photoprism/internal/acl/resource.go
Michael Mayer 467f7b1585 OAuth2: Add Client Credentials Authentication #213 #782 #808 #3730 #3943
This adds standard OAuth2 client credentials and bearer token support as
well as scope-based authorization checks for REST API clients. Note that
this initial implementation should not be used in production and that
the access token limit has not been implemented yet.

Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-12-12 18:42:50 +01:00

56 lines
1.5 KiB
Go

package acl
import "strings"
// Resources that Roles can be granted Permission.
const (
ResourceFiles Resource = "files"
ResourceFolders Resource = "folders"
ResourceShares Resource = "shares"
ResourcePhotos Resource = "photos"
ResourceVideos Resource = "videos"
ResourceFavorites Resource = "favorites"
ResourceAlbums Resource = "albums"
ResourceMoments Resource = "moments"
ResourceCalendar Resource = "calendar"
ResourcePeople Resource = "people"
ResourcePlaces Resource = "places"
ResourceLabels Resource = "labels"
ResourceConfig Resource = "config"
ResourceSettings Resource = "settings"
ResourcePassword Resource = "password"
ResourceServices Resource = "services"
ResourceUsers Resource = "users"
ResourceLogs Resource = "logs"
ResourceWebDAV Resource = "webdav"
ResourceMetrics Resource = "metrics"
ResourceFeedback Resource = "feedback"
ResourceDefault Resource = "default"
)
// Resource represents a resource for which roles can be granted Permission.
type Resource string
// String returns the type as string.
func (r Resource) String() string {
if r == "" {
return "default"
}
return string(r)
}
// LogId returns an identifier string for use in log messages.
func (r Resource) LogId() string {
return r.String()
}
// Equal checks if the type matches.
func (r Resource) Equal(s string) bool {
return strings.EqualFold(s, r.String())
}
// NotEqual checks if the type is different.
func (r Resource) NotEqual(s string) bool {
return !r.Equal(s)
}