ACLMappingVar is a variable matcher that matches ACL map variables to their SQL storage. Usually the actual backing implementation is a pair of `jsonb` columns named `group_acl` and `user_acl`. Each column contains an object that looks like... ```json { " ": [" ", " "]
| 27 | // |
| 28 | // ``` |
| 29 | type ACLMappingVar struct { |
| 30 | // SelectSQL is used to `SELECT` the ACL mapping from the table for the |
| 31 | // given resource. ie. if the full query might look like `SELECT group_acl |
| 32 | // FROM things;` then you would want this to be `"group_acl"`. |
| 33 | SelectSQL string |
| 34 | // IndexMatcher handles variable references when indexing into the mapping. |
| 35 | // (ie. `input.object.acl_group_list[input.object.org_owner]`). We need one |
| 36 | // from the local context because the global one might not be correctly |
| 37 | // scoped. |
| 38 | IndexMatcher sqltypes.VariableMatcher |
| 39 | // Used if the action list isn't directly in the ACL entry. For example, in |
| 40 | // the `workspaces.group_acl` and `workspaces.user_acl` columns they're stored |
| 41 | // under a `"permissions"` key. |
| 42 | Subfield string |
| 43 | |
| 44 | // StructPath represents the path of the value in rego |
| 45 | // ie. input.object.group_acl -> ["input", "object", "group_acl"] |
| 46 | StructPath []string |
| 47 | |
| 48 | // Instance fields |
| 49 | Source sqltypes.RegoSource |
| 50 | GroupNode sqltypes.Node |
| 51 | } |
| 52 | |
| 53 | func ACLMappingMatcher(indexMatcher sqltypes.VariableMatcher, selectSQL string, structPath []string) ACLMappingVar { |
| 54 | return ACLMappingVar{IndexMatcher: indexMatcher, SelectSQL: selectSQL, StructPath: structPath} |
nothing calls this directly
no outgoing calls
no test coverage detected