This repository has been archived by the owner on May 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
model.go
65 lines (53 loc) · 2.2 KB
/
model.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package casbin
const (
PolicyContextKey CasbinContextKey = iota
)
type CasbinContextKey int
type CasbinConfig struct {
Casbin *CasbinOption `mapstructure:"casbin" json:"casbin" yaml:"casbin"`
}
type CasbinOption struct {
// Enable casbin access control
Enabled bool `mapstructure:"enabled" json:"enabled" yaml:"enabled"`
// List of policies to load
// middleware will load as role policies all group found by using `ctx.Groups(*http.Request)`
// It will also load policies found in context `casbin.PolicyContextKey` (value should be passed in context should be *[]CasbinPolicy)
Policies []CasbinPolicy `mapstructure:"policies" json:"policies" yaml:"policies"`
// This is a perm conf in casbin format (see: https://github.com/casbin/casbin#examples )
// by default this will be loaded:
/*
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && (r.act == p.act || p.act == "*")
*/
PermConf string `mapstructure:"perm_conf" json:"perm_conf" yaml:"perm_conf"`
}
type CasbinPolicy struct {
// Type of policy, with default config it can be p (target) or g (role)
Type string `mapstructure:"type" json:"type" yaml:"type"`
// Sub Subject of the policy. This can be a username retrieve basic auth or a role name.
// For example, when using LDAP middleware, you can use username or a group where the user is member of.
Sub string `mapstructure:"sub" json:"sub" yaml:"sub"`
// Obj Object of the policy, with default perm config it will be the following path set in your route
// e.g.: with path = "/app/**" object will be /* to allow everything after /app
Obj string `mapstructure:"obj" json:"obj" yaml:"obj"`
// Act Operation of the policy, with default config it will be a HTTP method like GET, POST, ... or * for everything
Act string `mapstructure:"act" json:"act" yaml:"act"`
}
const MODEL_CONF = `[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && (r.act == p.act || p.act == "*")`