USEFULL/drone
1
0
Fork 0
mirror of https://github.com/harness/drone.git synced 2025-05-01 05:00:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
drone/app/auth/authz/authz.go

59 lines
2.1 KiB
Go
Raw Permalink Blame History

// Copyright 2023 Harness, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package authz
import (
"context"
"errors"
"github.com/harness/gitness/app/auth"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
)
var (
// ErrNoPermissionCheckProvided is error that is thrown if no permission checks are provided.
ErrNoPermissionCheckProvided = errors.New("no permission checks provided")
)
// Authorizer abstraction of an entity responsible for authorizing access to resources.
type Authorizer interface {
/*
* Checks whether the principal of the current session with the provided metadata
* has the permission to execute the action on the resource within the scope.
* Returns
* (true, nil) - the action is permitted
* (false, nil) - the action is not permitted
* (false, err) - an error occurred while performing the permission check and the action should be denied
*/
Check(ctx context.Context,
session *auth.Session,
scope *types.Scope,
resource *types.Resource,
permission enum.Permission) (bool, error)
/*
* Checks whether the principal of the current session with the provided metadata
* has the permission to execute ALL the action on the resource within the scope.
* Returns
* (true, nil) - all requested actions are permitted
* (false, nil) - at least one requested action is not permitted
* (false, err) - an error occurred while performing the permission check and all actions should be denied
*/
CheckAll(ctx context.Context,
session *auth.Session,
permissionChecks ...types.PermissionCheck) (bool, error)
}
Reference in New Issue View Git Blame Copy Permalink