-
Notifications
You must be signed in to change notification settings - Fork 33
/
authz.go
67 lines (55 loc) · 1.92 KB
/
authz.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
// Copyright (c) Jeevanandam M. (https://github.com/jeevatkm)
// Source code and usage is governed by a MIT style
// license that can be found in the LICENSE file.
package authz
import (
"errors"
"fmt"
"aahframe.work/config"
"aahframe.work/security/authc"
)
var (
// ErrAuthorizerIsNil error is return when authorizer is nil in the auth scheme.
ErrAuthorizerIsNil = errors.New("security/authz: authorizer is nil")
)
// Authorizer interface is used to provide authorization info (roles and permissions)
// after successful authentication.
type Authorizer interface {
// Init method gets called by aah during an application start.
Init(appCfg *config.Config) error
// GetAuthorizationInfo method called by auth scheme after authentication
// successful to get Subject's (aka User) access control information
// such as roles and permissions.
GetAuthorizationInfo(authcInfo *authc.AuthenticationInfo) *AuthorizationInfo
}
// Reason struct used to represent authorization failed details.
type Reason struct {
Func string
Expected string
Got string
}
// String method is Stringer interface
func (r Reason) String() string {
return fmt.Sprintf("reason(func=%s expected=%s got=%s)", r.Func, r.Expected, r.Got)
}
// Error method is error interface
func (r Reason) Error() string {
return fmt.Sprintf("error(func=%s expected=%s got=%s)", r.Func, r.Expected, r.Got)
}
//‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
// Unexported methods
//___________________________________
// acquirePermission method gets from pool or creates an `Permission` instance
// with zero values.
func acquirePermission() *Permission {
return permissionPool.Get().(*Permission)
}
// releasePermission method resets and puts back to pool for repurpose.
func releasePermission(permissions ...*Permission) {
for _, p := range permissions {
if p != nil {
p.Reset()
permissionPool.Put(p)
}
}
}