gorbac.v1: gopkg.in/mikespook/gorbac.v1 Index | Files

package gorbac

import "gopkg.in/mikespook/gorbac.v1"

Package gorbac provides a lightweight role-based access control implementation in Golang.

For the purposes of this package:

* an identity has one or more roles.
* a role requests access to a permission.
* a permission is given to a role.

Thus, RBAC has the following model:

* many to many relationship between identities and roles.
* many to many relationship between roles and permissions.
* roles can have parent roles.


Package Files

helper.go rbac.go role.go


const (
    // ParentKey exports parents into RoleMap
    ParentKey = "parents"
    // PermissionKey exports permissions into RoleMap
    PermissionKey = "permissions"
    // NameKey exports name into RoleMap
    NameKey = "name"

func AllGranted Uses

func AllGranted(rbac *RBAC, roles []string, permission string,
    assert AssertionFunc) bool

AllGranted checks if all roles have the permission.

func AnyGranted Uses

func AnyGranted(rbac *RBAC, roles []string, permission string,
    assert AssertionFunc) bool

AnyGranted checks if any role has the permission.

func InherCircle Uses

func InherCircle(rbac *RBAC) error

InherCircle returns an error when detecting any circle inheritance.

type AssertionFunc Uses

type AssertionFunc func(string, string, *RBAC) bool

AssertionFunc supplies more fine-grained permission controls.

type BaseRole Uses

type BaseRole struct {
    // contains filtered or unexported fields

BaseRole is the default role implement. You can combine this struct into your own Role implement.

func (*BaseRole) AddParent Uses

func (role *BaseRole) AddParent(name string)

AddParent adds a parent to the role.

func (*BaseRole) AddPermission Uses

func (role *BaseRole) AddPermission(permission string)

AddPermission adds a permission to the role.

func (*BaseRole) HasPermission Uses

func (role *BaseRole) HasPermission(permission string) bool

HasPermission returns true if the role has specific permission.

func (*BaseRole) Name Uses

func (role *BaseRole) Name() string

Name returns the role's identity name.

func (*BaseRole) Parents Uses

func (role *BaseRole) Parents() []string

Parents returns all parents into a slice.

func (*BaseRole) Permissions Uses

func (role *BaseRole) Permissions() []string

Permissions returns all permissions into a slice.

func (*BaseRole) RemoveParent Uses

func (role *BaseRole) RemoveParent(name string)

RemoveParent deletes the specific parent from the role.

func (*BaseRole) Reset Uses

func (role *BaseRole) Reset()

Reset cleans all permissions and parents.

func (*BaseRole) RevokePermission Uses

func (role *BaseRole) RevokePermission(permission string)

RevokePermission remove the specific permission.

type Map Uses

type Map map[string]RoleMap

Map exports RBAC to a structure data

type RBAC Uses

type RBAC struct {
    // contains filtered or unexported fields

RBAC object, in most cases it should be used as a singleton.

func New Uses

func New() *RBAC

New returns a RBAC structure. The default role structure will be used.

func NewWithFactory Uses

func NewWithFactory(factory RoleFactoryFunc) *RBAC

NewWithFactory returns a RBAC structure with a specific factory function. Role structure will be generated by the function.

func Restore Uses

func Restore(data Map) *RBAC

Restore loads control data from a Map, and the default Role will be used.

func RestoreWithFactory Uses

func RestoreWithFactory(data Map, factory RoleFactoryFunc) *RBAC

RestoreWithFactory loads control data from a Map. User-defined type can be created by factory.

func (*RBAC) Add Uses

func (rbac *RBAC) Add(name string, permissions []string, parents []string)

Add a role with `name`. It has `permissions` and `parents`. If the role is not existing, a new one will be created. This function will add new permissions and parents to the role, and keep orignals.

func (*RBAC) Dump Uses

func (rbac *RBAC) Dump() Map


func (*RBAC) Get Uses

func (rbac *RBAC) Get(name string) Role

Get returns a role or nil if not exists.

func (*RBAC) IsGranted Uses

func (rbac *RBAC) IsGranted(name, permission string,
    assert AssertionFunc) bool

IsGranted tests if the `name` has `permission` in the `assert` condition.

func (*RBAC) Remove Uses

func (rbac *RBAC) Remove(name string)

Remove a role.

func (*RBAC) Set Uses

func (rbac *RBAC) Set(name string, permissions []string, parents []string)

Set a role with `name`. It has `permissions` and `parents`. If the role is not existing, a new one will be created. This function will cover role's orignal permissions and parents.

type Role Uses

type Role interface {
    Name() string
    HasPermission(string) bool
    Permissions() []string
    Parents() []string

Role is an interface. You should implement this interface for your own role structures.

func NewBaseRole Uses

func NewBaseRole(rbac *RBAC, name string) Role

NewBaseRole is the default role factory function. It matches the declaration to RoleFactoryFunc.

type RoleFactoryFunc Uses

type RoleFactoryFunc func(*RBAC, string) Role

RoleFactoryFunc is used for a custom role structure. You could define your own role factory function through this factory function.

type RoleMap Uses

type RoleMap map[string][]string

RoleMap exports roles data.

func RoleToMap Uses

func RoleToMap(role Role) RoleMap

RoleToMap converts interface Role into RoleMap.

Package gorbac imports 2 packages (graph). Updated 2016-07-19. Refresh now. Tools for package owners.