1
0
mirror of https://github.com/go-micro/go-micro.git synced 2025-06-12 22:07:47 +02:00

Remove roles (replaced with scope)

This commit is contained in:
Ben Toogood
2020-05-21 14:56:17 +01:00
parent 4de19805ba
commit 856c73b341
13 changed files with 93 additions and 226 deletions

View File

@ -4,7 +4,6 @@ package auth
import (
"context"
"errors"
"strings"
"time"
)
@ -14,7 +13,7 @@ const BearerScheme = "Bearer "
var (
// ErrInvalidToken is when the token provided is not valid
ErrInvalidToken = errors.New("invalid token provided")
// ErrForbidden is when a user does not have the necessary roles or scoeps to access a resource
// ErrForbidden is when a user does not have the necessary scope to access a resource
ErrForbidden = errors.New("resource forbidden")
)
@ -50,8 +49,6 @@ type Account struct {
Type string `json:"type"`
// Provider who issued the account
Provider string `json:"provider"`
// Roles associated with the Account
Roles []string `json:"roles"`
// Any other associated metadata
Metadata map[string]string `json:"metadata"`
// Scopes the account has access to
@ -60,36 +57,6 @@ type Account struct {
Secret string `json:"secret"`
}
// HasScope returns a boolean indicating if the account has the given scope
func (a *Account) HasScope(scopes ...string) bool {
if a.Scopes == nil {
return false
}
for _, s := range a.Scopes {
if s == strings.Join(scopes, ".") {
return true
}
}
return false
}
// HasRole returns a boolean indicating if the account has the given role
func (a *Account) HasRole(role string) bool {
if a.Roles == nil {
return false
}
for _, r := range a.Roles {
if r == role {
return true
}
}
return false
}
// Token can be short or long lived
type Token struct {
// The token to be used for accessing resources
@ -131,9 +98,9 @@ const (
type Rule struct {
// ID of the rule, e.g. "public"
ID string
// Role the rule requires, a blank role indicates open to the public and * indicates the rule
// Scope the rule requires, a blank scope indicates open to the public and * indicates the rule
// applies to any valid account
Role string
Scope string
// Resource the rule applies to
Resource *Resource
// Access determines if the rule grants or denies access to the resource