Documentation ¶
Overview ¶
Package gorbac provides a lightweight role-based access control implementation in Golang.
For the purposes of this package:
- an identity has one or more roles.
- a role requests access to a permission.
- a permission is given to a role.
Thus, RBAC has the following model:
- many to many relationship between identities and roles.
- many to many relationship between roles and permissions.
- roles can have parent roles.
Index ¶
- Constants
- func AllGranted(rbac *RBAC, roles []string, permission string, assert AssertionFunc) bool
- func AnyGranted(rbac *RBAC, roles []string, permission string, assert AssertionFunc) bool
- func InherCircle(rbac *RBAC) error
- type AssertionFunc
- type BaseRole
- func (role *BaseRole) AddParent(name string)
- func (role *BaseRole) AddPermission(permission string)
- func (role *BaseRole) HasPermission(permission string) bool
- func (role *BaseRole) Name() string
- func (role *BaseRole) Parents() []string
- func (role *BaseRole) Permissions() []string
- func (role *BaseRole) RemoveParent(name string)
- func (role *BaseRole) Reset()
- func (role *BaseRole) RevokePermission(permission string)
- type Map
- type RBAC
- func (rbac *RBAC) Add(name string, permissions []string, parents []string)
- func (rbac *RBAC) Dump() Map
- func (rbac *RBAC) Get(name string) Role
- func (rbac *RBAC) IsGranted(name, permission string, assert AssertionFunc) bool
- func (rbac *RBAC) Remove(name string)
- func (rbac *RBAC) Set(name string, permissions []string, parents []string)
- type Role
- type RoleFactoryFunc
- type RoleMap
Constants ¶
const ( // ParentKey exports parents into RoleMap ParentKey = "parents" // PermissionKey exports permissions into RoleMap PermissionKey = "permissions" // NameKey exports name into RoleMap NameKey = "name" )
Variables ¶
This section is empty.
Functions ¶
func AllGranted ¶
func AllGranted(rbac *RBAC, roles []string, permission string, assert AssertionFunc) bool
AllGranted checks if all roles have the permission.
func AnyGranted ¶
func AnyGranted(rbac *RBAC, roles []string, permission string, assert AssertionFunc) bool
AnyGranted checks if any role has the permission.
func InherCircle ¶
InherCircle returns an error when detecting any circle inheritance.
Types ¶
type AssertionFunc ¶
AssertionFunc supplies more fine-grained permission controls.
type BaseRole ¶
type BaseRole struct {
// contains filtered or unexported fields
}
BaseRole is the default role implement. You can combine this struct into your own Role implement.
func (*BaseRole) AddPermission ¶
AddPermission adds a permission to the role.
func (*BaseRole) HasPermission ¶
HasPermission returns true if the role has specific permission.
func (*BaseRole) Permissions ¶
Permissions returns all permissions into a slice.
func (*BaseRole) RemoveParent ¶
RemoveParent deletes the specific parent from the role.
func (*BaseRole) RevokePermission ¶
RevokePermission remove the specific permission.
type RBAC ¶
type RBAC struct {
// contains filtered or unexported fields
}
RBAC object, in most cases it should be used as a singleton.
func NewWithFactory ¶
func NewWithFactory(factory RoleFactoryFunc) *RBAC
NewWithFactory returns a RBAC structure with a specific factory function. Role structure will be generated by the function.
func RestoreWithFactory ¶
func RestoreWithFactory(data Map, factory RoleFactoryFunc) *RBAC
RestoreWithFactory loads control data from a Map. User-defined type can be created by factory.
func (*RBAC) Add ¶
Add a role with `name`. It has `permissions` and `parents`. If the role is not existing, a new one will be created. This function will add new permissions and parents to the role, and keep orignals.
type Role ¶
type Role interface { Name() string AddPermission(string) HasPermission(string) bool RevokePermission(string) Permissions() []string AddParent(string) RemoveParent(string) Parents() []string Reset() }
Role is an interface. You should implement this interface for your own role structures.
func NewBaseRole ¶
NewBaseRole is the default role factory function. It matches the declaration to RoleFactoryFunc.
type RoleFactoryFunc ¶
RoleFactoryFunc is used for a custom role structure. You could define your own role factory function through this factory function.
Directories ¶
Path | Synopsis |
---|---|
examples
|
|
http
possum & gorbac example
|
possum & gorbac example |
user-defined
User-defined gorbac example
|
User-defined gorbac example |