Documentation
¶
Index ¶
- Constants
- Variables
- func AddCasbinRules2Db(tx *gorm.DB, addEhRules []EnhancedCasbinRulesItem) (err error)
- func AddRule(ruleType string, params ...interface{}) (bool, error)
- func Assemble2CasbinStr(items ...string) (string, error)
- func CmpUserIds2GetNewAndRmUserIds(currentUids []int, futureUids []int) (isEqual bool, needAddUids []int, needRmUids []int)
- func Convert2InterfaceSlice(builtinItems ...interface{}) (res []interface{})
- func DelCasbinRulesFromDb(tx *gorm.DB, delEhRules []EnhancedCasbinRulesItem) (err error)
- func DelRule(ruleType string, params ...interface{}) (bool, error)
- func Enforce(params ...interface{}) (bool, error)
- func EnforceEX(params ...interface{}) (bool, []string, error)
- func EnforceOneInMany(rules ...[]interface{}) (bool, error)
- func EnforcerLoadPolicy()
- func EnforcerLock()
- func EnforcerUnlock()
- func EnsureRuleExist(ruleType string, ruleItems ...string) (err error)
- func GetActCnName(enAct string) string
- func GetAppSubResourceCnName(enSubR string) string
- func GetDomTypeAndId(domStr string) (domType string, domId int)
- func GetDomainCascaderOptions(iid int) (resp view.RespDomainCascader)
- func GetPmsCommonInfo(iid int) view.ResPmsCommonInfo
- func GetPrefixCnName(enPrefix string) string
- func GetPrefixOfString(str string) (prefix string)
- func GetRulesByResourceObj(targetObj string, reqAct string, reqDom string) *[]EnhancedCasbinRulesItem
- func GetRulesByRole(roleStr string, reqDom string) *[]EnhancedCasbinRulesItem
- func GetRulesByRoleStrDirectly(roleStr string, reqDom string) *[]EnhancedCasbinRulesItem
- func GetUidBySubjectStr(subjectStr string) (uid int)
- func GetValidRoleStrByRoleItem(roleItem view.RoleItem) (res string, err error)
- func Invoker()
- func IsActMatched(reqAct string, policyAct string) bool
- func IsDomMatched(reqDom string, policyDom string) bool
- func IsRootWithoutCheckingSysLock(uid int) bool
- func IsStringSliceEqual(a, b []string) bool
- func JointActs2RuleActStr(acts ...string) string
- func ReloadPolicy()
- func SplitCasbinUnActStr(casbinItemStr string) (items []string, err error)
- func TransUserGxRule2RoleItemDetail(gType string, ruleParams ...string) (res view.RoleItem, err error)
- type EnhancedCasbinRulesItem
Constants ¶
const ( RuleTypeP = "p" RuleTypeG = "g" RuleTypeG2 = "g2" RuleTypeG3 = "g3" )
const ( PrefixRoute = "route" PrefixInstance = "instance" // using in obj or g2; PrefixMenu = "menu" // using in obj PrefixSubRsrc = "subResource" // using in obj of p rule. PrefixUser = "user" // using in sub, g, g2, g3; e.g. PrefixUser + SEP + UID, i.e. user__123 PrefixRole = "role" // using in sub, g or g3; e.g. PrefixRole + SEP + R-NAME + [...], i.e. "role__root" or "role__admin__app__svc-user" PrefixGroup = "group" // using in p.obj or g2; e.g. PrefixGroup + SEP + G-NAME + [...], i.e. group__admin PrefixDatabase = "Database" // using e.g. PrefixEnt + SEP + ENT-ID, i.e. ent__1 PrefixTable = "Table" // using in dom; )
prefix const
const ( ActFull = "*" ActView = "view" ActEdit = "edit" ActDelete = "delete" ActGrant = "grant" )
Action相关常量
const ( AllRsrc = "*" Role = "role" InstanceBase = "base" Alarm = "alarm" CollectionRules = "collectionRules" FieldManagement = "fieldManagement" )
资源 常量
const AllDom = "dom*" // used as an option in domainCascadeSelector.
