egutierrez
c7531e2b4d
Crea el paquete puro pkg/security/ con los tipos base del sistema
centralizado de permisos y la función ResolveACL.
Cambios:
- pkg/acl/config.go: añade FromRoles([]Role) ACL como constructor directo
- pkg/security/groups.go: UserGroup, AgentGroup
- pkg/security/policy.go: Permission, AgentPolicy, SecurityPolicy
- pkg/security/resolver.go: ResolveACL(agentID, SecurityPolicy) → acl.ACL
* soporte wildcard de agente ("*") y de usuario ("*")
* políticas acumulativas: unión de permisos entre grupos
* referencia directa por agentID sin definir grupo
- pkg/security/security_test.go: 7 tests cubriendo todos los casos del issue
El paquete es pure core: cero I/O, cero side effects.
Mergeado con feature flag centralized-security-groups = false (no wired).
18 lines
482 B
Go
18 lines
482 B
Go
// Package security provides pure types and functions for centralized permission management.
|
|
// No I/O, no side effects — only data transformations.
|
|
package security
|
|
|
|
// UserGroup is a named set of Matrix user IDs.
|
|
// Members may contain "*" to represent all users.
|
|
type UserGroup struct {
|
|
Name string
|
|
Members []string
|
|
}
|
|
|
|
// AgentGroup is a named set of agent IDs.
|
|
// Agents may contain "*" to represent all agents.
|
|
type AgentGroup struct {
|
|
Name string
|
|
Agents []string
|
|
}
|