ABAC
调用 github.com/casbin/casbin
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj,act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.sub.App == r.obj.App && r.sub.Type == r.obj.Type && r.sub.Method == r.obj.Method
package main
import (
"fmt"
"github.com/casbin/casbin"
)
type User struct {
Id int
UserName string
Group []Group
}
type Group struct {
Id int
Name string
App string // app
Type string // 类型
Method string // 方法
Priority int // 优先级
}
type Obj struct {
App string // app
Type string // 类型
Method string // 方法
}
func main() {
e := casbin.NewEnforcer("E:\\go-test\\test\\abac\\abac_model.conf")
group1 := Group{
Name: "group1",
App: "asset",
Type: "aliyun",
Method: "Get",
Priority: 100,
}
group2 := Group{
Name: "group2",
App: "asset",
Type: "aliyun",
Method: "Get",
Priority: 100,
}
// 用户 hequan 属于 group1 , group2
user1 := User{
UserName: "hequan",
Group: []Group{group1, group2},
}
obj := Obj{
App: "asset",
Type: "aliyun",
Method: "Get",
}
var perms = false
// 检查 用户 hequan 所有的组 是否有权限
for _, v := range user1.Group {
if e.Enforce(v, obj, ""){
perms = true
break
}
}
if perms {
fmt.Println("权限正常")
} else {
fmt.Println("没有权限")
}
}
权限正常
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。