gorbac

package module
v0.0.0-...-2be974d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2016 License: MIT Imports: 7 Imported by: 0

README

gorbac

RBAC Authorization library for Go. It provides developers with NIST Level 2 Standard Role Based Access Control and more.

gorbac is ported from http://phprbac.net. Currently there is only support for MySQL.

The API documentation can ben found at: https://godoc.org/github.com/jgrusewski/gorbac

Why RBAC?

Role Based Access Control is the standard means of authorization (access control). The other approach is ACLs, where a table defines who can do what. ACLs are only good for very small systems, because of the following reasons:

Big systems have lots of permits

  • alt tag People move in organizations, and all their permits should be changed when they do
  • alt tag Maintenance (adding, changing, removing) of 100,000 permits requires a handful of staff
  • alt tag Maintenance of the permits assigned to each user, requires more staff than above!
  • alt tag One wrong user-permit and you have a serious breach in your security, so no room for error

RBAC separates the concepts of Users, Roles and Permissions. Roles are defined in a system, then Permissions defined separately. Then the security administrator decides what role should be permitted to do what action, by assigning that role to the permission. Finally users are assigned to roles. The system does the rest.

  • alt tag Still lots of permits in the system are the problem
  • alt tag People move, and only their roles need to be changed
  • alt tag Maintenance of permits is still an issue
  • alt tag Maintenance of permits assigned to each role is easy, it doesn't change much logically.
  • alt tag Role-Permission assignments can be double checked so that no wrong permit is given to any role

That was NIST Level 1 standard RBAC above, and it still had issues. NIST Level 2 RBAC requires Roles and/or Permissions to be hierarchical, so that management of them can easily be handled in hierarchies. The figure below demonstrates a system in hierarchical RBAC:

alt tag (source: http://phprbac.net)

Documentation

Index

Constants

View Source 
const (
	Left  string = "lft"
	Right        = "rght"
)

Left column name in sql scheme Right column name in sql scheme

Variables

View Source 
var (
	ErrTitleNotFound = errors.New("title not found")
	ErrPathNotFound  = errors.New("path not found")
)

Error messages for a invalid title name.

View Source 
var (
	ErrPermissionNotFound = errors.New("permission not found")
)
View Source 
var (
	ErrRowRequired = errors.New("role cannot be nil")
)

Error messages for Roles

View Source 
var ErrUserRequired = errors.New("user id is a required argument")

Functions

This section is empty.

Types

type Config 

type Config struct {
	Name     string
	Host     string
	Port     int
	Username string
	Password string
}

Config MySQL connection string

type Owner 

type Owner interface{}

type Owners 

type Owners interface {
	Assign(role RoleInterface, owner Owner, meta interface{}) (int64, error)
	HasRole(role RoleInterface, owner Owner) (bool, error)
	Unassign(role RoleInterface, owner Owner) error
	AllRoles(owner Owner, meta interface{}) ([]Role, error)
	RoleCount(owner Owner) (int64, error)
	ResetAssignments(ensure bool) error
	Table() string
}

type PermissionInterface 

type PermissionInterface interface{}

Permission can be ID, Title or Path

type Permissions 

type Permissions struct {
	// contains filtered or unexported fields
}

func (Permissions) Add 

func (p Permissions) Add(title string, description string, parentID int64) (int64, error)

func (Permissions) AddPath 

func (p Permissions) AddPath(path string, description []string) (int64, error)

func (Permissions) Assign 

func (p Permissions) Assign(role RoleInterface, permission PermissionInterface) (int64, error)

func (Permissions) Children 

func (p Permissions) Children(id int64) ([]path, error)

func (Permissions) Count 

func (p Permissions) Count() (int64, error)

func (Permissions) Depth 

func (p Permissions) Depth(id int64) (int64, error)

func (Permissions) Descendants 

func (p Permissions) Descendants(absolute bool, id int64) ([]path, error)

func (Permissions) Edit 

func (p Permissions) Edit(id int64, title, description string) error

func (Permissions) GetDescription 

func (p Permissions) GetDescription(id int64) (string, error)

func (Permissions) GetPath 

func (p Permissions) GetPath(id int64) (string, error)

func (Permissions) GetPermissionID 

func (p Permissions) GetPermissionID(permission PermissionInterface) (int64, error)

func (Permissions) GetTitle 

func (p Permissions) GetTitle(id int64) (string, error)

func (Permissions) ParentNode 

func (p Permissions) ParentNode(id int64) (int64, error)

func (Permissions) Reset 

func (p Permissions) Reset(ensure bool) error

func (Permissions) ResetAssignments 

func (p Permissions) ResetAssignments(ensure bool) error

func (Permissions) ReturnID 

func (p Permissions) ReturnID(entity string) (int64, error)

func (Permissions) TitleID 

func (p Permissions) TitleID(title string) (int64, error)

func (Permissions) Unassign 

func (p Permissions) Unassign(role RoleInterface, permission PermissionInterface) error

type Rbac 

type Rbac struct {
	// contains filtered or unexported fields
}

func New 

func New(config *Config) *Rbac

New returns a new instance of Rbac

func (*Rbac) AddOwnerExtension 

func (r *Rbac) AddOwnerExtension(name string, extension Owners) error

func (Rbac) Assign 

func (r Rbac) Assign(role RoleInterface, permission PermissionInterface) (int64, error)

