33 lines
1.0 KiB
Go
33 lines
1.0 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/tech/sendico/pkg/model"
|
|
"go.mongodb.org/mongo-driver/v2/bson"
|
|
)
|
|
|
|
type Enforcer interface {
|
|
// Enforce checks if accountRef can do `action` on objectRef in an org (domainRef).
|
|
Enforce(
|
|
ctx context.Context,
|
|
permissionRef, accountRef, orgRef, objectRef bson.ObjectID,
|
|
action model.Action,
|
|
) (bool, error)
|
|
|
|
// Enforce batch of objects
|
|
EnforceBatch(
|
|
ctx context.Context,
|
|
objectRefs []model.PermissionBoundStorable,
|
|
accountRef bson.ObjectID,
|
|
action model.Action,
|
|
) (map[bson.ObjectID]bool, error)
|
|
|
|
// GetRoles returns the user's roles in a given org domain, plus any partial scopes if relevant.
|
|
GetRoles(ctx context.Context, accountRef, orgRef bson.ObjectID) ([]model.Role, error)
|
|
|
|
// GetPermissions returns all effective permissions (with effect, object scoping) for a user in org domain.
|
|
// Merges from all roles the user holds, plus any denies/exceptions.
|
|
GetPermissions(ctx context.Context, accountRef, orgRef bson.ObjectID) ([]model.Role, []model.Permission, error)
|
|
}
|