pmsplugin

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2024 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RuleTypeP  = "p"
	RuleTypeG  = "g"
	RuleTypeG2 = "g2"
	RuleTypeG3 = "g3"
)
View Source 
const (
	PrefixRoute    = "route"
	PrefixInstance = "instance"     // using in obj or g2;
	PrefixMenu     = "menu"         // using in obj
	PrefixSubRsrc  = "subResource"  // using in obj of p rule.
	PrefixUser     = "user"         // using in sub, g, g2, g3; e.g. PrefixUser +  SEP + UID, i.e. user__123
	PrefixRole     = "role"         // using in sub, g or g3;   e.g. PrefixRole +  SEP + R-NAME + [...], i.e. "role__root" or "role__admin__app__svc-user"
	PrefixGroup    = "group"        // using in p.obj or g2;	e.g. PrefixGroup + SEP + G-NAME + [...], i.e. group__admin
	PrefixDatabase = "BaseDatabase" // using            			e.g. PrefixEnt +   SEP + ENT-ID, i.e. ent__1
	PrefixTable    = "BaseTable"    // using in dom;
)

prefix const

View Source 
const (
	ActFull   = "*"
	ActView   = "view"
	ActEdit   = "edit"
	ActDelete = "delete"
	ActGrant  = "grant"
)

Action相关常量

View Source 
const (
	AllRsrc = "*"
	Role    = "role"
	Log     = "base"
	Alarm   = "alarm"
	Pandas  = "bigdata"
)

资源 常量

View Source 
const AllDom = "dom*" // used as an option in domainCascadeSelector.
View Source 
const (
	ConfigRsrcAll = "*"
)
View Source 
const (
	ROLE_ADMIN = "admin"
)

角色相关常量

View Source 
const SEP = "__" // the Separator using in sub, obj and dom
View Source 
const SystemDom = "system"

Variables

View Source 
var AppDeployAct = []string{ActFull, ActEdit, ActView}
View Source 
var NormalAct = []string{ActFull, ActView, ActEdit}
View Source 
var PermittedActLst = []string{ActFull, ActView, ActEdit, ActDelete, ActGrant}
View Source 
var PermittedActMap = map[string]string{
	ActFull:   "All(全部)",
	ActView:   "只读",
	ActEdit:   "编辑",
	ActDelete: "删除",
	ActGrant:  "授权",
}
View Source 
var PermittedAppAdminGrantSubResource = map[string]string{}
View Source 
var PermittedConfigRsrcSubResource = map[string]string{
	ConfigRsrcAll: "全部(all)",
}
View Source 
var PermittedDomPrefixMap = map[string]string{
	SystemDom:      "系统",
	PrefixDatabase: "数据库",
	PrefixTable:    "日志表",
}

current only support ent and env in dom. TODO: support other types in dom

View Source 
var PermittedGroupingRuleMap = map[string]struct{}{
	RuleTypeG:  {},
	RuleTypeG2: {},
	RuleTypeG3: {},
}
View Source 
var PermittedPrefixInP0 = map[string]string{
	PrefixRole: "角色",
}

only support "role" in first item of p rule currently. TODO: support other prefix in future.

View Source 
var PermittedPrefixMap = map[string]string{
	PrefixRoute:    "路由",
	PrefixInstance: "实例",
	PrefixSubRsrc:  "子资源",
	PrefixMenu:     "菜单",
	PrefixUser:     "用户",
	PrefixRole:     "角色",
	PrefixGroup:    "组",
	PrefixDatabase: "数据库",
	PrefixTable:    "日志表",
}

对于以下这个Map, 其key: 当前Casbin的sub, obj, dom字符中允许的prefix; value: 对应的中文名

View Source 
var PermittedRuleTypes = map[string]string{
	RuleTypeP:  "普通规则_p(in domain)",
	RuleTypeG:  "角色规则_g(in domain)",
	RuleTypeG2: "资源规则_g2(no domain)",
	RuleTypeG3: "角色规则_g3(ignore domain)",
}
View Source 
var PermittedSubResource = map[string]string{
	AllRsrc: "All(全部)",
	Log:     "日志",
	Alarm:   "告警",
	Pandas:  "分析",
	Role:    "角色",
}
View Source 
var PermittedSubResourceList = []string{AllRsrc, Role, Log, Alarm, Pandas}
View Source 
var PermittedUserRuleMap = map[string]struct{}{
	RuleTypeP:  {},
	RuleTypeG:  {},
	RuleTypeG3: {},
}

Functions

func AddCasbinRules2Db 

func AddCasbinRules2Db(tx *gorm.DB, addEhRules []EnhancedCasbinRulesItem) (err error)

remember reload casbin policy after invoked this function

func AddRule 

func AddRule(ruleType string, params ...interface{}) (bool, error)

