SDKsGo SDKAdmin API
Permissions
Check, grant, and revoke permissions with the Go SDK.
Permissions
Relationship-based access control using the Go SDK.
Check()
allowed, err := client.Permissions.Check(ctx, &avnologyid.CheckPermissionParams{
Subject: "user:usr_jane",
Relation: "editor",
Object: "project:proj_abc123",
})
if err != nil {
log.Fatal(err)
}
if allowed {
fmt.Println("User has editor access")
} else {
fmt.Println("Access denied")
}Grant()
err := client.Permissions.Grant(ctx, &avnologyid.GrantPermissionParams{
Subject: "user:usr_jane",
Relation: "editor",
Object: "project:proj_abc123",
})Revoke()
err := client.Permissions.Revoke(ctx, &avnologyid.RevokePermissionParams{
Subject: "user:usr_jane",
Relation: "editor",
Object: "project:proj_abc123",
})ListObjects()
result, err := client.Permissions.ListObjects(ctx, &avnologyid.ListObjectsParams{
Subject: "user:usr_jane",
Relation: "editor",
ObjectType: "project",
})
if err != nil {
log.Fatal(err)
}
for _, obj := range result.Objects {
fmt.Println(obj) // "project:proj_abc123"
}ListSubjects()
result, err := client.Permissions.ListSubjects(ctx, &avnologyid.ListSubjectsParams{
Object: "project:proj_abc123",
Relation: "editor",
})Expand()
tree, err := client.Permissions.Expand(ctx, &avnologyid.ExpandPermissionParams{
Object: "project:proj_abc123",
Relation: "viewer",
})
// tree.Type: "union"
// tree.Children: nested permission treeHTTP middleware
func requirePermission(relation string, objectFromReq func(*http.Request) string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userID := r.Context().Value("userID").(string)
object := objectFromReq(r)
allowed, err := client.Permissions.Check(r.Context(), &avnologyid.CheckPermissionParams{
Subject: "user:" + userID,
Relation: relation,
Object: object,
})
if err != nil || !allowed {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
next.ServeHTTP(w, r)
})
}
}See also
- Users -- User management
- Organizations -- Org management