mirror of
https://github.com/mainflux/mainflux.git
synced 2025-04-29 13:49:28 +08:00
3042d6b40b
* MF-1489 - Add API for deleting policies Signed-off-by: Burak Sekili <buraksekili@gmail.com> * update request and decoder naming Signed-off-by: Burak Sekili <buraksekili@gmail.com> * update swagger doc summary for the endpoint Signed-off-by: Burak Sekili <buraksekili@gmail.com> Co-authored-by: Drasko DRASKOVIC <drasko.draskovic@gmail.com>
62 lines
2.2 KiB
Go
62 lines
2.2 KiB
Go
// Copyright (c) Mainflux
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package auth
|
|
|
|
import (
|
|
"context"
|
|
)
|
|
|
|
// PolicyReq represents an argument struct for making a policy related
|
|
// function calls.
|
|
type PolicyReq struct {
|
|
Subject string
|
|
Object string
|
|
Relation string
|
|
}
|
|
|
|
// Authz represents a authorization service. It exposes
|
|
// functionalities through `auth` to perform authorization.
|
|
type Authz interface {
|
|
// Authorize checks authorization of the given `subject`. Basically,
|
|
// Authorize verifies that Is `subject` allowed to `relation` on
|
|
// `object`. Authorize returns a non-nil error if the subject has
|
|
// no relation on the object (which simply means the operation is
|
|
// denied).
|
|
Authorize(ctx context.Context, pr PolicyReq) error
|
|
|
|
// AddPolicy creates a policy for the given subject, so that, after
|
|
// AddPolicy, `subject` has a `relation` on `object`. Returns a non-nil
|
|
// error in case of failures.
|
|
AddPolicy(ctx context.Context, pr PolicyReq) error
|
|
|
|
// AddPolicies adds new policies for given subjects. This method is
|
|
// only allowed to use as an admin.
|
|
AddPolicies(ctx context.Context, token, object string, subjectIDs, relations []string) error
|
|
|
|
// DeletePolicy removes a policy.
|
|
DeletePolicy(ctx context.Context, pr PolicyReq) error
|
|
|
|
// DeletePolicies deletes policies for given subjects. This method is
|
|
// only allowed to use as an admin.
|
|
DeletePolicies(ctx context.Context, token, object string, subjectIDs, relations []string) error
|
|
}
|
|
|
|
// PolicyAgent facilitates the communication to authorization
|
|
// services and implements Authz functionalities for certain
|
|
// authorization services (e.g. ORY Keto).
|
|
type PolicyAgent interface {
|
|
// CheckPolicy checks if the subject has a relation on the object.
|
|
// It returns a non-nil error if the subject has no relation on
|
|
// the object (which simply means the operation is denied).
|
|
CheckPolicy(ctx context.Context, pr PolicyReq) error
|
|
|
|
// AddPolicy creates a policy for the given subject, so that, after
|
|
// AddPolicy, `subject` has a `relation` on `object`. Returns a non-nil
|
|
// error in case of failures.
|
|
AddPolicy(ctx context.Context, pr PolicyReq) error
|
|
|
|
// DeletePolicy removes a policy.
|
|
DeletePolicy(ctx context.Context, pr PolicyReq) error
|
|
}
|