feat(rbac)!: promote to v1.0.0 — MaxPermission constant, audit logging policy
Add MaxPermission constant (62) to make the valid bit range explicit in the API. Document in PermissionProvider that audit logging belongs in the application layer. API committed as stable: Identity, PermissionMask, context helpers, and PermissionProvider interface are unchanged from v0.9.0.
This commit is contained in:
@@ -11,8 +11,15 @@ package rbac
|
||||
// )
|
||||
//
|
||||
// The zero value (0) is a valid permission representing the first bit.
|
||||
// Valid positions are 0 through [MaxPermission] (62); values outside that
|
||||
// range are silently ignored by [PermissionMask.Has] and [PermissionMask.Grant].
|
||||
type Permission int64
|
||||
|
||||
// MaxPermission is the highest valid bit position (62).
|
||||
// Permission constants defined by the application must be in the range
|
||||
// [0, MaxPermission]. Bit 63 is reserved for the sign bit of the underlying int64.
|
||||
const MaxPermission Permission = 62
|
||||
|
||||
// PermissionMask is a resolved bit-mask for a user on a specific resource.
|
||||
// It is returned by [PermissionProvider.ResolveMask] and checked with [PermissionMask.Has].
|
||||
type PermissionMask int64
|
||||
|
||||
Reference in New Issue
Block a user