README
¶
A Role-Based-Access-Control (RBAC) package for general access verification.
Features
There is a concept "scope"(ACScope) , which is similar to "resource" in some other ACL library. It is necessary when permission identifiers are not unique, and is ignorable when permission identifiers are unique.
install
go get -u github.com/nextwhale/go-acl@latest
Usage 1
While permission identifiers are not unique in different scopes, scope must be provided.
To initialize ACL
// Example: A merchant business system
var bizACL *ga.ACL
func ACL() {
if bizACL != nil {
return bizACL
}
// While permission identifiers are not unique, ACScope must be provided
scope1 := &ga.ACScope{
ID: "order_editting",
Name: "Order permissions",
Permissions: []string{"add", "edit", "delete", "close"},
}
scope2 := &ga.ACScope{
ID: "video_editting",
Name: "Video permissions",
Permissions: []string{"add", "edit", "delete", "audit"},
}
roleEditor := &ga.ACRole{
ID: "editors",
Name: "Editors Group",
}
roleAssistant := &ga.ACRole{
ID:"assistants",
Name: "Assistants Group",
}
roleEditor.AddScope(scope1, scope2)
roleAssistant.AddScope(scope1)
bizACL := &ga.ACL{}
bizACL.AddRole(roleEditor, roleAssistant)
return bizACL
}
To verify
if ACL().IsRoleAllowed([]string{"editors"}, "order_editting", "delete") {
fmt.Println("Editors have access to delete order!")
}
Usage 2
While permissions are unique in different scopes, scope is not necessary.
To initialize ACL
// Example: A routes access system
var adminACL *ga.ACL
func ACL() {
if adminACL != nil {
return adminACL
}
roleAdmin := ga.NewRoleWithUniquePermissions("1", "Administrators Group", []string{"/admin/admin/list", "/admin/admin/edit/:id", "/admin/admin/del/:id"})
roleEditor := ga.NewRoleWithUniquePermissions("2", "Editors Group", []string{"/admin/article/list", "/admin/article/edit/:id", "/admin/article/del/:id"})
adminACl := &ga.ACL{}
adminACl.AddRole(roleAdmin, roleEditor)
return adminACL
}
To verify permissions
if ACL().IsRoleAllowedUniquely([]string{"1","2"}, "/admin/article/del/:id") {
fmt.Println("You have access to delete article")
}
Note
if you encounter any issue, feel free to post it. And I strongly encourage contributing to this project.
License
Distributed under MIT License, please see license file in code for more details.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACL ¶
type ACL struct {
// contains filtered or unexported fields
}
ACL
func (*ACL) IsRoleAllowed ¶
check whethher role has permission by scoped and permission
func (*ACL) IsRoleAllowedUniquely ¶
check whethher role has permission by unique permission
func (*ACL) RemRoleByID ¶
remove one or more ACRole by IDs
type ACRole ¶
ACRole is a model which has mutiple ACScopes It typically stands for for "Position in componay" or "User group"
func NewRoleWithUniquePermissions ¶
This is a quick method to create role with unique permissions, which means each permission identifier is unique for sure in your system, such as route path. And there is no permission scope in your access structure so we can ignore it with this function
func (*ACRole) IsAllowed ¶
Check whether role has a scoped permission. The permissions may be not unique, thus scopeID should be provided
func (*ACRole) IsAllowedUniquely ¶
Check whether role has a unique permission. Use this function while every permission is unique, even if scope exists
func (*ACRole) RemScopeByID ¶
Remove one or more Scopes from user group
type ACScope ¶
ACScope is a combination of permissions, it is the minium unit to classify permissions in application It stands for "actions group"
func (*ACScope) AddPermission ¶
add one or more permissions
func (*ACScope) RemPermission ¶
remove one or more permissions
Source Files