2020-06-25 14:54:04 +02:00
|
|
|
package acl
|
|
|
|
|
2022-09-28 09:01:17 +02:00
|
|
|
// Roles that can be assigned to users.
|
2020-06-25 14:54:04 +02:00
|
|
|
const (
|
2022-10-13 22:11:02 +02:00
|
|
|
RoleDefault Role = "default"
|
|
|
|
RoleAdmin Role = "admin"
|
|
|
|
RoleVisitor Role = "visitor"
|
|
|
|
RoleUnknown Role = ""
|
2020-06-25 14:54:04 +02:00
|
|
|
)
|
2022-09-02 19:06:32 +02:00
|
|
|
|
2023-01-30 16:15:01 +01:00
|
|
|
// RoleStrings represents user role names mapped to roles.
|
|
|
|
type RoleStrings = map[string]Role
|
|
|
|
|
2022-09-28 09:01:17 +02:00
|
|
|
// ValidRoles specifies the valid user roles.
|
2023-01-30 16:15:01 +01:00
|
|
|
var ValidRoles = RoleStrings{
|
2022-10-13 22:11:02 +02:00
|
|
|
string(RoleAdmin): RoleAdmin,
|
|
|
|
string(RoleVisitor): RoleVisitor,
|
|
|
|
string(RoleUnknown): RoleUnknown,
|
2022-09-02 19:06:32 +02:00
|
|
|
}
|
|
|
|
|
2022-09-28 09:01:17 +02:00
|
|
|
// Roles grants permissions to roles.
|
|
|
|
type Roles map[Role]Grant
|
|
|
|
|
|
|
|
// Allow checks whether the permission is granted based on the role.
|
|
|
|
func (roles Roles) Allow(role Role, grant Permission) bool {
|
|
|
|
if a, ok := roles[role]; ok {
|
|
|
|
return a.Allow(grant)
|
|
|
|
} else if a, ok = roles[RoleDefault]; ok {
|
|
|
|
return a.Allow(grant)
|
|
|
|
}
|
2022-09-02 19:06:32 +02:00
|
|
|
|
2022-09-28 09:01:17 +02:00
|
|
|
return false
|
2022-09-02 19:06:32 +02:00
|
|
|
}
|