types

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2024 License: BSD-3-Clause Imports: 5 Imported by: 0

Documentation

Overview

Package types implements the darc messages.

The messages are implemented in a separate package to prevent cycle imports when importing the serde formats.

Documentation Last Review: 08.10.2020

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterPermissionFormat 

func RegisterPermissionFormat(c serde.Format, f serde.FormatEngine)

RegisterPermissionFormat registers the engine for the provided format.

Types

type DisjunctivePermission 

type DisjunctivePermission struct {
	// contains filtered or unexported fields
}

DisjunctivePermission is a permission implementation that is using the Disjunctive Normal Form to represent the groups of identities allowed for a given rule.

- implements types.Permission

func NewPermission 

func NewPermission(opts ...PermissionOption) *DisjunctivePermission

NewPermission returns a new empty instance of an access control.

func (*DisjunctivePermission) Allow 

func (perm *DisjunctivePermission) Allow(rule string, group ...access.Identity)

Allow implements types.Permission. It grants the permission to the group of identities as a single entity.

func (*DisjunctivePermission) Deny 

func (perm *DisjunctivePermission) Deny(rule string, group ...access.Identity)

Deny implements types.Permission. It denies the permission to the group of identities as a single entity by removing every subset matching this superset.

func (*DisjunctivePermission) GetRules 

func (perm *DisjunctivePermission) GetRules() map[string]*Expression

GetRules returns a map of the expressions.

func (*DisjunctivePermission) Match 

func (perm *DisjunctivePermission) Match(rule string, group ...access.Identity) error

Match implements types.Permission. It returns true if the rule exists and the group of identities is associated with it.

func (*DisjunctivePermission) Serialize 

func (perm *DisjunctivePermission) Serialize(ctx serde.Context) ([]byte, error)

Serialize implements serde.Message. It looks up the format and returns the serialized data of the permission.

type Expression 

type Expression struct {
	// contains filtered or unexported fields
}

Expression is the representation of the disjunctive normal form of the allowed groups of identities.

func NewExpression 

func NewExpression(sets ...IdentitySet) *Expression

NewExpression creates a new expression from the list of identity sets.

func (*Expression) Allow 

func (expr *Expression) Allow(group []access.Identity)

Allow adds the group of identities as long as there is no duplicate.

func (*Expression) Deny 

func (expr *Expression) Deny(group []access.Identity)

Deny removes the group of identities from the list of matching subsets.

func (*Expression) GetIdentitySets 

func (expr *Expression) GetIdentitySets() []IdentitySet

GetIdentitySets returns the list of identity sets.

func (*Expression) Match 

func (expr *Expression) Match(group []access.Identity) error

Match returns nil if the group are allowed for the rule, otherwise it returns the reason why it failed.

type IdentitySet 

type IdentitySet []access.Identity

IdentitySet is a set of identities that belongs to one of the conjunction.

func NewIdentitySet 

func NewIdentitySet(idents ...access.Identity) IdentitySet

NewIdentitySet creates a new identity set from the list of identities by removing duplicates.

func (IdentitySet) Contains 

func (set IdentitySet) Contains(target access.Identity) bool

Contains returns true if the identity exists in the set.

func (IdentitySet) IsSuperset 

func (set IdentitySet) IsSuperset(o IdentitySet) bool

IsSuperset return true if both sets are the same.

func (IdentitySet) Search 

func (set IdentitySet) Search(target access.Identity) (int, bool)

Search searches for the target in the set and returns the index if it exists, otherwise a negative value.

type Permission 

type Permission interface {
	serde.Message

	// Allow grants the permission to the rule to the group of identities as a
	// single entity so that it will match if and only if the group agrees.
	Allow(rule string, group ...access.Identity)

	// Deny denies the permission to the rule to the group of identities as a
	// single entity.
	Deny(rule string, group ...access.Identity)

	// Match returns a nil error if the group, or a subset of the group, is
	// allowed.
	Match(rule string, group ...access.Identity) error
}

Permission is the interface of the underlying permissions used by the service.

type PermissionFactory 

type PermissionFactory interface {
	serde.Factory

	PermissionOf(serde.Context, []byte) (Permission, error)
}

PermissionFactory is the factory to serialize and deserialize the permissions.

func NewFactory 

func NewFactory() PermissionFactory

NewFactory returns a new instance of the factory.

type PermissionOption 

type PermissionOption func(*DisjunctivePermission)

PermissionOption is the option type to create an access control.

func WithExpression 

func WithExpression(rule string, expr *Expression) PermissionOption

WithExpression is an option to set a rule from its expression.

func WithRule 

func WithRule(rule string, group ...access.Identity) PermissionOption

WithRule is an option to grant a given group access to a rule.

type PublicKeyFac 

type PublicKeyFac struct{}

PublicKeyFac is the key of the public key factory.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.