89 lines
4.1 KiB
Go
89 lines
4.1 KiB
Go
package models
|
|
|
|
import "time"
|
|
|
|
// Permission represents a system permission
|
|
type Permission struct {
|
|
ID int `json:"id" db:"id"`
|
|
PermissionName string `json:"permission_name" db:"permission_name"`
|
|
Description string `json:"description" db:"description"`
|
|
Resource string `json:"resource" db:"resource"`
|
|
Action string `json:"action" db:"action"`
|
|
}
|
|
|
|
// RolePermission represents the junction table linking roles to permissions
|
|
type RolePermission struct {
|
|
ID int `json:"id" db:"id"`
|
|
RoleID int `json:"role_id" db:"role_id"`
|
|
PermissionID int `json:"permission_id" db:"permission_id"`
|
|
}
|
|
|
|
// PolicyAttribute represents an ABAC policy attribute/constraint
|
|
type PolicyAttribute struct {
|
|
ID int `json:"id" db:"id"`
|
|
AttributeName string `json:"attribute_name" db:"attribute_name"`
|
|
AttributeType string `json:"attribute_type" db:"attribute_type"` // user, resource, environment
|
|
Comparison string `json:"comparison" db:"comparison"` // =, !=, >, <, >=, <=, IN, CONTAINS
|
|
AttributeValue string `json:"attribute_value" db:"attribute_value"`
|
|
PermissionID int `json:"permission_id" db:"permission_id"`
|
|
}
|
|
|
|
// UserAttribute represents user-specific attributes for ABAC
|
|
type UserAttribute struct {
|
|
ID int `json:"id" db:"id"`
|
|
UserID string `json:"user_id" db:"user_id"`
|
|
AttributeName string `json:"attribute_name" db:"attribute_name"`
|
|
AttributeValue string `json:"attribute_value" db:"attribute_value"`
|
|
}
|
|
|
|
// User represents a system user
|
|
type User struct {
|
|
UserID string `json:"user_id" db:"user_id"`
|
|
FirstName string `json:"first_name" db:"first_name"`
|
|
MiddleInitial string `json:"middle_initial" db:"middle_initial"`
|
|
LastName string `json:"last_name" db:"last_name"`
|
|
Suffix string `json:"suffix" db:"suffix"`
|
|
EmailAddress string `json:"email_address" db:"email_address"`
|
|
EmpID string `json:"emp_id" db:"emp_id"`
|
|
IsLoggedIn string `json:"is_logged_in" db:"is_logged_in"`
|
|
FirstLoggedIn string `json:"first_logged_in" db:"first_logged_in"`
|
|
HomeAddress string `json:"home_address" db:"home_address"`
|
|
ContactNumber string `json:"contact_number" db:"contact_number"`
|
|
DeviceID string `json:"device_id" db:"device_id"`
|
|
RoleID int `json:"role_id" db:"role_id"`
|
|
IsDeleted string `json:"is_deleted" db:"is_deleted"`
|
|
SecretKey string `json:"secret_key" db:"secret_key"`
|
|
IsActivated string `json:"is_activated" db:"is_activated"`
|
|
CreatedAt time.Time `json:"created_at" db:"created_at"`
|
|
UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
|
|
}
|
|
|
|
// AuthorizationContext holds all context needed for authorization decisions
|
|
type AuthorizationContext struct {
|
|
UserID string `json:"user_id"`
|
|
Resource string `json:"resource"`
|
|
Action string `json:"action"`
|
|
RoleID string `json:"role_id"` // User's role ID
|
|
UserAttributes map[string]string `json:"user_attributes"`
|
|
ResourceData map[string]string `json:"resource_data"` // Additional resource context
|
|
Environment map[string]string `json:"environment"` // Time, location, etc.
|
|
}
|
|
|
|
// AuthorizationResult contains the result of an authorization check
|
|
type AuthorizationResult struct {
|
|
Allowed bool `json:"allowed"`
|
|
RedirectRoute string `json:"redirect_route,omitempty"` // Optional redirect route
|
|
Message string `json:"message,omitempty"` // Optional message
|
|
}
|
|
|
|
// CachedAuthorizationService adds caching layer to authorization
|
|
type CachedAuthorizationService struct {
|
|
PermissionCache map[string]*Permission `json:"-"` // key: "resource:action"
|
|
PolicyCache map[int][]PolicyAttribute `json:"-"`
|
|
UserAttrCache map[string]map[string]string `json:"-"` // key: userID
|
|
CacheMutex interface{} `json:"-"` // sync.RWMutex
|
|
UserAttrMutex interface{} `json:"-"` // sync.RWMutex
|
|
CacheExpiry time.Duration `json:"cache_expiry"`
|
|
LastCacheRefresh time.Time `json:"last_cache_refresh"`
|
|
}
|