feat(rbac): initial stable release v0.9.0
Foundational identity and permission types for role-based access control — bit-set PermissionMask, immutable Identity value type, and PermissionProvider interface. What's included: - `Identity` value type with NewIdentity / WithTenant constructors and SetInContext / FromContext context helpers - `Permission` (int64 bit position) and `PermissionMask` (int64 bit-set) with O(1) Has and non-mutating Grant - `PermissionProvider` interface for DB-backed ResolveMask(ctx, uid, resource) resolution Tested-via: todo-api POC integration Reviewed-against: docs/adr/
This commit is contained in:
25
provider.go
Normal file
25
provider.go
Normal file
@@ -0,0 +1,25 @@
|
||||
package rbac
|
||||
|
||||
import "context"
|
||||
|
||||
// PermissionProvider resolves the permission mask for a user on a given resource.
|
||||
//
|
||||
// Implementations may call [FromContext] to retrieve the [Identity] (and its
|
||||
// TenantID) when multi-tenancy is required — there is no need to thread tenantID
|
||||
// as an explicit parameter since it is already in the context.
|
||||
//
|
||||
// The resource string identifies what is being accessed (e.g. "orders",
|
||||
// "invoices"). Its meaning is defined by the application.
|
||||
//
|
||||
// Example in-memory implementation for tests:
|
||||
//
|
||||
// type staticProvider struct {
|
||||
// mask rbac.PermissionMask
|
||||
// }
|
||||
//
|
||||
// func (p *staticProvider) ResolveMask(_ context.Context, _, _ string) (rbac.PermissionMask, error) {
|
||||
// return p.mask, nil
|
||||
// }
|
||||
type PermissionProvider interface {
|
||||
ResolveMask(ctx context.Context, uid, resource string) (PermissionMask, error)
|
||||
}
|
||||
Reference in New Issue
Block a user