for the group/roleid and removes it from the ladon_role_members table
type PolicyStatements ¶
type PolicyStatements struct { QueryInsertPolicy string QueryInsertPolicyActions string QueryInsertPolicyActionsRel string QueryInsertPolicyResources string QueryInsertPolicyResourcesRel string QueryInsertPolicySubjects string QueryInsertPolicySubjectsRel string QueryRequestCandidates string QueryPoliciesForSubject string QueryPoliciesForResource string // internal queries GetQuery string GetAllQuery string DeletePolicy string }
PolicyStatements contains all policy related DB statements
func GetPolicyStatements ¶
func GetPolicyStatements(driverName string) *PolicyStatements
GetPolicyStatements returns statements specific to the db driver type
type RoleStatements ¶
type RoleStatements struct { QueryAddMembers string QueryDeleteMembers string QueryDeleteRole string QueryFindByMember string QueryGetMember string QueryGetRole string QueryGetRoleByName string QueryInsertRole string QueryList string }
RoleStatements hold queries necessary for the LadonRoleManager
func GetRoleStatements ¶
func GetRoleStatements(driverName string) *RoleStatements
GetRoleStatements populates the statements structure with our queries specific to roles