Spaces:
Running
Running
File size: 1,521 Bytes
b110593 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
// _ _
// __ _____ __ ___ ___ __ _| |_ ___
// \ \ /\ / / _ \/ _` \ \ / / |/ _` | __/ _ \
// \ V V / __/ (_| |\ V /| | (_| | || __/
// \_/\_/ \___|\__,_| \_/ |_|\__,_|\__\___|
//
// Copyright © 2016 - 2024 Weaviate B.V. All rights reserved.
//
// CONTACT: [email protected]
//
package authorization
import (
"github.com/weaviate/weaviate/entities/models"
"github.com/weaviate/weaviate/usecases/auth/authorization/adminlist"
"github.com/weaviate/weaviate/usecases/config"
)
// Authorizer always makes a yes/no decision on a specific resource. Which
// authorization technique is used in the background (e.g. RBAC, adminlist,
// ...) is hidden through this interface
type Authorizer interface {
Authorize(principal *models.Principal, verb, resource string) error
}
// New Authorizer based on the application-wide config
func New(cfg config.Config) Authorizer {
if cfg.Authorization.AdminList.Enabled {
return adminlist.New(cfg.Authorization.AdminList)
}
return &DummyAuthorizer{}
}
// DummyAuthorizer is a pluggable Authorizer which can be used if no specific
// authorizer is configured. It will allow every auth decision, i.e. it is
// effectively the same as "no authorization at all"
type DummyAuthorizer struct{}
// Authorize on the DummyAuthorizer will allow any subject access to any
// resource
func (d *DummyAuthorizer) Authorize(principal *models.Principal, verb, resource string) error {
return nil
}
|