photoprism/internal/acl/roles.go

package acl

// Roles that can be assigned to users.
const (
	RoleAdmin        Role = "admin"
	RoleVisitor      Role = "visitor"
	RoleUnauthorized Role = "unauthorized"
	RoleDefault      Role = "default"
	RoleUnknown      Role = ""
)

// ValidRoles specifies the valid user roles.
var ValidRoles = map[string]Role{
	string(RoleAdmin):        RoleAdmin,
	string(RoleVisitor):      RoleVisitor,
	string(RoleUnauthorized): RoleUnauthorized,
}

// Roles grants permissions to roles.
type Roles map[Role]Grant

// Allow checks whether the permission is granted based on the role.
func (roles Roles) Allow(role Role, grant Permission) bool {
	if a, ok := roles[role]; ok {
		return a.Allow(grant)
	} else if a, ok = roles[RoleDefault]; ok {
		return a.Allow(grant)
	}

	return false
}
Sharing: ACL authorization for REST API #18 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-06-25 14:54:04 +02:00			`package acl`

Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`// Roles that can be assigned to users.`
Sharing: ACL authorization for REST API #18 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-06-25 14:54:04 +02:00			`const (`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`RoleAdmin Role = "admin"`
			`RoleVisitor Role = "visitor"`
			`RoleUnauthorized Role = "unauthorized"`
			`RoleDefault Role = "default"`
			`RoleUnknown Role = ""`
Sharing: ACL authorization for REST API #18 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-06-25 14:54:04 +02:00			`)`
Auth: Update ACL user roles #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-02 19:06:32 +02:00
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`// ValidRoles specifies the valid user roles.`
			`var ValidRoles = map[string]Role{`
			`string(RoleAdmin): RoleAdmin,`
			`string(RoleVisitor): RoleVisitor,`
			`string(RoleUnauthorized): RoleUnauthorized,`
Auth: Update ACL user roles #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-02 19:06:32 +02:00			`}`

Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`// Roles grants permissions to roles.`
			`type Roles map[Role]Grant`

			`// Allow checks whether the permission is granted based on the role.`
			`func (roles Roles) Allow(role Role, grant Permission) bool {`
			`if a, ok := roles[role]; ok {`
			`return a.Allow(grant)`
			`} else if a, ok = roles[RoleDefault]; ok {`
			`return a.Allow(grant)`
			`}`
Auth: Update ACL user roles #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-02 19:06:32 +02:00
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`return false`
Auth: Update ACL user roles #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-02 19:06:32 +02:00			`}`