williamet/cas_tt_cloud_backend
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
cas_tt_cloud_backend/app/service/auth.go

240 lines
6.0 KiB
Go
Raw Normal View History

feat:完善项目
2021-09-28 11:47:19 +08:00
package service
import (
"errors"
"fmt"
casbin "github.com/casbin/casbin/v2"
"github.com/casbin/casbin/v2/model"
gormadapter "github.com/casbin/gorm-adapter/v3"
"gorm.io/gorm"
)
type (
Auth struct {
enforcer *casbin.Enforcer
}
// Permission 权限信息
Permission struct {
feat:完善项目信息
2022-01-06 17:11:57 +08:00
request []*AuthRequest // 请求信息
tenant string // 租户信息
roles []string // 角色信息
user string // 用户唯一表示
feat:完善项目
2021-09-28 11:47:19 +08:00
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
// AuthRequest 请求验证
feat:完善项目
2021-09-28 11:47:19 +08:00
AuthRequest struct {
Url string
Method string
}
IdentityPermission func(tenant, user string) *Permission
feat:完善项目信息
2022-01-06 17:11:57 +08:00
PermissionOptions func(permission *Permission)
feat:完善项目
2021-09-28 11:47:19 +08:00
)
var auth *Auth
// adapter 规则
var adapter = map[string]func(params ...interface{}) interface{}{
"mysql": adapterForOrm, "sqlite": adapterForOrm,
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
// adapterForOrm 规则引擎
feat:完善项目
2021-09-28 11:47:19 +08:00
func adapterForOrm(params ...interface{}) interface{} {
db := params[0].(*gorm.DB)
obj := params[1].(string)
adapter, _ := gormadapter.NewAdapterByDBUseTableName(db, "", obj)
return adapter
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
func WithAuthRequest(request []*AuthRequest) PermissionOptions {
return func(permission *Permission) {
permission.request = request
}
}
func WithAuthTenant(tenant string) PermissionOptions {
return func(permission *Permission) {
permission.tenant = tenant
}
}
func WithAuthRoles(roles []string) PermissionOptions {
return func(permission *Permission) {
permission.roles = roles
}
}
func WithAuthUser(user string) PermissionOptions {
return func(permission *Permission) {
permission.user = user
}
}
feat:完善项目
2021-09-28 11:47:19 +08:00
// Register 注册权限
// 多平台 admin tenant1, data1, read (角色-域-用户-事件)
// p admin tenant1, data1, read (角色-域-用户-事件)
// g alice, admin, tenant1 (用户-角色-域)
func (this *Auth) Register() func(mode string, params ...interface{}) interface{} {
return func(mode string, params ...interface{}) interface{} {
m := model.NewModel()
m.AddDef("r", "r", "sub, dom, obj, act")
m.AddDef("p", "p", "sub, dom, obj, act")
m.AddDef("g", "g", "_, _, _")
m.AddDef("e", "e", "some(where (p.eft == allow))")
m.AddDef("m", "m", "g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act")
a, has := adapter[mode]
if has {
this.enforcer, _ = casbin.NewEnforcer(m, a(params...))
this.enforcer.EnableAutoSave(true)
} else {
this.enforcer, _ = casbin.NewEnforcer(m)
}
auth = this
return nil
}
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
// tenantFormat 平台信息
func (this *Permission) tenantFormat() string {
return fmt.Sprintf("%s%s", "t_", this.tenant)
feat:完善项目
2021-09-28 11:47:19 +08:00
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
// userFormat 用户信息
func (this *Permission) userFormat() string {
return fmt.Sprintf("%s%s", "u_", this.user)
feat:完善项目
2021-09-28 11:47:19 +08:00
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
// roleFormat 角色信息
func (this *Permission) roleFormat() []string {
feat:完善项目
2021-09-28 11:47:19 +08:00
roles := make([]string, 0)
feat:完善项目信息
2022-01-06 17:11:57 +08:00
for _, v := range this.roles {
feat:完善项目
2021-09-28 11:47:19 +08:00
roles = append(roles, fmt.Sprintf("%s%s", "r_", v))
}
return roles
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
// AddTenant 追加租户
func (this *Permission) AddTenant(tenant string) {
this.tenant = tenant
}
// AddRole 追加角色
func (this *Permission) AddRole(roles []string) {
this.roles = roles
}
// AddUser 追加用户
func (this *Permission) AddUser(user string) {
this.user = user
}
feat:完善项目
2021-09-28 11:47:19 +08:00
// AddRoleForUser 增加用户角色
func (this *Permission) AddRoleForUser() (bool, error) {
feat:完善项目信息
2022-01-06 17:11:57 +08:00
if len(this.roles) <= 0 {
return false, errors.New("not role")
feat:完善项目
2021-09-28 11:47:19 +08:00
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
for _, role := range this.roleFormat() {
if _, err := auth.enforcer.AddRoleForUser(this.userFormat(), role, this.tenantFormat()); err != nil {
feat:完善项目
2021-09-28 11:47:19 +08:00
return false, err
}
}
return true, nil
}
// DeleteRolesForUser 删除用户所有角色
func (this *Permission) DeleteRolesForUser(allTenant bool) (bool, error) {
if allTenant {
feat:完善项目信息
2022-01-06 17:11:57 +08:00
return auth.enforcer.DeleteRolesForUser(this.userFormat())
feat:完善项目
2021-09-28 11:47:19 +08:00
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
return auth.enforcer.DeleteRolesForUser(this.userFormat(), this.tenantFormat())
feat:完善项目
2021-09-28 11:47:19 +08:00
}
// AddPolicies TODO:增加多个规则
func (this *Permission) AddPolicies() (bool, error) {
feat:完善项目信息
2022-01-06 17:11:57 +08:00
if len(this.request) <= 0 {
return false, errors.New("not request")
feat:完善项目
2021-09-28 11:47:19 +08:00
}
rules := make([][]string, 0)
feat:完善项目信息
2022-01-06 17:11:57 +08:00
for _, s := range this.request {
feat:完善项目
2021-09-28 11:47:19 +08:00
rules = append(rules, []string{
feat:完善项目信息
2022-01-06 17:11:57 +08:00
this.roleFormat()[0], this.tenantFormat(), s.Url, s.Method,
feat:完善项目
2021-09-28 11:47:19 +08:00
})
}
return auth.enforcer.AddPolicies(rules)
}
feat:完善项目信息
2022-01-07 16:12:43 +08:00
// RemoveRolePolicies 删除角色指定规则
func (this *Permission) RemoveRolePolicies() (bool, error) {
if len(this.roles) <= 0 {
return false, errors.New("not role")
}
rules := make([][]string, 0)
tenantFormat := this.tenantFormat()
for _, v := range this.roleFormat() {
for _, request := range this.request {
rules = append(rules, []string{
v, tenantFormat, request.Url, request.Method,
})
}
}
return auth.enforcer.RemovePolicies(rules)
}
// RemoveSingleRolePolicy 删除角色的所有规则
func (this *Permission) RemoveSingleRolePolicy() (bool, error) {
feat:完善项目信息
2022-01-06 17:11:57 +08:00
if len(this.roles) <= 0 {
return false, errors.New("not role")
feat:完善项目
2021-09-28 11:47:19 +08:00
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
return auth.enforcer.RemoveFilteredPolicy(0, this.roleFormat()[0], this.tenantFormat())
feat:完善项目
2021-09-28 11:47:19 +08:00
}
// RemoveNamedGroupingPolicies 删除租户下角色的权限
func (this *Permission) RemoveNamedGroupingPolicies() (bool, error) {
rules := make([][]string, 0)
feat:完善项目信息
2022-01-06 17:11:57 +08:00
for _, role := range this.roleFormat() {
feat:完善项目
2021-09-28 11:47:19 +08:00
rule := make([]string, 0)
feat:完善项目信息
2022-01-06 17:11:57 +08:00
for _, request := range this.request {
rule = append(rule, role, this.tenantFormat(), request.Url, request.Method)
feat:完善项目
2021-09-28 11:47:19 +08:00
}
rules = append(rules, rule)
}
return auth.enforcer.RemoveNamedGroupingPolicies("g", rules)
}
// RemoveFilteredGroupingPolicy 删除组权限规则
func (this *Permission) RemoveFilteredGroupingPolicy() (bool, error) {
feat:完善项目信息
2022-01-06 17:11:57 +08:00
return auth.enforcer.RemoveFilteredGroupingPolicy(0, this.tenantFormat())
feat:完善项目
2021-09-28 11:47:19 +08:00
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
// Enforce 检查访问权限
feat:完善项目
2021-09-28 11:47:19 +08:00
func (this *Permission) Enforce() (bool, error) {
feat:完善项目信息
2022-01-06 17:11:57 +08:00
if len(this.request) <= 0 {
return false, errors.New("not request")
feat:完善项目
2021-09-28 11:47:19 +08:00
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
return auth.enforcer.Enforce(this.userFormat(), this.tenantFormat(), this.request[0].Url, "*")
feat:完善项目
2021-09-28 11:47:19 +08:00
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
// NewAuth 创建验证
feat:完善项目
2021-09-28 11:47:19 +08:00
func NewAuth() *Auth {
return &Auth{}
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
// NewPermission 创建权限
func NewPermission(options ...PermissionOptions) *Permission {
out := new(Permission)
for _, option := range options {
option(out)
feat:完善项目
2021-09-28 11:47:19 +08:00
}
feat:完善项目信息
2022-01-06 17:11:57 +08:00
return out
feat:完善项目
2021-09-28 11:47:19 +08:00
}
Reference in New Issue Copy Permalink