types.gno
1.05 Kb · 38 lines
1package rbac
2
3type Permission struct {
4 Name string
5 Description string
6}
7
8type AssignmentContext struct {
9 EntityID string
10 User address
11 RoleName string
12 CurrentRoleAssignments int
13 UserRoleCount int
14}
15
16// AssignmentCheck is trusted policy code supplied by the RBAC owner.
17// It is stored internally and is never returned through Role views.
18type AssignmentCheck func(AssignmentContext) bool
19
20// RoleSpec is the input type for creating or updating roles.
21// AssignmentCheck may close over owner state, so role mutation must be
22// restricted by the owning realm that stores RBAC.
23type RoleSpec struct {
24 Name string
25 Description string
26 PermissionNames []string
27 Metadata map[string]string
28 AssignmentCheck AssignmentCheck
29}
30
31// Role is a public read model. It intentionally excludes AssignmentCheck
32// so stored callback capabilities are not exposed to callers.
33type Role struct {
34 Name string
35 Description string
36 PermissionNames []string
37 Metadata map[string]string
38}