Rene Nochebuena
0864f031a1
Foundational identity and permission types for role-based access control — bit-set PermissionMask, immutable Identity value type, and PermissionProvider interface. What's included: - `Identity` value type with NewIdentity / WithTenant constructors and SetInContext / FromContext context helpers - `Permission` (int64 bit position) and `PermissionMask` (int64 bit-set) with O(1) Has and non-mutating Grant - `PermissionProvider` interface for DB-backed ResolveMask(ctx, uid, resource) resolution Tested-via: todo-api POC integration Reviewed-against: docs/adr/
26 lines
856 B
Go
26 lines
856 B
Go
package rbac
|
|
|
|
import "context"
|
|
|
|
// PermissionProvider resolves the permission mask for a user on a given resource.
|
|
//
|
|
// Implementations may call [FromContext] to retrieve the [Identity] (and its
|
|
// TenantID) when multi-tenancy is required — there is no need to thread tenantID
|
|
// as an explicit parameter since it is already in the context.
|
|
//
|
|
// The resource string identifies what is being accessed (e.g. "orders",
|
|
// "invoices"). Its meaning is defined by the application.
|
|
//
|
|
// Example in-memory implementation for tests:
|
|
//
|
|
// type staticProvider struct {
|
|
// mask rbac.PermissionMask
|
|
// }
|
|
//
|
|
// func (p *staticProvider) ResolveMask(_ context.Context, _, _ string) (rbac.PermissionMask, error) {
|
|
// return p.mask, nil
|
|
// }
|
|
type PermissionProvider interface {
|
|
ResolveMask(ctx context.Context, uid, resource string) (PermissionMask, error)
|
|
}
|