74 lines
2.2 KiB
Go
74 lines
2.2 KiB
Go
// Package domain holds the permission module's domain-level definitions
|
|
// (entities, enums, repository/usecase interfaces, errors, redis key
|
|
// helpers, BSON field names). Sub-packages MUST NOT depend on the
|
|
// repository or usecase implementation packages.
|
|
package domain
|
|
|
|
// MongoDB BSON field names used by repositories. Keep in sync with the
|
|
// `bson:` tags on entity structs so usecase / repo code never relies on
|
|
// magic strings.
|
|
const (
|
|
BSONFieldID = "_id"
|
|
BSONFieldTenantID = "tenant_id"
|
|
BSONFieldUID = "uid"
|
|
|
|
// permissions collection
|
|
BSONFieldName = "name"
|
|
BSONFieldParent = "parent"
|
|
BSONFieldHTTPMethods = "http_methods"
|
|
BSONFieldHTTPPath = "http_path"
|
|
BSONFieldStatus = "status"
|
|
BSONFieldType = "type"
|
|
|
|
// roles collection
|
|
BSONFieldKey = "key"
|
|
BSONFieldDisplayName = "display_name"
|
|
BSONFieldCreatorUID = "creator_uid"
|
|
BSONFieldIsSystem = "is_system"
|
|
|
|
// role_permissions
|
|
BSONFieldRoleID = "role_id"
|
|
BSONFieldPermissionID = "permission_id"
|
|
|
|
// user_roles
|
|
BSONFieldSource = "source"
|
|
|
|
// role_mappings
|
|
BSONFieldExternalSource = "external_source"
|
|
BSONFieldExternalKey = "external_key"
|
|
BSONFieldInternalRoleID = "internal_role_id"
|
|
BSONFieldInternalRoleKey = "internal_role_key"
|
|
|
|
BSONFieldCreateAt = "create_at"
|
|
BSONFieldUpdateAt = "update_at"
|
|
)
|
|
|
|
// Casbin policy section markers and reload pubsub channel.
|
|
const (
|
|
CasbinPolicyType = "p"
|
|
|
|
// PolicyReloadChannel is the Redis Pub/Sub channel used to broadcast
|
|
// "tenant policy needs reload" events across pods. Payload is JSON:
|
|
// { "tenant_id": "xxx", "ts": 1716120000000 }
|
|
// tenant_id == "*" means full LoadAllPolicies.
|
|
PolicyReloadChannel = "casbin:reload"
|
|
|
|
// PolicyReloadAllToken is the wildcard for full reload.
|
|
PolicyReloadAllToken = "*"
|
|
)
|
|
|
|
// Role.Key constraints (identity-member-design.md §6.5).
|
|
const (
|
|
RoleKeyMinLength = 2
|
|
RoleKeyMaxLength = 64
|
|
RoleDisplayNameMax = 128
|
|
PermissionNameMax = 128
|
|
HTTPPathMaxLength = 256
|
|
HTTPMethodsMaxLen = 64
|
|
ExternalKeyMaxLen = 256
|
|
RoleMappingPageSize = 50
|
|
)
|
|
|
|
// Reserved Role.Key prefixes that B2B tenants must not register.
|
|
var ReservedRoleKeyPrefixes = []string{"system.", "platform_"}
|