provider.go

package rbac

import "context"

// PermissionProvider resolves the permission mask for a user on a given resource.
//
// Implementations may call [FromContext] to retrieve the [Identity] (and its
// TenantID) when multi-tenancy is required — there is no need to thread tenantID
// as an explicit parameter since it is already in the context.
//
// The resource string identifies what is being accessed (e.g. "orders",
// "invoices"). Its meaning is defined by the application.
//
// Audit logging of permission checks is out of scope for this package.
// Log denials and grants inside your PermissionProvider implementation or in
// the middleware layer that calls it.
//
// Example in-memory implementation for tests:
//
//	type staticProvider struct {
//	    mask rbac.PermissionMask
//	}
//
//	func (p *staticProvider) ResolveMask(_ context.Context, _, _ string) (rbac.PermissionMask, error) {
//	    return p.mask, nil
//	}
type PermissionProvider interface {
	ResolveMask(ctx context.Context, uid, resource string) (PermissionMask, error)
}
feat(rbac): initial stable release v0.9.0 Foundational identity and permission types for role-based access control — bit-set PermissionMask, immutable Identity value type, and PermissionProvider interface. What's included: - `Identity` value type with NewIdentity / WithTenant constructors and SetInContext / FromContext context helpers - `Permission` (int64 bit position) and `PermissionMask` (int64 bit-set) with O(1) Has and non-mutating Grant - `PermissionProvider` interface for DB-backed ResolveMask(ctx, uid, resource) resolution Tested-via: todo-api POC integration Reviewed-against: docs/adr/ 2026-03-18 13:25:43 -06:00			`package rbac`

			`import "context"`

			`// PermissionProvider resolves the permission mask for a user on a given resource.`
			`//`
			`// Implementations may call [FromContext] to retrieve the [Identity] (and its`
			`// TenantID) when multi-tenancy is required — there is no need to thread tenantID`
			`// as an explicit parameter since it is already in the context.`
			`//`
			`// The resource string identifies what is being accessed (e.g. "orders",`
			`// "invoices"). Its meaning is defined by the application.`
			`//`
feat(rbac)!: promote to v1.0.0 — MaxPermission constant, audit logging policy Add MaxPermission constant (62) to make the valid bit range explicit in the API. Document in PermissionProvider that audit logging belongs in the application layer. API committed as stable: Identity, PermissionMask, context helpers, and PermissionProvider interface are unchanged from v0.9.0. 2026-05-07 22:46:44 -06:00			`// Audit logging of permission checks is out of scope for this package.`
			`// Log denials and grants inside your PermissionProvider implementation or in`
			`// the middleware layer that calls it.`
			`//`
feat(rbac): initial stable release v0.9.0 Foundational identity and permission types for role-based access control — bit-set PermissionMask, immutable Identity value type, and PermissionProvider interface. What's included: - `Identity` value type with NewIdentity / WithTenant constructors and SetInContext / FromContext context helpers - `Permission` (int64 bit position) and `PermissionMask` (int64 bit-set) with O(1) Has and non-mutating Grant - `PermissionProvider` interface for DB-backed ResolveMask(ctx, uid, resource) resolution Tested-via: todo-api POC integration Reviewed-against: docs/adr/ 2026-03-18 13:25:43 -06:00			`// Example in-memory implementation for tests:`
			`//`
			`// type staticProvider struct {`
			`// mask rbac.PermissionMask`
			`// }`
			`//`
			`// func (p *staticProvider) ResolveMask(_ context.Context, _, _ string) (rbac.PermissionMask, error) {`
			`// return p.mask, nil`
			`// }`
			`type PermissionProvider interface {`
			`ResolveMask(ctx context.Context, uid, resource string) (PermissionMask, error)`
			`}`