go web 權限管理 簡單例子 (面向對象權限 ABAC / Casbin)
說明
ABAC
調用 github.com/casbin/casbin
abac_model.conf
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj,act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.sub.App == r.obj.App && r.sub.Type == r.obj.Type && r.sub.Method == r.obj.Method
main.go
package main
import (
"fmt"
"github.com/casbin/casbin"
)
type User struct {
Id int
UserName string
Group []Group
}
type Group struct {
Id int
Name string
App string // app
Type string // 類型
Method string // 方法
Priority int // 優先級
}
type Obj struct {
App string // app
Type string // 類型
Method string // 方法
}
func main() {
e := casbin.NewEnforcer("E:\\go-test\\test\\abac\\abac_model.conf")
group1 := Group{
Name: "group1",
App: "asset",
Type: "aliyun",
Method: "Get",
Priority: 100,
}
group2 := Group{
Name: "group2",
App: "asset",
Type: "aliyun",
Method: "Get",
Priority: 100,
}
// 用戶 hequan 屬於 group1 , group2
user1 := User{
UserName: "hequan",
Group: []Group{group1, group2},
}
obj := Obj{
App: "asset",
Type: "aliyun",
Method: "Get",
}
var perms = false
// 檢查 用戶 hequan 所有的組 是否有權限
for _, v := range user1.Group {
if e.Enforce(v, obj, ""){
perms = true
break
}
}
if perms {
fmt.Println("權限正常")
} else {
fmt.Println("沒有權限")
}
}
結果
權限正常