Documentation
¶
Index ¶
- type Context
- type ContextOption
- type Enforcer
- func (e *Enforcer) AddRule(rule []string) (bool, error)
- func (e *Enforcer) AddRules(rules [][]string) error
- func (e *Enforcer) Enforce(params ...interface{}) (bool, error)
- func (e *Enforcer) EnforceWithContext(ctx *Context, rvals ...interface{}) (bool, error)
- func (e *Enforcer) Filter(params ...interface{}) ([][]string, error)
- func (e *Enforcer) FilterWithContext(ctx *Context, rvals ...interface{}) ([][]string, error)
- func (e *Enforcer) Flush() error
- func (e *Enforcer) GetModel() model.IModel
- func (e *Enforcer) GetStorageController() *storage.StorageController
- func (e *Enforcer) LoadPolicy() error
- func (e *Enforcer) RangeMatches(params []interface{}, fn func(rule []string) bool) error
- func (e *Enforcer) RangeMatchesWithContext(ctx *Context, rvals []interface{}, fn func(rule []string) bool) error
- func (e *Enforcer) RemoveRule(rule []string) (bool, error)
- func (e *Enforcer) RemoveRules(rules [][]string) error
- func (e *Enforcer) SavePolicy() error
- func (e *Enforcer) SetAdapter(adapter storage.Adapter)
- func (e *Enforcer) SetOption(option Option) error
- type IEnforcer
- type Option
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Context ¶
type Context struct {
// contains filtered or unexported fields
}
func NewContext ¶
func NewContext(model model.IModel, options ...ContextOption) (*Context, error)
type ContextOption ¶
func SetEffector ¶
func SetEffector(effector interface{}) ContextOption
func SetMatcher ¶
func SetMatcher(matcher interface{}) ContextOption
func SetRequestDef ¶
func SetRequestDef(definition interface{}) ContextOption
type Enforcer ¶
type Enforcer struct {
// contains filtered or unexported fields
}
func NewEnforcer ¶
NewEnforcer creates a new Enforcer instance. An Enforcer is the main item of FastAC
Without adapter and default options:
NewEnforcer("model.conf", nil)
With adapter and autosave enabled
adapter := gormadapter.NewAdapter(db, tableName) NewEnforcer("model.conf", adapter, OptionAutosave(true))
func (*Enforcer) AddRule ¶
AddRule adds a rule to the model Returns false, if the rule was already present
Add policy rule:
e.AddRule("p", "alice", "data1", "read")
Add grouping rule:
e.AddRule("g", "alice", "group1")
func (*Enforcer) Enforce ¶
Enforce decides whether to allow or deny a request It is possible to pass ContextOptions, everything else will be treated as a request value
func (*Enforcer) EnforceWithContext ¶
func (*Enforcer) Filter ¶
Filter will fetch all rules which match the given request It is possible to pass ContextOptions, everything else will be treated as a request value The effect of rules is not considered.
Get all permissons from alice:
e.Filter(SetMatcher("p.user == \"alice\""))
Get all grouping rules in domain1:
e.Filter(SetMatcher("g.domain == \"domain1\""))
func (*Enforcer) FilterWithContext ¶
func (*Enforcer) Flush ¶
Flush sends all the modifications of the rule set to the storage adapter.
store rule, when autosave is disabled:
e.AddRule("g", "alice", "group1") e.Flush()
func (*Enforcer) GetStorageController ¶
func (e *Enforcer) GetStorageController() *storage.StorageController
func (*Enforcer) LoadPolicy ¶
LoadPolicy loads all rules from the storage adapter into the model. The model is not cleared before the loading process
func (*Enforcer) RangeMatches ¶
func (*Enforcer) RangeMatchesWithContext ¶
func (*Enforcer) RemoveRule ¶
RemoveRule removes a rule from the model Returns false, if the rule was not present
Add policy rule:
e.RemoveRule("p", "alice", "data1", "read")
Add grouping rule:
e.RemoveRule("g", "alice", "group1")
func (*Enforcer) RemoveRules ¶
RemoveRules removes multiple rules from the model
func (*Enforcer) SavePolicy ¶
SavePolicy stores all rules from the model into the storage adapter.
func (*Enforcer) SetAdapter ¶
SetAdapter sets the storage adapter
type IEnforcer ¶
type IEnforcer interface { GetModel() model.IModel SetModel(m model.IModel) GetAdapter() *storage.Adapter SetAdapter(*storage.Adapter) Enforce(rvals ...interface{}) (bool, error) EnforceWithMatcher(matcher string, rvals ...interface{}) (bool, error) EnforceWithKeys(mKey string, rKey string, eKey string, rvals ...interface{}) Filter(rvals ...interface{}) (bool, error) FilterWithMatcher(matcher string, rvals ...interface{}) (bool, error) FilterWithKeys(mKey string, rKey string, rvals ...interface{}) (bool, error) AddRule(params ...string) (bool, error) RemoveRule(params ...string) (bool, error) }
type Option ¶
func OptionAutosave ¶
Option to disable/enable the autosave feature (default: disabled) If autosave is disabled, Flush needs to be called to save modified rules Enable autosave:
NewEnforcer(model, adapter, OptionAutosave(true))
Or:
e.SetOption(OptionAutosave(true))
func OptionStorage ¶
Option to disable/enable the storage feature (default: enabled, if an adapter is supplied) If storage is disabled, the StorageController will not listen for rule updates