upstream/mattermost
1
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2026-02-03 20:40:00 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
mattermost/server/public/model/access_request.go
Pablo Vélez f2f83187b8
MM-65618 - filter based on admin values (#33857) 
* MM-65618 - filter based on admin values

* add open api documentation

* adjust api description and adjust UX to match design

* reorganize function and add unit tests

* more UX adjustments; always show the self-exclusion warning modal

* use SubjectID parameter for more performant user lookup instead of fetching all matching users

* fix unit tests and remove wrong condition for job run

---------

Co-authored-by: Mattermost Build <build@mattermost.com>
2025-09-12 20:09:47 +02:00

75 lines
2.9 KiB
Go
Raw Permalink Blame History

// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package model
// Subject represents the user or a virtual entity for which the Authorization
// API is called.
type Subject struct {
// ID is the unique identifier of the Subject.
// it can be a user ID, bot ID, etc and it is scoped to the Type.
ID string `json:"id"`
// Type specifies the type of the Subject, eg. user, bot, etc.
Type string `json:"type"`
// Attributes are the key-value pairs assicuated with the subject.
// An attribute may be single-valued or multi-valued and can be a primitive type
// (string, boolean, number) or a complex type like a JSON object or array.
Attributes map[string]any `json:"attributes"`
}
type SubjectSearchOptions struct {
Term string `json:"term"`
TeamID string `json:"team_id"`
// Query and Args should be generated within the Access Control Service
// and passed here wrt database driver
Query string `json:"query"`
Args []any `json:"args"`
Limit int `json:"limit"`
Cursor SubjectCursor `json:"cursor"`
AllowInactive bool `json:"allow_inactive"`
IgnoreCount bool `json:"ignore_count"`
// ExcludeChannelMembers is used to exclude members from the search results
// specifically used when syncing channel members
ExcludeChannelMembers string `json:"exclude_members"`
// SubjectID is used to filter search results to a specific user ID
// This is particularly useful for validation queries where we only need to check
// if a specific user matches an expression, rather than fetching all matching users
SubjectID string `json:"subject_id"`
}
type SubjectCursor struct {
TargetID string `json:"target_id"`
}
// Resource is the target of an access request.
type Resource struct {
// ID is the unique identifier of the Resource.
// It can be a channel ID, post ID, etc and it is scoped to the Type.
ID string `json:"id"`
// Type specifies the type of the Resource, eg. channel, post, etc.
Type string `json:"type"`
}
// AccessRequest represents the input to the Policy Decision Point (PDP).
// It contains the Subject, Resource, Action and optional Context attributes.
type AccessRequest struct {
Subject Subject `json:"subject"`
Resource Resource `json:"resource"`
Action string `json:"action"`
Context map[string]any `json:"context,omitempty"`
}
// The PDP evaluates the request and returns an AccessDecision.
// The Decision field is a boolean indicating whether the request is allowed or not.
type AccessDecision struct {
Decision bool `json:"decision"`
Context map[string]any `json:"context,omitempty"`
}
type QueryExpressionParams struct {
Expression string `json:"expression"`
Term string `json:"term"`
Limit int `json:"limit"`
After string `json:"after"`
ChannelId string `json:"channelId,omitempty"`
}
Reference in a new issue View git blame Copy permalink