mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-04-28 11:30:15 +00:00
feat: remove Enterprise badges, simplify Pro upgrade prompts
- Replace barrel import in AuditLogPanel.tsx to fix ad-blocker crash - Remove all Enterprise/Pro badges from nav and feature headers - Simplify upgrade CTAs to clean 'Upgrade to Pro' links - Update docs: PULSE_PRO.md, API.md, README.md, SECURITY.md - Align terminology: single Pro tier, no separate Enterprise tier Also includes prior refactoring: - Move auth package to pkg/auth for enterprise reuse - Export server functions for testability - Stabilize CLI tests
This commit is contained in:
rcourtman
parent
22059210f7
commit
3e2824a7ff
46 changed files with 509 additions and 578 deletions
65
pkg/auth/authorizer.go
Normal file
65
pkg/auth/authorizer.go
Normal file
|
|
@ -0,0 +1,65 @@
|
|||
package auth
|
||||
|
||||
import "context"
|
||||
|
||||
// Authorizer defines the interface for making access control decisions.
|
||||
type Authorizer interface {
|
||||
// Authorize checks if a subject (from context) can perform an action on a resource.
|
||||
// Returns true if allowed, false if denied, and an error if the check failed due to a system issue.
|
||||
Authorize(ctx context.Context, action string, resource string) (bool, error)
|
||||
}
|
||||
|
||||
type contextKey string
|
||||
|
||||
const (
|
||||
contextKeyUser contextKey = "user"
|
||||
)
|
||||
|
||||
// WithUser adds a username to the context
|
||||
func WithUser(ctx context.Context, username string) context.Context {
|
||||
return context.WithValue(ctx, contextKeyUser, username)
|
||||
}
|
||||
|
||||
// GetUser extracts the username from the context
|
||||
func GetUser(ctx context.Context) string {
|
||||
if user, ok := ctx.Value(contextKeyUser).(string); ok {
|
||||
return user
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
// DefaultAuthorizer is a pass-through implementation that allows everything.
|
||||
// Used in OSS version and when enterprise features are disabled.
|
||||
type DefaultAuthorizer struct{}
|
||||
|
||||
func (d *DefaultAuthorizer) Authorize(ctx context.Context, action string, resource string) (bool, error) {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
var globalAuthorizer Authorizer = &DefaultAuthorizer{}
|
||||
|
||||
// SetAuthorizer sets the global authorizer instance.
|
||||
// This is used by pulse-enterprise to register the real RBAC implementation.
|
||||
func SetAuthorizer(auth Authorizer) {
|
||||
globalAuthorizer = auth
|
||||
}
|
||||
|
||||
// AdminConfigurable is an optional interface for authorizers that can have an admin user set.
|
||||
type AdminConfigurable interface {
|
||||
SetAdminUser(username string)
|
||||
}
|
||||
|
||||
// SetAdminUser sets the admin user on the global authorizer if it supports it.
|
||||
func SetAdminUser(username string) {
|
||||
if username == "" {
|
||||
return
|
||||
}
|
||||
if configurable, ok := globalAuthorizer.(AdminConfigurable); ok {
|
||||
configurable.SetAdminUser(username)
|
||||
}
|
||||
}
|
||||
|
||||
// GetAuthorizer returns the global authorizer instance.
|
||||
func GetAuthorizer() Authorizer {
|
||||
return globalAuthorizer
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue