go/rbac
1
0
Fork 0
Code Issues Pull Requests Packages Releases 1 Activity
Files
v0.9.0
rbac/provider.go

26 lines
856 B
Go
Raw Permalink Normal View History

feat(rbac): initial stable release v0.9.0 Foundational identity and permission types for role-based access control — bit-set PermissionMask, immutable Identity value type, and PermissionProvider interface. What's included: - `Identity` value type with NewIdentity / WithTenant constructors and SetInContext / FromContext context helpers - `Permission` (int64 bit position) and `PermissionMask` (int64 bit-set) with O(1) Has and non-mutating Grant - `PermissionProvider` interface for DB-backed ResolveMask(ctx, uid, resource) resolution Tested-via: todo-api POC integration Reviewed-against: docs/adr/
2026-03-18 13:25:43 -06:00
package rbac
import "context"
// PermissionProvider resolves the permission mask for a user on a given resource.
//
// Implementations may call [FromContext] to retrieve the [Identity] (and its
// TenantID) when multi-tenancy is required — there is no need to thread tenantID
// as an explicit parameter since it is already in the context.
//
// The resource string identifies what is being accessed (e.g. "orders",
// "invoices"). Its meaning is defined by the application.
//
// Example in-memory implementation for tests:
//
// type staticProvider struct {
// mask rbac.PermissionMask
// }
//
// func (p *staticProvider) ResolveMask(_ context.Context, _, _ string) (rbac.PermissionMask, error) {
// return p.mask, nil
// }
type PermissionProvider interface {
ResolveMask(ctx context.Context, uid, resource string) (PermissionMask, error)
}
Reference in New Issue Copy Permalink