Assign a role to a permission. Returns true if successful, false if unsuccessful.

func (Rbac) Check 

func (r Rbac) Check(permission PermissionInterface, userID UserInterface) (bool, error)

Check whether a user has a permission or not. Returns true if a user has a permission, false if otherwise.

func (*Rbac) DB 

func (r *Rbac) DB() *sql.DB

func (*Rbac) OwnerExtension 

func (r *Rbac) OwnerExtension(name string) Owners

func (Rbac) Permissions 

func (r Rbac) Permissions() *Permissions

Permissions exposes underlaying permissions struct

func (Rbac) Reset 

func (r Rbac) Reset(ensure bool)

Reset all roles, permissions and assignments. Ensure is a required boolean parameter. If true is not passed an fatal will be thrown.

func (Rbac) Roles 

func (r Rbac) Roles() *Roles

Roles exposes underlaying roles struct

func (Rbac) Unassign 

func (r Rbac) Unassign(role RoleInterface, permission PermissionInterface) error

Unassign a Role-Permission relation.

func (Rbac) Users 

func (r Rbac) Users() Owners

Users exposes underlaying users struct

type Role 

type Role struct {
	ID          int64
	Title       string
	Description string
}

type RoleInterface 

type RoleInterface interface{}

Role can be ID, Title or Path

type Roles 

type Roles struct {
	// contains filtered or unexported fields
}

func (Roles) Add 

func (r Roles) Add(title string, description string, parentID int64) (int64, error)

func (Roles) AddPath 

func (r Roles) AddPath(path string, description []string) (int64, error)

func (Roles) Assign 

func (r Roles) Assign(role RoleInterface, permission PermissionInterface) (int64, error)

Assign a role to a permission (or vice-verse). Returns true if successful, false if association already exists.

func (Roles) Children 

func (r Roles) Children(id int64) ([]path, error)

Children returns children of an Entity.

func (Roles) Count 

func (r Roles) Count() (int64, error)

func (Roles) Depth 

func (r Roles) Depth(id int64) (int64, error)

func (Roles) Descendants 

func (r Roles) Descendants(absolute bool, id int64) ([]path, error)

Descendants returns descendants of an Entity, with their depths in integer.

func (Roles) Edit 

func (r Roles) Edit(id int64, title, description string) error

func (Roles) GetDescription 

func (r Roles) GetDescription(id int64) (string, error)

func (Roles) GetPath 

func (r Roles) GetPath(id int64) (string, error)

func (Roles) GetRoleID 

func (r Roles) GetRoleID(role RoleInterface) (int64, error)

func (Roles) GetTitle 

func (r Roles) GetTitle(id int64) (string, error)

func (Roles) HasPermission 

func (r Roles) HasPermission(role RoleInterface, permission PermissionInterface) (bool, error)

HasPermission checks to see if a Role has a Permission or not.

func (Roles) ParentNode 

func (r Roles) ParentNode(id int64) (int64, error)

func (Roles) Permissions 

func (r Roles) Permissions(role RoleInterface) ([]permission, error)

func (Roles) Remove 

func (r Roles) Remove(role RoleInterface, recursive bool) error

Remove Roles from system. If set to true, all descendants of the Permission will also be removed.

func (Roles) Reset 

func (r Roles) Reset(ensure bool) error

func (Roles) ResetAssignments 

func (r Roles) ResetAssignments(ensure bool) error

func (Roles) ReturnID 

func (r Roles) ReturnID(entity string) (int64, error)

func (Roles) TitleID 

func (r Roles) TitleID(title string) (int64, error)

func (Roles) Unassign 

func (r Roles) Unassign(role RoleInterface, permission PermissionInterface) error

Unassign a Role-Permission relation.

func (Roles) UnassignPermissions 

func (r Roles) UnassignPermissions(role RoleInterface) error

func (Roles) UnassignUsers 

func (r Roles) UnassignUsers(role RoleInterface) error

type UserInterface 

type UserInterface interface{}

User can be ID(int,string)

type Users 

type Users struct {
	// contains filtered or unexported fields
}

func (Users) AllRoles 

func (u Users) AllRoles(userID Owner, _ interface{}) ([]Role, error)

Returns all Roles of a User.

func (Users) Assign 

func (u Users) Assign(role RoleInterface, userID Owner, _ interface{}) (int64, error)

Assigns a role to a user

func (Users) HasRole 

func (u Users) HasRole(role RoleInterface, userID Owner) (bool, error)

Checks to see whether a UserInterface has a Role or not.

func (Users) ResetAssignments 

func (u Users) ResetAssignments(ensure bool) error

func (Users) RoleCount 

func (u Users) RoleCount(userID Owner) (int64, error)

func (Users) Table 

func (u Users) Table() string

func (Users) Unassign 

func (u Users) Unassign(role RoleInterface, userID Owner) error

Unassigns a Role from a User interface.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.