Skip to main content
Version: 2.0.0

Data Filtering

Implementing data filtering within access control represents a different approach to managing permissions. Instead of merely granting or denying access, it curates what users see, tailoring the data to their individual permissions. This method ensures not only secure access but also optimized data delivery.

Simple usage

package main

import (
"fmt"
)
import p "github.com/permitio/permit-golang/pkg/permit"
import "github.com/permitio/permit-golang/pkg/config"
import "github.com/permitio/permit-golang/pkg/enforcement"

func main() {
// Create permit client
permitConfig := config.NewConfigBuilder("").Build()
permit := p.New(permitConfig)

requestContext := map[string]string{
"source": "docs",
}
user := enforcement.UserBuilder("john@doe.com").Build()
var action enforcement.Action = "read"
resourcesToCheck := []enforcement.ResourceI{
enforcement.ResourceBuilder("document").WithID("document-1").WithTenant(enforcement.DefaultTenant),
enforcement.ResourceBuilder("folder").WithID("folder-1").WithTenant(enforcement.DefaultTenant),
enforcement.ResourceBuilder("document").WithID("document-2").WithTenant(enforcement.DefaultTenant),
enforcement.ResourceBuilder("document").WithID("document-3").WithTenant(enforcement.DefaultTenant),
}
var allowedResources []enforcement.ResourceI
var err error
// Filter the objects
allowedResources, err = permit.FilterObjects(user, action, requestContext, resourcesToCheck...)
if err != nil {
fmt.Printf("Error enforcing permissions: %s", err)
} else {
// The response indexes correspond to the request indexes
for i, resource := range allowedResources {
fmt.Printf("%d. User '%s' is PERMITTED to '%s' a '%s' with id '%s'\n",
i, user.Key, action, resource.GetType(), resource.GetID(),
)
}
}
}

Advanced Usage

STAY TUNED!

In the near future, you'll be able to seamlessly integrate permission enforcement directly into your database queries using partial evaluation.

This advanced integration will analyze your policies, formulate optimized query filter conditions, and facilitate the incorporation of these conditions into your database queries. This ensures that the data retrieved is strictly confined to what the user is authorized to view.