access

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2024 License: BSD-3-Clause Imports: 4 Imported by: 8

Documentation

Overview

Package access defines the interfaces for Access Rights Controls.

Documentation Last Review: 08.10.2020

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ContractCredential 

type ContractCredential struct {
	// contains filtered or unexported fields
}

ContractCredential defines the credential for a contract. It contains the name of the contract and an associated command.

func NewContractCreds 

func NewContractCreds(id []byte, contract, command string) ContractCredential

NewContractCreds creates new credential from the associated identifier, the name of the contract and its command.

func (ContractCredential) GetID 

func (cc ContractCredential) GetID() []byte

GetID implements access.Credential. It returns the identifier for the credential.

func (ContractCredential) GetRule 

func (cc ContractCredential) GetRule() string

GetRule implements access.Credential. It returns the scope of the credential.

type Credential 

type Credential interface {
	// GetID returns the identifier of the credential.
	GetID() []byte

	// GetRule returns the rule that is targetted by the credential.
	GetRule() string
}

Credential is an abstraction of an entity that allows one or several identities to access a given scope.

As an example, the identifier is the username of a username/password pair. It defines the component to compare against. Then the password is the list of identities, verified beforehands, that will match, or won't, match to the identifier underlying permissions. The rule defines which scope should be verified so that the permissions can hold multiple of thoses. 

-- 0xdeadbeef
   -- "myContract:sayHello"
      -- Alice
      -- Bob
   -- "myContract:sayBye"
      -- Bob

The example above shows two credentials for the contract "myContract" that is allowing two commands "sayHello" and "sayBye". Alice and Bob can say hello, but only Bob is allow to say bye. Alice can prove that she's allowed by providing the credential with the identifier 0xdeadbeef and the rule "myContract:sayHello".

type Identity 

type Identity interface {
	serde.Message

	encoding.TextMarshaler

	// Equal returns true when the other object is equal to the identity.
	Equal(other interface{}) bool
}

Identity is an abstraction to uniquely identify a signer.

type Service 

type Service interface {
	// Match returns nil if the credentials can be matched to the group of
	// identities.
	Match(store store.Readable, creds Credential, idents ...Identity) error

	// Grant updates the store so that the group of identities will match the
	// credentials.
	Grant(store store.Snapshot, creds Credential, idents ...Identity) error
}

Service is an access control service that can read the storage to find permissions associated to the credentials, or update existing ones.

Source Files

View all Source files

Directories

Path Synopsis
Package darc implements Distributed Access Rights Controls.
 Package darc implements Distributed Access Rights Controls.
json
types
Package types implements the darc messages.
 Package types implements the darc messages.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.