casbinauthz

package
v0.0.0-...-6d3228f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 5, 2021 License: MIT Imports: 8 Imported by: 0

README

modules/casbin

Casbin authz is an authorization middleware for Revel, it's based on https://github.com/casbin/casbin.

Simple Example

package main

import (
	"net/http"
	"net/http/httptest"

	"github.com/casbin/casbin"
	"github.com/caeril/frevel/revel"
	"github.com/caeril/frevel/modules/auth/casbin"
)

var adapter = casbinauth.NewAdapter(params)
var enforcer = casbin.NewEnforcer("authz_model.conf", adapter)
var casbinModule = casbinauth.NewCasbinModule(enforcer)

var testFilters = []revel.Filter{
	casbinModule.AuthzFilter,
	func(c *revel.Controller, fc []revel.Filter) {
		c.RenderHTML("OK.")
	},
}

func main() {
	r, _ := http.NewRequest("GET", "/dataset1/resource1", nil)
    	r.SetBasicAuth("alice", "123")
    	w := httptest.NewRecorder()
    	context := revel.NewGoContext(nil)
    	context.Request.SetRequest(r)
    	context.Response.SetResponse(w)
    	c := revel.NewController(context)
    
    	testFilters[0](c, testFilters)
}

Documentation

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:

  1. subject: the logged-on user name
  2. object: the URL path for the web resource like "dataset1/item1"
  3. action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

For how to write authorization policy and other details, please refer to the Casbin's documentation.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckPermission

func CheckPermission(e *casbin.Enforcer, r *revel.Request) bool

CheckPermission checks the user/method/path combination from the request. Returns true (permission granted) or false (permission forbidden)

func GetUserName

func GetUserName(r *revel.Request) string

GetUserName gets the user name from the request. Currently, only HTTP basic authentication is supported

Types

type Adapter

type Adapter struct {
	// contains filtered or unexported fields
}

Adapter represents the Gorm adapter for policy storage.

func NewAdapter

func NewAdapter(params gormdb.DbInfo) *Adapter

NewAdapter is the constructor for Adapter.

func (*Adapter) AddPolicy

func (a *Adapter) AddPolicy(sec string, ptype string, rule []string) error

AddPolicy adds a policy rule to the storage.

func (*Adapter) LoadPolicy

func (a *Adapter) LoadPolicy(model model.Model) error

LoadPolicy loads policy from database.

func (*Adapter) RemoveFilteredPolicy

func (a *Adapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) error

RemoveFilteredPolicy removes policy rules that match the filter from the storage.

func (*Adapter) RemovePolicy

func (a *Adapter) RemovePolicy(sec string, ptype string, rule []string) error

RemovePolicy removes a policy rule from the storage.

func (*Adapter) SavePolicy

func (a *Adapter) SavePolicy(model model.Model) error

SavePolicy saves policy to database.

type CasbinModule

type CasbinModule struct {
	// contains filtered or unexported fields
}

func NewCasbinModule

func NewCasbinModule(enforcer *casbin.Enforcer) *CasbinModule

func (*CasbinModule) AuthzFilter

func (cm *CasbinModule) AuthzFilter(c *revel.Controller, fc []revel.Filter)

AuthzFilter enables the authorization based on Casbin.

Usage:

  1. Add `casbin.AuthzFilter` to the app's filters (it must come after the authentication).
  2. Init the Casbin enforcer.

type Line

type Line struct {
	PType string `gorm:"size:100"`
	V0    string `gorm:"size:100"`
	V1    string `gorm:"size:100"`
	V2    string `gorm:"size:100"`
	V3    string `gorm:"size:100"`
	V4    string `gorm:"size:100"`
	V5    string `gorm:"size:100"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL