README
¶
modules/casbin
Casbin authz is an authorization middleware for Revel, it's based on https://github.com/casbin/casbin.
Simple Example
package main
import (
"net/http"
"net/http/httptest"
"github.com/casbin/casbin"
"github.com/revel/revel"
"github.com/revel/modules/auth/casbin"
)
var adapter = casbinauth.NewAdapter(params)
var enforcer = casbin.NewEnforcer("authz_model.conf", adapter)
var casbinModule = casbinauth.NewCasbinModule(enforcer)
var testFilters = []revel.Filter{
casbinModule.AuthzFilter,
func(c *revel.Controller, fc []revel.Filter) {
c.RenderHTML("OK.")
},
}
func main() {
r, _ := http.NewRequest("GET", "/dataset1/resource1", nil)
r.SetBasicAuth("alice", "123")
w := httptest.NewRecorder()
context := revel.NewGoContext(nil)
context.Request.SetRequest(r)
context.Response.SetResponse(w)
c := revel.NewController(context)
testFilters[0](c, testFilters)
}
Documentation
The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:
subject: the logged-on user nameobject: the URL path for the web resource like "dataset1/item1"action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"
For how to write authorization policy and other details, please refer to the Casbin's documentation.
Documentation
¶
Index ¶
- func CheckPermission(e *casbin.Enforcer, r *revel.Request) bool
- func GetUserName(r *revel.Request) string
- type Adapter
- func (a *Adapter) AddPolicy(sec string, ptype string, rule []string) error
- func (a *Adapter) LoadPolicy(model model.Model) error
- func (a *Adapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) error
- func (a *Adapter) RemovePolicy(sec string, ptype string, rule []string) error
- func (a *Adapter) SavePolicy(model model.Model) error
- type CasbinModule
- type Line
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckPermission ¶
CheckPermission checks the user/method/path combination from the request. Returns true (permission granted) or false (permission forbidden)
func GetUserName ¶
GetUserName gets the user name from the request. Currently, only HTTP basic authentication is supported
Types ¶
type Adapter ¶
type Adapter struct {
// contains filtered or unexported fields
}
Adapter represents the Gorm adapter for policy storage.
func NewAdapter ¶
func NewAdapter(params gormdb.DbInfo) *Adapter
NewAdapter is the constructor for Adapter.
func (*Adapter) LoadPolicy ¶
LoadPolicy loads policy from database.
func (*Adapter) RemoveFilteredPolicy ¶
func (a *Adapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) error
RemoveFilteredPolicy removes policy rules that match the filter from the storage.
func (*Adapter) RemovePolicy ¶
RemovePolicy removes a policy rule from the storage.
type CasbinModule ¶
type CasbinModule struct {
// contains filtered or unexported fields
}
func NewCasbinModule ¶
func NewCasbinModule(enforcer *casbin.Enforcer) *CasbinModule
func (*CasbinModule) AuthzFilter ¶
func (cm *CasbinModule) AuthzFilter(c *revel.Controller, fc []revel.Filter)
AuthzFilter enables the authorization based on Casbin.
Usage:
- Add `casbin.AuthzFilter` to the app's filters (it must come after the authentication).
- Init the Casbin enforcer.
Source Files