forked from couchbase/sync_gateway
-
Notifications
You must be signed in to change notification settings - Fork 0
/
principal.go
138 lines (102 loc) · 5.13 KB
/
principal.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
// Copyright (c) 2013 Couchbase, Inc.
// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
// except in compliance with the License. You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software distributed under the
// License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
// either express or implied. See the License for the specific language governing permissions
// and limitations under the License.
package auth
import (
"github.com/tophatch/sync_gateway/base"
ch "github.com/tophatch/sync_gateway/channels"
)
// A Principal is an abstract object that can have access to channels.
type Principal interface {
// The Principal's identifier.
Name() string
// The database sequence at which this Principal last changed
Sequence() uint64
SetSequence(sequence uint64)
// The set of channels the Principal belongs to, and what sequence access was granted.
Channels() ch.TimedSet
// The channels the Principal was explicitly granted access to thru the admin API.
ExplicitChannels() ch.TimedSet
// Sets the explicit channels the Principal has access to.
SetExplicitChannels(ch.TimedSet)
// The previous set of channels the Principal was granted. Used to maintain sequence history.
PreviousChannels() ch.TimedSet
// Sets the previous set of channels the Principal has access to.
SetPreviousChannels(ch.TimedSet)
// Returns true if the Principal has access to the given channel.
CanSeeChannel(channel string) bool
// If the Principal has access to the given channel, returns the sequence number at which
// access was granted; else returns zero.
CanSeeChannelSince(channel string) uint64
// If the Principal has access to the given channel, returns the vb and sequence number at which
// access was granted; else returns zero.
CanSeeChannelSinceVbSeq(channel string, hashFunction VBHashFunction) (base.VbSeq, bool)
// Validate that the specified vbSeq has a non-zero sequence, and populate the vbucket for
// admin grants.
ValidateGrant(vbseq *ch.VbSequence, hashFunction VBHashFunction) bool
// Returns an error if the Principal does not have access to all the channels in the set.
AuthorizeAllChannels(channels base.Set) error
// Returns an error if the Principal does not have access to any of the channels in the set.
AuthorizeAnyChannel(channels base.Set) error
// Returns an appropriate HTTPError for unauthorized access -- a 401 if the receiver is
// the guest user, else 403.
UnauthError(message string) error
DocID() string
accessViewKey() string
validate() error
setChannels(ch.TimedSet)
getVbNo(hashFunction VBHashFunction) uint16
}
// Role is basically the same as Principal, just concrete. Users can inherit channels from Roles.
type Role interface {
Principal
}
// A User is a Principal that can log in and have multiple Roles.
type User interface {
Principal
// The user's email address.
Email() string
// Sets the user's email address.
SetEmail(string) error
// If true, the user is unable to authenticate.
Disabled() bool
// Sets the disabled property
SetDisabled(bool)
// Authenticates the user's password.
Authenticate(password string) bool
// Changes the user's password.
SetPassword(password string)
// The set of Roles the user belongs to (including ones given to it by the sync function)
RoleNames() ch.TimedSet
// The roles the user was explicitly granted access to thru the admin API.
ExplicitRoles() ch.TimedSet
// Sets the explicit roles the user belongs to.
SetExplicitRoles(ch.TimedSet)
// Every channel the user has access to, including those inherited from Roles.
InheritedChannels() ch.TimedSet
// If the input set contains the wildcard "*" channel, returns the user's InheritedChannels;
// else returns the input channel list unaltered.
ExpandWildCardChannel(channels base.Set) base.Set
// Returns a TimedSet containing only the channels from the input set that the user has access
// to, annotated with the sequence number at which access was granted.
FilterToAvailableChannels(channels base.Set) ch.TimedSet
// Every channel the user has access to, including those inherited from Roles.
InheritedChannelsForClock(since base.SequenceClock) (channels ch.TimedSet, secondaryTriggers ch.TimedSet)
// If the input set contains the wildcard "*" channel, returns the user's InheritedChannels, restricted
// by the since value;
// else returns the input channel list unaltered.
ExpandWildCardChannelSince(channels base.Set, since base.SequenceClock) base.Set
// Returns a TimedSet containing only the channels from the input set that the user has access
// to, annotated with the sequence number at which access was granted. When there are multiple grants
// to the same channel, priority is given to values prior to the specified since.
FilterToAvailableChannelsForSince(channels base.Set, since base.SequenceClock) (ch.TimedSet, ch.TimedSet)
// Returns a Set containing channels that the user has access to, that aren't present in the
// input set
GetAddedChannels(channels ch.TimedSet) base.Set
setRolesSince(ch.TimedSet)
}