Documentation ¶
Overview ¶
Package authorization implements a basic authorization "engine".
Before it can operate it needs to load the authorization rules from a backend via LoadAuthorizations().
Currently supported backends:
an AuthorizationStore variable directly a Reader which can deliver data as specified in LoadAuthorizationsFromReader()
After the authorizations are loaded the main functionality is available via AuthorizationPassed() which can report if a given combination of {user, http method, http path} passes the authorization rules currently loaded.
Index ¶
Constants ¶
const ( Allow = true Deny = false )
Small shortcut constants, for clarity.
Variables ¶
This section is empty.
Functions ¶
func AuthorizationPassed ¶
AuthorizationPassed determines if a give user is authorized to access path via verb.
func LoadAuthorizations ¶
func LoadAuthorizations(backend interface{}) (err error)
LoadAuthorizations loads the given authorizations into the library.
func LoadAuthorizationsFromReader ¶
LoadAuthorizationsFromReader loads the authorizations from the given r io.Reader into the library. The file must have the format:
username:default_rule:rule1:...:ruleN
Types ¶
type AuthorizationRules ¶
AuthorizationRules defines a container for the authorization rules for one user.
It is implemented as a combination of DefaultRule and a list of exception rules, as follows:
1. if DefaultRule == Allow; then Rules becomes a blacklisting mechanism; 2. if DefaultRule == Deny; then rules becomes a whitelisting mechanism.
These combined allow for flexible and granular access control.
type AuthorizationStore ¶
type AuthorizationStore map[string]AuthorizationRules
AuthorizationStore defines a container for all authorization rules.