const (
ConfigRsrcAll = "*"
)
const (
ROLE_ADMIN = "admin"
)
角色相关常量
const SEP = "__" // the Separator using in sub, obj and dom
const SystemDom = "system"
Variables ¶
var AppDeployAct = []string{ActFull, ActEdit, ActView}
var NormalAct = []string{ActFull, ActView, ActEdit}
var PermittedActMap = map[string]string{ ActFull: "All(全部)", ActView: "只读", ActEdit: "编辑", ActDelete: "删除", ActGrant: "授权", }
var PermittedAppAdminGrantSubResource = map[string]string{}
var PermittedConfigRsrcSubResource = map[string]string{ ConfigRsrcAll: "全部(all)", }
var PermittedDomPrefixMap = map[string]string{ SystemDom: "系统", PrefixDatabase: "数据库", PrefixTable: "日志表", }
current only support ent and env in dom. TODO: support other types in dom
var PermittedGroupingRuleMap = map[string]struct{}{ RuleTypeG: {}, RuleTypeG2: {}, RuleTypeG3: {}, }
var PermittedPrefixInP0 = map[string]string{ PrefixRole: "角色", }
only support "role" in first item of p rule currently. TODO: support other prefix in future.
var PermittedPrefixMap = map[string]string{ PrefixRoute: "路由", PrefixInstance: "实例", PrefixSubRsrc: "子资源", PrefixMenu: "菜单", PrefixUser: "用户", PrefixRole: "角色", PrefixGroup: "组", PrefixDatabase: "数据库", PrefixTable: "日志表", }
对于以下这个Map, 其key: 当前Casbin的sub, obj, dom字符中允许的prefix; value: 对应的中文名
var PermittedRuleTypes = map[string]string{ RuleTypeP: "普通规则_p(in domain)", RuleTypeG: "角色规则_g(in domain)", RuleTypeG2: "资源规则_g2(no domain)", RuleTypeG3: "角色规则_g3(ignore domain)", }
var PermittedSubResource = map[string]string{ AllRsrc: "All(全部)", InstanceBase: "基础操作", Alarm: "告警操作", CollectionRules: "数据采集规则", FieldManagement: "分析字段配置", Role: "角色操作", }
var PermittedSubResourceList = []string{AllRsrc, Role, InstanceBase, Alarm, CollectionRules, FieldManagement}
var PermittedUserRuleMap = map[string]struct{}{ RuleTypeP: {}, RuleTypeG: {}, RuleTypeG3: {}, }
Functions ¶
func AddCasbinRules2Db ¶
func AddCasbinRules2Db(tx *gorm.DB, addEhRules []EnhancedCasbinRulesItem) (err error)
remember reload casbin policy after invoked this function
func AddRule ¶
AddRule : add one policy by enforcer first : the ruleType; value in ["p", "g", "g2", "g3"] second: the params of the rule; if ruleType is "p", then the params is "subStr", "objStr", "actStr", "domStr"
func Assemble2CasbinStr ¶
Aim: join item strings by SEP "__" for casbin policy string
Note that:
the first parameter i.e. items[0] must be a PermittedPrefix \
&& the length of parameters must GT (great than) 1 \
&& parameters cannot contain empty string item(s)
--------
otherwise will return empty string "" and error
func Convert2InterfaceSlice ¶
func Convert2InterfaceSlice(builtinItems ...interface{}) (res []interface{})
func DelCasbinRulesFromDb ¶
func DelCasbinRulesFromDb(tx *gorm.DB, delEhRules []EnhancedCasbinRulesItem) (err error)
remember reload casbin policy after invoked this function
func EnforceOneInMany ¶
EnforceOneInMany : check many rules, if one of them has passed then return true.
