permission

package
v0.0.0-...-8ff1004 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 15, 2019 License: AGPL-3.0 Imports: 3 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsEmptyUserAccess

func IsEmptyUserAccess(a UserAccess) bool

IsEmptyUserAccess returns true if the passed UserAccess instance is empty.

func ValidateCloudAccess

func ValidateCloudAccess(access Access) error

ValidateCloudAccess returns error if the passed access is not a valid cloud access level.

func ValidateControllerAccess

func ValidateControllerAccess(access Access) error

ValidateControllerAccess returns error if the passed access is not a valid controller access level.

func ValidateModelAccess

func ValidateModelAccess(access Access) error

ValidateModelAccess returns error if the passed access is not a valid model access level.

func ValidateOfferAccess

func ValidateOfferAccess(access Access) error

ValidateOfferAccess returns error if the passed access is not a valid offer access level.

Types

type Access

type Access string

Access represents a level of access.

const (
	// NoAccess allows a user no permissions at all.
	NoAccess Access = ""

	// ReadAccess allows a user to read information about a permission subject,
	// without being able to make any changes.
	ReadAccess Access = "read"

	// WriteAccess allows a user to make changes to a permission subject.
	WriteAccess Access = "write"

	// ConsumeAccess allows a user to consume a permission subject.
	ConsumeAccess Access = "consume"

	// AdminAccess allows a user full control over the subject.
	AdminAccess Access = "admin"

	// LoginAccess allows a user to log-ing into the subject.
	LoginAccess Access = "login"

	// AddModelAccess allows user to add new models in subjects supporting it.
	AddModelAccess Access = "add-model"

	// SuperuserAccess allows user unrestricted permissions in the subject.
	SuperuserAccess Access = "superuser"
)

func (Access) EqualOrGreaterCloudAccessThan

func (a Access) EqualOrGreaterCloudAccessThan(access Access) bool

EqualOrGreaterCloudAccessThan returns true if the current access is equal or greater than the passed in access level.

func (Access) EqualOrGreaterControllerAccessThan

func (a Access) EqualOrGreaterControllerAccessThan(access Access) bool

EqualOrGreaterControllerAccessThan returns true if the current access is equal or greater than the passed in access level.

func (Access) EqualOrGreaterModelAccessThan

func (a Access) EqualOrGreaterModelAccessThan(access Access) bool

EqualOrGreaterModelAccessThan returns true if the current access is equal or greater than the passed in access level.

func (Access) EqualOrGreaterOfferAccessThan

func (a Access) EqualOrGreaterOfferAccessThan(access Access) bool

EqualOrGreaterOfferAccessThan returns true if the current access is equal or greater than the passed in access level.

func (Access) GreaterControllerAccessThan

func (a Access) GreaterControllerAccessThan(access Access) bool

GreaterControllerAccessThan returns true if the current access is greater than the passed in access level.

func (Access) GreaterModelAccessThan

func (a Access) GreaterModelAccessThan(access Access) bool

GreaterModelAccessThan returns true if the current access is greater than the passed in access level.

func (Access) GreaterOfferAccessThan

func (a Access) GreaterOfferAccessThan(access Access) bool

GreaterOfferAccessThan returns true if the current access is greater than the passed in access level.

func (Access) Validate

func (a Access) Validate() error

Validate returns error if the current is not a valid access level.

type UserAccess

type UserAccess struct {
	// UserID is the stored ID of the user.
	UserID string
	// UserTag is the tag for the user.
	UserTag names.UserTag
	// Object is the tag for the object of this access grant.
	Object names.Tag
	// Access represents the level of access subject has over object.
	Access Access
	// CreatedBy is the tag of the user that granted the access.
	CreatedBy names.UserTag
	// DateCreated is the date the user was created in UTC.
	DateCreated time.Time
	// DisplayName is the name we are showing for this user.
	DisplayName string
	// UserName is the actual username for this access.
	UserName string
}

UserAccess represents a user access to a target whereas the user could represent a remote user or a user across multiple models the user access always represents a single user for a single target. There should be no more than one UserAccess per target/user pair. Many of these fields are storage artifacts but generate them from other fields implies out of band knowledge of other packages.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL