-
Notifications
You must be signed in to change notification settings - Fork 0
/
acl.go
52 lines (46 loc) · 1.22 KB
/
acl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package goacl
import (
"context"
"log"
sqladapter "github.com/Blank-Xu/sql-adapter"
"github.com/casbin/casbin/v2"
"github.com/casbin/casbin/v2/model"
"github.com/uptrace/bun"
)
type ACL struct {
DB *bun.DB
Enforcer *casbin.Enforcer
}
func NewACL(db *bun.DB) (*ACL, error) {
m := model.NewModel()
m.AddDef("r", "r", "sub, obj, act")
m.AddDef("p", "p", "sub, obj, act, dom")
m.AddDef("g", "g", " _, _")
m.AddDef("e", "e", "some(where (p.eft == allow))")
m.AddDef("m", "m", "g(r.sub, p.sub) && keyMatch5(r.obj,p.obj) && r.act == p.act || r.sub == 'superadmin'")
adapter, err := sqladapter.NewAdapter(db.DB, "postgres", "")
if err != nil {
return nil, err
}
enforcer, err := casbin.NewEnforcer(m, adapter)
if err != nil {
return nil, err
}
if err = enforcer.LoadPolicy(); err != nil {
log.Println("LoadPolicy failed, err: ", err)
return nil, err
}
newACL := &ACL{
DB: db,
Enforcer: enforcer,
}
err = newACL.Migrate(context.TODO())
if err != nil {
return nil, err
}
return newACL, nil
}
// Similar handler functions for update and delete...
func (a *ACL) CheckPermission(ctx context.Context, roleName, url, method string) (bool, error) {
return a.Enforcer.Enforce(roleName, url, method)
}