Documentation ¶
Index ¶
- type Service
- func (s *Service) EnforceRole(c context.Context, r model.AccessRole) bool
- func (s *Service) EnforceTenant(c context.Context, ID uuid.UUID) bool
- func (s *Service) EnforceTenantAdmin(c context.Context, ID uuid.UUID) bool
- func (s *Service) EnforceTenantAndRole(c context.Context, roleID model.AccessRole, tenantID uuid.UUID) bool
- func (s *Service) EnforceUser(c context.Context, ID uuid.UUID) bool
- func (s *Service) IsLowerRole(c context.Context, r model.AccessRole) bool
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Service ¶
type Service struct{}
Service is RBAC application service
func (*Service) EnforceRole ¶
EnforceRole authorizes request by AccessRole
func (*Service) EnforceTenant ¶
EnforceTenant checks whether the request to apply change to tenant data is done by the user belonging to that tenant and that the user has role tenantAdmin. If user has admin role, the check for tenant doesn't need to pass.
func (*Service) EnforceTenantAdmin ¶
EnforceTenantAdmin checks tenant admin
func (*Service) EnforceTenantAndRole ¶
func (s *Service) EnforceTenantAndRole(c context.Context, roleID model.AccessRole, tenantID uuid.UUID) bool
EnforceTenantAndRole performs auth check for same tenant and lower role. Used for user creation, deletion etc.
func (*Service) EnforceUser ¶
EnforceUser checks whether the request to change user data is done by the same user
func (*Service) IsLowerRole ¶
IsLowerRole checks whether the requesting user has higher role than the user it wants to change Used for account creation/deletion