github.com/weaviate/weaviate@v1.24.6/usecases/auth/authorization/authorizer.go

github.com/weaviate/weaviate@v1.24.6/usecases/auth/authorization/authorizer.go (about)

     1  //                           _       _
     2  // __      _____  __ ___   ___  __ _| |_ ___
     3  // \ \ /\ / / _ \/ _` \ \ / / |/ _` | __/ _ \
     4  //  \ V  V /  __/ (_| |\ V /| | (_| | ||  __/
     5  //   \_/\_/ \___|\__,_| \_/ |_|\__,_|\__\___|
     6  //
     7  //  Copyright © 2016 - 2024 Weaviate B.V. All rights reserved.
     8  //
     9  //  CONTACT: hello@weaviate.io
    10  //
    11  
    12  package authorization
    13  
    14  import (
    15  	"github.com/weaviate/weaviate/entities/models"
    16  	"github.com/weaviate/weaviate/usecases/auth/authorization/adminlist"
    17  	"github.com/weaviate/weaviate/usecases/config"
    18  )
    19  
    20  // Authorizer always makes a yes/no decision on a specific resource. Which
    21  // authorization technique is used in the background (e.g. RBAC, adminlist,
    22  // ...) is hidden through this interface
    23  type Authorizer interface {
    24  	Authorize(principal *models.Principal, verb, resource string) error
    25  }
    26  
    27  // New Authorizer based on the application-wide config
    28  func New(cfg config.Config) Authorizer {
    29  	if cfg.Authorization.AdminList.Enabled {
    30  		return adminlist.New(cfg.Authorization.AdminList)
    31  	}
    32  
    33  	return &DummyAuthorizer{}
    34  }
    35  
    36  // DummyAuthorizer is a pluggable Authorizer which can be used if no specific
    37  // authorizer is configured. It will allow every auth decision, i.e. it is
    38  // effectively the same as "no authorization at all"
    39  type DummyAuthorizer struct{}
    40  
    41  // Authorize on the DummyAuthorizer will allow any subject access to any
    42  // resource
    43  func (d *DummyAuthorizer) Authorize(principal *models.Principal, verb, resource string) error {
    44  	return nil
    45  }