service backend
This commit is contained in:
Stephan D
32
api/pkg/auth/enforcer.go
Normal file
32
api/pkg/auth/enforcer.go
Normal file
@@ -0,0 +1,32 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
)
|
||||
|
||||
type Enforcer interface {
|
||||
// Enforce checks if accountRef can do `action` on objectRef in an org (domainRef).
|
||||
Enforce(
|
||||
ctx context.Context,
|
||||
permissionRef, accountRef, orgRef, objectRef primitive.ObjectID,
|
||||
action model.Action,
|
||||
) (bool, error)
|
||||
|
||||
// Enforce batch of objects
|
||||
EnforceBatch(
|
||||
ctx context.Context,
|
||||
objectRefs []model.PermissionBoundStorable,
|
||||
accountRef primitive.ObjectID,
|
||||
action model.Action,
|
||||
) (map[primitive.ObjectID]bool, error)
|
||||
|
||||
// GetRoles returns the user's roles in a given org domain, plus any partial scopes if relevant.
|
||||
GetRoles(ctx context.Context, accountRef, orgRef primitive.ObjectID) ([]model.Role, error)
|
||||
|
||||
// GetPermissions returns all effective permissions (with effect, object scoping) for a user in org domain.
|
||||
// Merges from all roles the user holds, plus any denies/exceptions.
|
||||
GetPermissions(ctx context.Context, accountRef, orgRef primitive.ObjectID) ([]model.Role, []model.Permission, error)
|
||||
}
|
||||
Reference in New Issue
Block a user