TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 23:47:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
move-go
zitadel/apps/api/internal/domain/permission.go
Florian Forster cd2921de26 chore: move the go code into a subfolder
2025-08-05 15:20:32 -07:00

76 lines
3.3 KiB
Go
Raw Permalink Blame History

package domain
import "context"
type Permissions struct {
Permissions []string
}
func (p *Permissions) AppendPermissions(ctxID string, permissions ...string) {
for _, permission := range permissions {
p.appendPermission(ctxID, permission)
}
}
func (p *Permissions) appendPermission(ctxID, permission string) {
if ctxID != "" {
permission = permission + ":" + ctxID
}
for _, existingPermission := range p.Permissions {
if existingPermission == permission {
return
}
}
p.Permissions = append(p.Permissions, permission)
}
type PermissionCheck func(ctx context.Context, permission, resourceOwnerID, aggregateID string) (err error)
const (
PermissionUserWrite = "user.write"
PermissionUserRead = "user.read"
PermissionUserDelete = "user.delete"
PermissionUserCredentialWrite = "user.credential.write"
PermissionSessionWrite = "session.write"
PermissionSessionRead = "session.read"
PermissionSessionLink = "session.link"
PermissionSessionDelete = "session.delete"
PermissionOrgRead = "org.read"
PermissionIDPRead = "iam.idp.read"
PermissionOrgIDPRead = "org.idp.read"
PermissionProjectWrite = "project.write"
PermissionProjectRead = "project.read"
PermissionProjectDelete = "project.delete"
PermissionProjectGrantWrite = "project.grant.write"
PermissionProjectGrantRead = "project.grant.read"
PermissionProjectGrantDelete = "project.grant.delete"
PermissionProjectRoleWrite = "project.role.write"
PermissionProjectRoleRead = "project.role.read"
PermissionProjectRoleDelete = "project.role.delete"
PermissionProjectAppWrite = "project.app.write"
PermissionProjectAppDelete = "project.app.delete"
PermissionProjectAppRead = "project.app.read"
PermissionInstanceMemberWrite = "iam.member.write"
PermissionInstanceMemberDelete = "iam.member.delete"
PermissionInstanceMemberRead = "iam.member.read"
PermissionOrgMemberWrite = "org.member.write"
PermissionOrgMemberDelete = "org.member.delete"
PermissionOrgMemberRead = "org.member.read"
PermissionProjectMemberWrite = "project.member.write"
PermissionProjectMemberDelete = "project.member.delete"
PermissionProjectMemberRead = "project.member.read"
PermissionProjectGrantMemberWrite = "project.grant.member.write"
PermissionProjectGrantMemberDelete = "project.grant.member.delete"
PermissionProjectGrantMemberRead = "project.grant.member.read"
PermissionUserGrantWrite = "user.grant.write"
PermissionUserGrantRead = "user.grant.read"
PermissionUserGrantDelete = "user.grant.delete"
PermissionIAMPolicyWrite = "iam.policy.write"
PermissionIAMPolicyDelete = "iam.policy.delete"
PermissionPolicyRead = "policy.read"
)
// ProjectPermissionCheck is used as a check for preconditions dependent on application, project, user resourceowner and usergrants.
// Configurable on the project the application belongs to through the flags related to authentication.
type ProjectPermissionCheck func(ctx context.Context, clientID, userID string) (err error)
Reference in New Issue View Git Blame Copy Permalink