auth
auth/context.go
Introduced scopes. Created a Scope type and a scopeStore interface, along with the memstore methods for the scopeStore. This will allow applications to define access with granularity, so users can grant access to some data, not _all_ data. We're operating on the assumption that there won't be an unreasonable number of scopes defined, so there is no paging operation included for the ListScopes method. This is a decision that may have to be revisited in the future, depending on usecases.
1.1 --- a/context.go Thu Jan 29 20:40:55 2015 -0500 1.2 +++ b/context.go Fri Feb 20 22:34:43 2015 -0500 1.3 @@ -21,6 +21,7 @@ 1.4 profiles profileStore 1.5 tokens tokenStore 1.6 sessions sessionStore 1.7 + scopes scopeStore 1.8 config Config 1.9 } 1.10 1.11 @@ -36,6 +37,7 @@ 1.12 profiles: config.ProfileStore, 1.13 tokens: config.TokenStore, 1.14 sessions: config.SessionStore, 1.15 + scopes: config.ScopeStore, 1.16 template: config.Template, 1.17 config: config, 1.18 } 1.19 @@ -363,3 +365,38 @@ 1.20 } 1.21 return c.sessions.listSessions(profile, before, num) 1.22 } 1.23 + 1.24 +func (c Context) CreateScopes(scopes []Scope) error { 1.25 + if c.scopes == nil { 1.26 + return ErrNoScopeStore 1.27 + } 1.28 + return c.scopes.createScopes(scopes) 1.29 +} 1.30 + 1.31 +func (c Context) GetScopes(ids []string) ([]Scope, error) { 1.32 + if c.scopes == nil { 1.33 + return []Scope{}, ErrNoScopeStore 1.34 + } 1.35 + return c.scopes.getScopes(ids) 1.36 +} 1.37 + 1.38 +func (c Context) UpdateScopes(changes []ScopeChange) ([]Scope, error) { 1.39 + if c.scopes == nil { 1.40 + return []Scope{}, ErrNoScopeStore 1.41 + } 1.42 + return c.scopes.updateScopes(changes) 1.43 +} 1.44 + 1.45 +func (c Context) RemoveScopes(ids []string) error { 1.46 + if c.scopes == nil { 1.47 + return ErrNoScopeStore 1.48 + } 1.49 + return c.scopes.removeScopes(ids) 1.50 +} 1.51 + 1.52 +func (c Context) ListScopes() ([]Scope, error) { 1.53 + if c.scopes == nil { 1.54 + return []Scope{}, ErrNoScopeStore 1.55 + } 1.56 + return c.scopes.listScopes() 1.57 +}