AddGroupAssignmentsTx adds a role assignment to a group while inside a transaction.

AddRoleAssignments adds the specified role assignments to users or groups.

CheckForPermission checks if the user has the given permission on the given subject and logs the result unless logging is disabled.

EnablePermissionCheckLogging enables or disables rbac audit logging for CheckForPermissons.

GetAllRoles pulls back a summary of all roles from the database and paginates them.

GetAllRolesQuery builds the bun query for summarizing roles.

GetAssignedRoles returns the roles that a user is currently assigned.

GetGroupsFromUsersTx retrieves the group ids belonging to users while inside a transaction.

GetPermissionSummary retrieves a list of all roles a user is assigned to along with what scopes that roles are assigned to.

GetRolesAssignedToGroupsTx returns the set of roles assigned to a set of groups.

GetRolesByIDs returns a set of roles and their assignments from the DB.

GetRolesWithAssignmentsOnWorkspace gets all roles assigned to the workspace and what assignments they have on the workspace.

GetUsersAndGroupMembershipOnWorkspace gets all users assigned to the workspace and what groups they are in that are assigned to the workspace.

PaginateAndCountRoles executes the bun query with pagination and with a count of results.

PermittedScopes returns a set of scopes that the user has the given permission on.

RemoveGroupAssignmentsTx removes role assignments from groups while inside a transaction.

RemoveRoleAssignments removes the specified role assignments from groups or users.

UpdateUsersTimestampTx updates the user modified_at field to the present time.

UserPermissionsForScope finds what permissions a user has on a give scope.

AuthZProvider is the authz registry for RBAC.

ErrGlobalAssignedLocally occurs when an attempt is made to assign a role with a global-only permission using a non-global scope.

UnimplementedError is the error returned for unimplemented functions.

CheckForPermissionOptions represents the options for CheckForPermission.

Permission represents a Permission as it's stored in the database.

PermissionAssignment contains the database representation of a PermissionAssignment as well as the Permission itself and the Role it is assigned to.

RBACAPIServerImpl contains the RBAC implementation of RBACAPIServer.

RBACAPIServerWrapper is a struct that implements RBACAPIServer.

RBACAuthZBasic is basic OSS controls.

RBACAuthZPermissive is the permission implementation.

RBACAuthZRBAC is RBAC controls.

Role contains the database representation of a Role, along with the Permissions and RoleAssignments the Role references.

RoleAssignment contains the database representation of RoleAssignment along with the Role, Group, and Scope that the RoleAssignment references.

RoleAssignmentScope represents a RoleAssignmentScope as it's stored in the database.

RBACAPIServer is the interface for all functions in RBAC.

RBACAuthZ describes authz methods for RBAC.

CheckForPermissionOptionsFunc is a function type for defining options for CheckForPermission.

Permissions is a list of permissions.

RoleAssignments is a list of RoleAssignment.

Roles is a list of Role.