func EnforcerLoadPolicy ¶
func EnforcerLoadPolicy()
func EnforcerLock ¶
func EnforcerLock()
func EnforcerUnlock ¶
func EnforcerUnlock()
func EnsureRuleExist ¶
EnsureRuleExist: ensure the rule exist in casbin
func GetActCnName ¶
func GetAppSubResourceCnName ¶
func GetDomTypeAndId ¶
Note, the dom string like ent__n
func GetDomainCascaderOptions ¶
func GetDomainCascaderOptions(iid int) (resp view.RespDomainCascader)
func GetPmsCommonInfo ¶
func GetPmsCommonInfo(iid int) view.ResPmsCommonInfo
GetPmsCommonInfo: trans permitted_maps to viewStruct
func GetPrefixCnName ¶
func GetPrefixOfString ¶
a prefix(string) will returned if target str contains a valid prefix, otherwise will return an empty string.
func GetRulesByResourceObj ¶
func GetRulesByResourceObj(targetObj string, reqAct string, reqDom string) *[]EnhancedCasbinRulesItem
GetRulesByResourceObj: Search CasbinRules to get all rules(explicit and implicit) which related to "obj" string Parameter:
targetObj: the target resource obj string which in policy_definition; like: app__{{AID}}__baseInfo, app__{{AID}}__* and etc.
reqAct: (Optional) the act of targetResource for filter out the rules. If empty string will not check act
reqDom: (Optional) the domain of targetResource for filter out the rules. If empty string will not check dom
Return:
a pointer which point to the casbin rule list which related to targetObj
func GetRulesByRole ¶
func GetRulesByRole(roleStr string, reqDom string) *[]EnhancedCasbinRulesItem
GetRulesByRole : Search CasbinRules to get all rules(explicit and implicit) which related to "role" string Note, if reqDom == "" then will not check dom in g rules
func GetRulesByRoleStrDirectly ¶
func GetRulesByRoleStrDirectly(roleStr string, reqDom string) *[]EnhancedCasbinRulesItem
GetRulesByRoleStrDirectly: get rules by roleStr directly
note that, the searching is directly, do not use recursion only g and g2 ruleType is permitted param:
roleStr: like "role__xxx" reqDom: (Optional) the domainStr for filter out the rules. If empty string will not check dom
func GetUidBySubjectStr ¶
func IsActMatched ¶
ActionCheck in matchers of model file: (p.act == 'edit' && r.act == 'view' || keyMatch(r.act, p.act) || regexMatch(r.act,p.act))
func IsDomMatched ¶
DomCheck in matchers of model file: keyMatch(r.dom, p.dom)
func IsRootWithoutCheckingSysLock ¶
Note, this function only check target uid is root or not, do not check current system is locked or not! use it carefully!
func IsStringSliceEqual ¶
func JointActs2RuleActStr ¶
join acts e.g. ["edit","exec"] to regex string like "(edit)|(exec)" if the length of validActs (i.e. permittedActs) < 1, will return emptyString, ==1 will return original string
func ReloadPolicy ¶
func ReloadPolicy()
func SplitCasbinUnActStr ¶
Types ¶
type EnhancedCasbinRulesItem ¶
type EnhancedCasbinRulesItem struct {
Ptype string `json:"pType"` // used to distinguish the type of rules which casbin api returned.
Rules [][]string `json:"rules"` // the origin results which casbin api returned.
}
because the results which returned by casbin api without "pType" (i.e. p, g, g2, g3), we need to using the below struct to wrap the results which casbin api returned when we searching against casbin api.
func GetRulesByUserId ¶
func GetRulesByUserId(userId int, ruleTypes ...string) (result []EnhancedCasbinRulesItem, err error)
GetRulesByUserId: get rules(p, g, or g3) by specific userId. note, g2 is for resource roles, not for users
parameters:
userID: the id of user; type is string
ruleTypes: optional; the valid value is ["p", "g", "g3"]; if not specify any gTypes, will return all ruleTypes("p", "g", and "g3") rules of user
return:
result: a list of EnhancedCasbinRulesItem
err: an error will return, if all specified ruleTypes(s) are invalid.
TODO: after fetched the rules(p, g, g3), how to distinguish the meaning of sub, obj string of rule.
Source Files