AddRule : add one policy by enforcer first : the ruleType; value in ["p", "g", "g2", "g3"] second: the params of the rule; if ruleType is "p", then the params is "subStr", "objStr", "actStr", "domStr"

func Assemble2CasbinStr 

func Assemble2CasbinStr(items ...string) (string, error)
	Aim: join item strings by SEP "__" for casbin policy string
	Note that:
		the first parameter i.e. items[0] must be a PermittedPrefix \
		&& the length of parameters must GT (great than) 1 \
		&& parameters cannot contain empty string item(s)
        --------
		otherwise will return empty string "" and error

func CmpUserIds2GetNewAndRmUserIds 

func CmpUserIds2GetNewAndRmUserIds(currentUids []int, futureUids []int) (isEqual bool, needAddUids []int, needRmUids []int)

func Convert2InterfaceSlice 

func Convert2InterfaceSlice(builtinItems ...interface{}) (res []interface{})

func DelCasbinRulesFromDb 

func DelCasbinRulesFromDb(tx *gorm.DB, delEhRules []EnhancedCasbinRulesItem) (err error)

remember reload casbin policy after invoked this function

func DelRule 

func DelRule(ruleType string, params ...interface{}) (bool, error)

DelRule : delete one policy by enforcer

func EnforceOneInMany 

func EnforceOneInMany(rules ...[]interface{}) (bool, error)

EnforceOneInMany : check many rules, if one of them has passed then return true.

func EnforcerLoadPolicy 

func EnforcerLoadPolicy()

func EnforcerLock 

func EnforcerLock()

func EnforcerUnlock 

func EnforcerUnlock()

func GetActCnName 

func GetActCnName(enAct string) string

func GetAppSubResourceCnName 

func GetAppSubResourceCnName(enSubR string) string

func GetDomTypeAndId 

func GetDomTypeAndId(domStr string) (domType string, domId int)

Note, the dom string like ent__n

func GetDomainCascaderOptions 

func GetDomainCascaderOptions(iid int) (resp view.RespDomainCascader)

func GetPmsCommonInfo 

func GetPmsCommonInfo(iid int) view.ResPmsCommonInfo

GetPmsCommonInfo: trans permitted_maps to viewStruct

func GetPrefixCnName 

func GetPrefixCnName(enPrefix string) string

func GetPrefixOfString 

func GetPrefixOfString(str string) (prefix string)

a prefix(string) will returned if target str contains a valid prefix, otherwise will return an empty string.

func GetRulesByRole 

func GetRulesByRole(roleStr string, reqDom string) *[]EnhancedCasbinRulesItem

GetRulesByRole : Search CasbinRules to get all rules(explicit and implicit) which related to "role" string Note, if reqDom == "" then will not check dom in g rules

func GetRulesByRoleStrDirectly 

func GetRulesByRoleStrDirectly(roleStr string, reqDom string) *[]EnhancedCasbinRulesItem
GetRulesByRoleStrDirectly: get rules by roleStr directly

note that, the searching is directly, do not use recursion only g and g2 ruleType is permitted param: 

roleStr: like "role__xxx"
reqDom: (Optional) the domainStr for filter out the rules. If empty string will not check dom

func GetUidBySubjectStr 

func GetUidBySubjectStr(subjectStr string) (uid int)

func GetValidRoleStrByRoleItem 

func GetValidRoleStrByRoleItem(roleItem view.RoleItem) (res string, err error)

func Invoker 

func Invoker()

Invoker SetUp permission handler

func IsActMatched 

func IsActMatched(reqAct string, policyAct string) bool

ActionCheck in matchers of model file: (p.act == 'edit' && r.act == 'view' || keyMatch(r.act, p.act) || regexMatch(r.act,p.act))

func IsDomMatched 

func IsDomMatched(reqDom string, policyDom string) bool

DomCheck in matchers of model file: keyMatch(r.dom, p.dom)

func IsRootWithoutCheckingSysLock 

func IsRootWithoutCheckingSysLock(uid int) bool

Note, this function only check target uid is root or not, do not check current system is locked or not! use it carefully!

func IsStringSliceEqual 

func IsStringSliceEqual(a, b []string) bool

func JointActs2RuleActStr 

func JointActs2RuleActStr(acts ...string) string

join acts e.g. ["edit","exec"] to regex string like "(edit)|(exec)" if the length of validActs (i.e. permittedActs) < 1, will return emptyString, ==1 will return original string

func SplitCasbinUnActStr 

func SplitCasbinUnActStr(casbinItemStr string) (items []string, err error)

func TransUserGxRule2RoleItemDetail 

func TransUserGxRule2RoleItemDetail(gType string, ruleParams ...string) (res view.RoleItem, err error)

TransUserGxRule2RoleItemDetail: trans user's g or g3 rule(which the first item like 'user__x') to RoleItem struct

Types

type EnhancedCasbinRulesItem 

type EnhancedCasbinRulesItem struct {
	Ptype string     `json:"pType"` // used to distinguish the type of rules which casbin api returned.
	Rules [][]string `json:"rules"` // the origin results which casbin api returned.
}

because the results which returned by casbin api without "pType" (i.e. p, g, g2, g3), we need to using the below struct to wrap the results which casbin api returned when we searching against casbin api.

func GetRulesByUserId 

func GetRulesByUserId(userId int, ruleTypes ...string) (result []EnhancedCasbinRulesItem, err error)
GetRulesByUserId: get rules(p, g, or g3) by specific userId.  note, g2 is for resource roles, not for users
parameters:
	userID: the id of user; type is string
	ruleTypes: optional; the valid value is ["p", "g", "g3"]; if not specify any gTypes, will return all ruleTypes("p", "g", and "g3") rules of user
return:
	result: a list of EnhancedCasbinRulesItem
	err: an error will return, if all specified ruleTypes(s) are invalid.

TODO: after fetched the rules(p, g, g3), how to distinguish the meaning of sub, obj string of rule.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.