security/permission_provider.go

package security

import "context"

// PermissionProvider resolves the permission mask for a user on a given resource.
//
// Implementations may call FromContext to retrieve the Identity (and its TenantID)
// when multi-tenancy is required — there is no need to thread tenantID as an
// explicit parameter since it is already in the context.
//
// The resource string identifies what is being accessed (e.g. "orders",
// "invoices"). Its meaning is defined by the application domain.
type PermissionProvider interface {
	// ResolveMask returns the PermissionMask for uid on resource.
	// A zero mask means no permissions are granted. Callers check individual
	// bits with PermissionMask.Has using domain-defined Permission constants.
	ResolveMask(ctx context.Context, uid, resource string) (PermissionMask, error)
}
feat(contracts): initial implementation (v1.0.0) Introduces code.nochebuena.dev/einherjar/contracts — the zero-dependency foundation of the Einherjar framework. Defines the interfaces and minimal types consumed by every starter. Zero external dependencies. Zero Einherjar dependencies. Nothing is above it in the dependency graph. lifecycle: - Component — OnInit, OnStart, OnStop three-phase lifecycle hooks observability: - Level (LevelCritical=0, LevelDegraded); zero value is the safe default - Checkable — HealthCheck, Name, Priority - Identifiable — ModulePath, ModuleVersion; implemented by all starters to surface module identity and version in the startup banner logging: - Logger — Debug, Info, Warn, Error, With, WithContext errs: - CodedError — ErrorCode() string; satisfied by core/xerrors.Err - ContextualError — ErrorContext() map[string]any; satisfied by core/xerrors.Err security: - Identity value type — UID, TenantID, DisplayName, Email; NewIdentity, WithTenant - Permission (int64), MaxPermission=62, PermissionMask — Has, Grant - PermissionProvider — ResolveMask(ctx, uid, resource) (PermissionMask, error) - SecurityBag value type — immutable request-scoped security context; carries Identity and arbitrary typed attributes (hardware IDs, grant codes, etc.); With copies the attribute map on every call to preserve receiver-invariant behaviour - NewSecurityBag, Identity, WithIdentity, Get, With - SetBagInContext / BagFromContext — full bag context storage - SetInContext / FromContext — backed by SecurityBag; all four cross-function combinations (SetInContext+BagFromContext, SetBagInContext+FromContext) are valid One file per type; CT-6 enforced by compliance test AST walk. 2026-05-29 15:43:08 +00:00			`package security`

			`import "context"`

			`// PermissionProvider resolves the permission mask for a user on a given resource.`
			`//`
			`// Implementations may call FromContext to retrieve the Identity (and its TenantID)`
			`// when multi-tenancy is required — there is no need to thread tenantID as an`
			`// explicit parameter since it is already in the context.`
			`//`
			`// The resource string identifies what is being accessed (e.g. "orders",`
			`// "invoices"). Its meaning is defined by the application domain.`
			`type PermissionProvider interface {`
			`// ResolveMask returns the PermissionMask for uid on resource.`
			`// A zero mask means no permissions are granted. Callers check individual`
			`// bits with PermissionMask.Has using domain-defined Permission constants.`
			`ResolveMask(ctx context.Context, uid, resource string) (PermissionMask, error)`
			`}`