README
¶
usage
package main
import (
"context"
"log"
"os"
"github.com/vine-io/rbac"
"github.com/vine-io/rbac/adapter"
api "github.com/vine-io/rbac/api"
vapi "github.com/vine-io/vine/lib/api"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
)
const dsn = "rbac.sqlite.db"
func main() {
db, err := gorm.Open(sqlite.Open(dsn))
if err != nil {
log.Fatal(err)
}
defer os.Remove(dsn)
apt, err := adapter.NewGormAdapter(db)
if err != nil {
log.Fatal(err)
}
cfg, err := rbac.NewConfig(apt)
if err != nil {
log.Fatal(err)
}
r, err := rbac.NewRBAC(cfg)
if err != nil {
log.Fatal(err)
}
r.Enforce(context.TODO(), &api.Policy{
Sub: "lack",
Endpoint: &vapi.Endpoint{
Entity: "user",
Method: []string{"read"},
},
})
}
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( DefaultAdminName = "admin" DefaultModel = fmt.Sprintf(`### rbac model [request_definition] r = sub, obj, act [policy_definition] p = sub, obj, act [role_definition] g = _, _ g2 = _, _ [policy_effect] e = some(where (p.eft == allow)) [matchers] m = g(r.sub, p.sub) && g2(r.sub, p.sub) && r.obj == p.obj && r.act == p.act || r.sub == "administrator" || r.sub == "root" || r.sub == "%s"`, DefaultAdminName) )
Functions ¶
This section is empty.
Types ¶
type RBAC ¶
type RBAC interface {
GetAllPolicies(ctx context.Context) ([]*api.Policy, []*api.Subject)
GetPolicies(ctx context.Context, sub string) []*api.Policy
AddPolicy(ctx context.Context, p *api.Policy) error
DelPolicy(ctx context.Context, p *api.Policy) error
GetGroupPolicies(ctx context.Context, p api.PType, sub string) []*api.Subject
AddGroupPolicy(ctx context.Context, subject *api.Subject) error
DelGroupPolicy(ctx context.Context, subject *api.Subject) error
Enforce(ctx context.Context, p *api.Policy) (bool, error)
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.