Role is a set of permissions at multiple levels: - Site permissions apply EVERYWHERE - Org permissions apply to EVERYTHING in a given ORG - User permissions apply to all resources the user owns - OrgMember permissions apply to resources in the given org that the user owns This is the type passed int
| 744 | // Users of this package should instead **only** use the role names, and |
| 745 | // this package will expand the role names into their json payloads. |
| 746 | type Role struct { |
| 747 | Identifier RoleIdentifier `json:"name"` |
| 748 | // DisplayName is used for UI purposes. If the role has no display name, |
| 749 | // that means the UI should never display it. |
| 750 | DisplayName string `json:"display_name"` |
| 751 | Site []Permission `json:"site"` |
| 752 | User []Permission `json:"user"` |
| 753 | // ByOrgID is a map of organization IDs to permissions. Grouping by |
| 754 | // organization makes roles easy to combine. |
| 755 | ByOrgID map[string]OrgPermissions `json:"by_org_id"` |
| 756 | |
| 757 | // cachedRegoValue can be used to cache the rego value for this role. |
| 758 | // This is helpful for static roles that never change. |
| 759 | cachedRegoValue ast.Value |
| 760 | } |
| 761 | |
| 762 | type OrgPermissions struct { |
| 763 | Org []Permission `json:"org"` |
nothing calls this directly
no outgoing calls
no test coverage detected