Authorizer always makes a yes/no decision on a specific resource. Which authorization technique is used in the background (e.g. RBAC, adminlist, ...) is hidden through this interface
| 21 | // authorization technique is used in the background (e.g. RBAC, adminlist, |
| 22 | // ...) is hidden through this interface |
| 23 | type Authorizer interface { |
| 24 | Authorize(ctx context.Context, principal *models.Principal, verb string, resources ...string) error |
| 25 | // AuthorizeSilent Silent authorization without audit logs |
| 26 | AuthorizeSilent(ctx context.Context, principal *models.Principal, verb string, resources ...string) error |
| 27 | // FilterAuthorizedResources authorize the passed resources with best effort approach, it will return |
| 28 | // list of allowed resources, if none, it will return an empty slice |
| 29 | FilterAuthorizedResources(ctx context.Context, principal *models.Principal, verb string, resources ...string) ([]string, error) |
| 30 | } |
| 31 | |
| 32 | // DummyAuthorizer is a pluggable Authorizer which can be used if no specific |
| 33 | // authorizer is configured. It will allow every auth decision, i.e. it is |
no outgoing calls
no test coverage detected
searching dependent graphs…