MCPcopy Index your code
hub / github.com/authorizerdev/authorizer / AuthorizationEngine

Interface AuthorizationEngine

internal/authorization/engine/engine.go:113–178  ·  view source on GitHub ↗

AuthorizationEngine is the SPI for a ReBAC authorization backend. All decision methods (Check, BatchCheck, ListObjects) are fail-closed at the call site: callers must treat a non-nil error as a deny and never as an allow. Identifiers follow OpenFGA conventions ("type:id", relation names, usersets "

Source from the content-addressed store, hash-verified

111//
112// Implementations are expected to be safe for concurrent use.
113type AuthorizationEngine interface {
114 // Check reports whether user is related to object via relation. Optional
115 // contextual tuples are evaluated for this call only and are not persisted.
116 // Returns (false, err) on engine error; callers must fail closed.
117 Check(ctx context.Context, user, relation, object string, ctxTuples ...ContextualTuple) (bool, error)
118
119 // BatchCheck evaluates multiple CheckRequests. The returned slice is
120 // positionally aligned with the input: result[i] answers requests[i]. An
121 // error indicates a whole-batch failure; callers must fail closed for every
122 // request in the batch.
123 BatchCheck(ctx context.Context, requests []CheckRequest) ([]CheckResult, error)
124
125 // ListObjects returns the IDs of objects of type objType to which user is
126 // related via relation. This is the RAG/pre-filter primitive and is an
127 // expensive enumeration surface — callers must paginate, cap, and
128 // rate-limit. Returned IDs are fully qualified ("document:1").
129 ListObjects(ctx context.Context, user, relation, objType string) ([]string, error)
130
131 // ListUsers returns the fully qualified user IDs (e.g. "user:alice") of type
132 // userType that have relation on object. It is the inverse of ListObjects:
133 // "who can access this object?". This is a powerful enumeration surface that
134 // reveals the access graph — callers must admin-gate, cap and audit. Returned
135 // users are fully qualified ("user:alice").
136 ListUsers(ctx context.Context, object, relation, userType string) ([]string, error)
137
138 // Expand returns the OpenFGA relationship/userset tree for (relation, object)
139 // rendered as a JSON string. This is the explainability/"why" primitive: it
140 // shows how a relation resolves (direct assignments, usersets, computed
141 // relations). It reveals the access graph and must be admin-gated.
142 Expand(ctx context.Context, relation, object string) (string, error)
143
144 // WriteTuples persists the given relationship tuples. It is additive;
145 // duplicate writes may error depending on the backend.
146 WriteTuples(ctx context.Context, tuples []TupleKey) error
147
148 // DeleteTuples removes the given relationship tuples. Deleting a
149 // non-existent tuple may error depending on the backend.
150 DeleteTuples(ctx context.Context, tuples []TupleKey) error
151
152 // ReadTuples returns a page of persisted tuples matching the filter, plus a
153 // continuation token. It is an enumeration surface — always paginate.
154 ReadTuples(ctx context.Context, filter ReadTuplesFilter) (*ReadTuplesResult, error)
155
156 // WriteModel installs a new authorization model from its DSL form and
157 // returns the backend-assigned model ID. Writing a model is powerful (a
158 // single edit can re-grant broadly) and must be admin-gated, audited, and
159 // staged by callers.
160 WriteModel(ctx context.Context, dsl string) (string, error)
161
162 // ReadModel returns the currently active authorization model: its
163 // backend-assigned id and its DSL rendering.
164 ReadModel(ctx context.Context) (id string, dsl string, err error)
165
166 // TypeRelations returns, for every object type in the active model, the
167 // relation names defined on it (type -> sorted relation names). Types with
168 // no relations are omitted. It powers "list everything this subject can
169 // access" enumeration. Returns ErrNoModel (wrapped) when no model has been
170 // written yet.

Implementers 1

engineImplinternal/authorization/engine/openfga/

Calls

no outgoing calls

Tested by

no test coverage detected