userclouds
diff --git a/‎authz/client.go
Lines changed: 480 additions & 193 deletions b/‎authz/client.go
Lines changed: 480 additions & 193 deletions
diff --git a/‎authz/constants.go
Lines changed: 12 additions & 10 deletions b/‎authz/constants.go
Lines changed: 12 additions & 10 deletions
diff --git a/‎authz/models.go
Lines changed: 15 additions & 1 deletion b/‎authz/models.go
Lines changed: 15 additions & 1 deletion
diff --git a/‎authz/object_validate_generated.go
Lines changed: 0 additions & 3 deletions b/‎authz/object_validate_generated.go
Lines changed: 0 additions & 3 deletions
diff --git a/‎go.mod
Lines changed: 1 addition & 0 deletions b/‎go.mod
Lines changed: 1 addition & 0 deletions
diff --git a/‎go.sum
Lines changed: 2 additions & 0 deletions b/‎go.sum
Lines changed: 2 additions & 0 deletions
@@ -1,17 +1,19 @@
 package authz
 
-import "github.com/gofrs/uuid"
+import (
+	"github.com/gofrs/uuid"
+
+	"userclouds.com/infra/ucdb"
+)
 
 // AuthZ object types & edge types (roles) provisioned for every tenant.
 // TODO: merge the string constant with the UUID into a const-ish struct to keep them associated,
 // particularly if we add more of these.
 // Keep in sync with TSX constants!
 // TODO: we should have a better way to sync constants between TS and Go
 const (
-	GroupObjectType = "_group"
-	UserObjectType  = "_user"
-	AdminRole       = "_admin"
-	MemberRole      = "_member"
+	ObjectTypeUser  = "_user"
+	ObjectTypeGroup = "_group"
 )
 
 // UserObjectTypeID is the ID of a built-in object type called "_user"
@@ -20,8 +22,8 @@ var UserObjectTypeID = uuid.Must(uuid.FromString("1bf2b775-e521-41d3-8b7e-78e894
 // GroupObjectTypeID is the ID of a built-in object type called "_group"
 var GroupObjectTypeID = uuid.Must(uuid.FromString("f5bce640-f866-4464-af1a-9e7474c4a90c"))
 
-// AdminRoleTypeID is the ID of a built-in edge type called "_admin"
-var AdminRoleTypeID = uuid.Must(uuid.FromString("60b69666-4a8a-4eb3-94dd-621298fb365d"))
-
-// MemberRoleTypeID is the ID of a built-in edge type called "_member"
-var MemberRoleTypeID = uuid.Must(uuid.FromString("1eec16ec-6130-4f9e-a51f-21bc19b20d8f"))
+// RBACAuthZObjectTypes is an array containing default AuthZ object types
+var RBACAuthZObjectTypes = []ObjectType{
+	{BaseModel: ucdb.NewBaseWithID(UserObjectTypeID), TypeName: ObjectTypeUser},
+	{BaseModel: ucdb.NewBaseWithID(GroupObjectTypeID), TypeName: ObjectTypeGroup},
+}
@@ -80,6 +80,8 @@ type EdgeType struct {
 	SourceObjectTypeID uuid.UUID  `db:"source_object_type_id,immutable" json:"source_object_type_id"  validate:"notnil"`
 	TargetObjectTypeID uuid.UUID  `db:"target_object_type_id,immutable" json:"target_object_type_id"  validate:"notnil"`
 	Attributes         Attributes `db:"attributes" json:"attributes"`
+
+	OrganizationID uuid.UUID `db:"organization_id" json:"organization_id"`
 }
 
 //go:generate genvalidate EdgeType
@@ -88,8 +90,10 @@ type EdgeType struct {
 type Object struct {
 	ucdb.BaseModel
 
-	Alias  string    `db:"alias" json:"alias" validate:"notempty"`
+	Alias  *string   `db:"alias" json:"alias,omitempty" validate:"allownil"`
 	TypeID uuid.UUID `db:"type_id,immutable" json:"type_id" validate:"notnil"`
+
+	OrganizationID uuid.UUID `db:"organization_id" json:"organization_id"`
 }
 
 //go:generate genvalidate Object
@@ -114,3 +118,13 @@ type Edge struct {
 type UserObject struct {
 	ucdb.BaseModel
 }
+
+// Organization defines a collection of objects inside of a single AuthZ namespace.
+// Uniqueness (of eg. Object aliases) is enforced by organization, rather than globally in a tenant
+type Organization struct {
+	ucdb.BaseModel
+
+	Name string `db:"name" json:"name" validate:"notempty"`
+}
+
+//go:generate genvalidate Organization
@@ -13,9 +13,6 @@ func (o *Object) Validate() error {
 	if err := o.BaseModel.Validate(); err != nil {
 		return ucerr.Wrap(err)
 	}
-	if o.Alias == "" {
-		return ucerr.Errorf("Object.Alias (%v) can't be empty", o.ID)
-	}
 	if o.TypeID == uuid.Nil {
 		return ucerr.Errorf("Object.TypeID (%v) can't be nil", o.ID)
 	}
 
@@ -6,4 +6,5 @@ require (
 	github.com/gofrs/uuid v4.0.0+incompatible
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/joho/godotenv v1.4.0 // indirect
+	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 )
@@ -4,3 +4,5 @@ github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keL
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg=
 github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
+github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
+github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
Original file line number	Diff line number	Diff line change
`@@ -13,9 +13,6 @@ func (o *Object) Validate() error {`
`13`	`13`	`if err := o.BaseModel.Validate(); err != nil {`
`14`	`14`	`return ucerr.Wrap(err)`
`15`	`15`	`}`
`16`		`- if o.Alias == "" {`
`17`		`- return ucerr.Errorf("Object.Alias (%v) can't be empty", o.ID)`
`18`		`- }`
`19`	`16`	`if o.TypeID == uuid.Nil {`
`20`	`17`	`return ucerr.Errorf("Object.TypeID (%v) can't be nil", o.ID)`
`21`	`18`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,4 +6,5 @@ require (`
`6`	`6`	`github.com/gofrs/uuid v4.0.0+incompatible`
`7`	`7`	`github.com/golang-jwt/jwt v3.2.2+incompatible // indirect`
`8`	`8`	`github.com/joho/godotenv v1.4.0 // indirect`
	`9`	`+ github.com/patrickmn/go-cache v2.1.0+incompatible // indirect`
`9`	`10`	`)`