gitea-mirror/Pulse
1
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-02-18 00:17:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3e2824a7ff8d27f6ba2fbbc70dccd19aefba06ae
Pulse/pkg/auth/authorizer.go
rcourtman 3e2824a7ff feat: remove Enterprise badges, simplify Pro upgrade prompts 
- Replace barrel import in AuditLogPanel.tsx to fix ad-blocker crash
- Remove all Enterprise/Pro badges from nav and feature headers
- Simplify upgrade CTAs to clean 'Upgrade to Pro' links
- Update docs: PULSE_PRO.md, API.md, README.md, SECURITY.md
- Align terminology: single Pro tier, no separate Enterprise tier

Also includes prior refactoring:
- Move auth package to pkg/auth for enterprise reuse
- Export server functions for testability
- Stabilize CLI tests
2026-01-09 16:51:08 +00:00

66 lines
1.9 KiB
Go
Raw Blame History

package auth
import "context"
// Authorizer defines the interface for making access control decisions.
type Authorizer interface {
// Authorize checks if a subject (from context) can perform an action on a resource.
// Returns true if allowed, false if denied, and an error if the check failed due to a system issue.
Authorize(ctx context.Context, action string, resource string) (bool, error)
}
type contextKey string
const (
contextKeyUser contextKey = "user"
)
// WithUser adds a username to the context
func WithUser(ctx context.Context, username string) context.Context {
return context.WithValue(ctx, contextKeyUser, username)
}
// GetUser extracts the username from the context
func GetUser(ctx context.Context) string {
if user, ok := ctx.Value(contextKeyUser).(string); ok {
return user
}
return ""
}
// DefaultAuthorizer is a pass-through implementation that allows everything.
// Used in OSS version and when enterprise features are disabled.
type DefaultAuthorizer struct{}
func (d *DefaultAuthorizer) Authorize(ctx context.Context, action string, resource string) (bool, error) {
return true, nil
}
var globalAuthorizer Authorizer = &DefaultAuthorizer{}
// SetAuthorizer sets the global authorizer instance.
// This is used by pulse-enterprise to register the real RBAC implementation.
func SetAuthorizer(auth Authorizer) {
globalAuthorizer = auth
}
// AdminConfigurable is an optional interface for authorizers that can have an admin user set.
type AdminConfigurable interface {
SetAdminUser(username string)
}
// SetAdminUser sets the admin user on the global authorizer if it supports it.
func SetAdminUser(username string) {
if username == "" {
return
}
if configurable, ok := globalAuthorizer.(AdminConfigurable); ok {
configurable.SetAdminUser(username)
}
}
// GetAuthorizer returns the global authorizer instance.
func GetAuthorizer() Authorizer {
return globalAuthorizer
}
Reference in New Issue View Git Blame Copy Permalink