mirror of
https://github.com/harness/drone.git
synced 2025-05-08 19:00:30 +08:00
1115a5083b
This change is adding the concept of Paths. A repository and space always have a Primary Path which always is represents the ancestry to the root space. All access history / resource visibility / child listings / UI traversal / etc. is done via that path. Additionally, repos and spaces can have Alias Paths, which as the name states are aliases. via the primary path. They sole impact is that a space or repo can be reached via different paths from the UI / rest apis / git apis. This fulfills two major purposes: - Customers can rename or move projects and spaces without breaking any existing references from CI pipeliens / code bases / local repos / ... - Customer can create shorter aliases for important repos when in harness embeded mode! (acc/org/proj/repo can be shortened to acc/repo, or acc/repo' Apart from the path changes, this PR adds: Improved User facing errors Improved internal error handling and wrapping update / rename operation for repo and space path list / delete / create operation for repo and space
34 lines
1.5 KiB
Go
34 lines
1.5 KiB
Go
// Copyright 2022 Harness Inc. All rights reserved.
|
|
// Use of this source code is governed by the Polyform Free Trial License
|
|
// that can be found in the LICENSE.md file for this repository.
|
|
|
|
package authz
|
|
|
|
import (
|
|
"github.com/harness/gitness/types"
|
|
"github.com/harness/gitness/types/enum"
|
|
)
|
|
|
|
/*
|
|
* An abstraction of an entity responsible for authorizing access to resources.
|
|
*/
|
|
type Authorizer interface {
|
|
/*
|
|
* Checks whether the provided principal has the permission to execute the action on the resource within the scope.
|
|
* Returns
|
|
* (true, nil) - the principal has permission to perform the action
|
|
* (false, nil) - the principal does not have permission to perform the action
|
|
* (false, err) - an error occured while performing the permission check and the action should be denied
|
|
*/
|
|
Check(principalType enum.PrincipalType, principalId string, scope *types.Scope, resource *types.Resource, permission enum.Permission) (bool, error)
|
|
|
|
/*
|
|
* Checks whether the provided principal the required permission to execute ALL the requested actions on the resource within the scope.
|
|
* Returns
|
|
* (true, nil) - the principal has permission to perform all the requested actions
|
|
* (false, nil) - the principal does not have permission to perform all the actions (at least one is not allowed)
|
|
* (false, err) - an error occured while performing the permission check and all actions should be denied
|
|
*/
|
|
CheckAll(principalType enum.PrincipalType, principalId string, permissionChecks ...*types.PermissionCheck) (bool, error)
|
|
}
|