OrgGo/Mainflux.mainflux
1
0
Fork 0
mirror of https://github.com/mainflux/mainflux.git synced 2025-05-01 13:48:56 +08:00
Code Issues Projects Releases Wiki Activity
Mainflux.mainflux/auth/policies.go
Dušan Borovčanin 27d4646db4
MF-1443 - Add policies (#1482) 
* MF-1443 - add policies

Signed-off-by: Burak Sekili <buraksekili@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>

* fix users create

Signed-off-by: Burak Sekili <buraksekili@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>

* MF-1454 - Add Policies for sharing a Thing (#1463)

* MF-1454 - Add policies for sharing a Thing

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Add a test case for sharing thing and update mock of AddPolicy

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Update ShareThing parameter naming

Signed-off-by: Burak Sekili <buraksekili@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>

* MF-1454 - Policy Removal  (#1466)

* Add DeletePolicy gRPC endpoint in auth package

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Update default admin creation

Signed-off-by: Burak Sekili <buraksekili@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>

* NOISSUE - Add policy addition endpoint (#1479)

* NOISSUE - Add policy addition endpoint

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Update name of the method

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

remove build tag

Signed-off-by: Burak Sekili <buraksekili@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>

* NOISSUE - Add tests for AddPolicies (#1480)

* NOISSUE - Add tests for adding policy and update authz check

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Add more tests and update request body validation

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Update test case structure and utilize mock prefix for test ids

Signed-off-by: Burak Sekili <buraksekili@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>

* MF-1454 - Add initial policies for Group access control (#1467)

Signed-off-by: Burak Sekili <buraksekili@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>

* Resolve PR comments

Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>

Co-authored-by: Author: Burak Sekili <buraksekili@gmail.com>
2021-10-27 00:38:28 +02:00

58 lines
2.0 KiB
Go
Raw Blame History

// Copyright (c) Mainflux
// SPDX-License-Identifier: Apache-2.0
package auth
import (
"context"
)
// PolicyReq represents an argument struct for making a policy related
// function calls.
type PolicyReq struct {
Subject string
Object string
Relation string
}
// Authz represents a authorization service. It exposes
// functionalities through `auth` to perform authorization.
type Authz interface {
// Authorize checks authorization of the given `subject`. Basically,
// Authorize verifies that Is `subject` allowed to `relation` on
// `object`. Authorize returns a non-nil error if the subject has
// no relation on the object (which simply means the operation is
// denied).
Authorize(ctx context.Context, pr PolicyReq) error
// AddPolicy creates a policy for the given subject, so that, after
// AddPolicy, `subject` has a `relation` on `object`. Returns a non-nil
// error in case of failures.
AddPolicy(ctx context.Context, pr PolicyReq) error
// AddPolicies adds new policies for given subjects. This method is
// only allowed to use as an admin.
AddPolicies(ctx context.Context, token, object string, subjectIDs, relations []string) error
// DeletePolicy removes a policy.
DeletePolicy(ctx context.Context, pr PolicyReq) error
}
// PolicyAgent facilitates the communication to authorization
// services and implements Authz functionalities for certain
// authorization services (e.g. ORY Keto).
type PolicyAgent interface {
// CheckPolicy checks if the subject has a relation on the object.
// It returns a non-nil error if the subject has no relation on
// the object (which simply means the operation is denied).
CheckPolicy(ctx context.Context, pr PolicyReq) error
// AddPolicy creates a policy for the given subject, so that, after
// AddPolicy, `subject` has a `relation` on `object`. Returns a non-nil
// error in case of failures.
AddPolicy(ctx context.Context, pr PolicyReq) error
// DeletePolicy removes a policy.
DeletePolicy(ctx context.Context, pr PolicyReq) error
}
Reference in New Issue View Git Blame Copy Permalink