feat:完善项目信息

This commit is contained in:
henry
2022-01-06 17:11:57 +08:00
parent 1b0f71735b
commit a92801b1ce
29 changed files with 815 additions and 623 deletions

View File

@ -14,26 +14,21 @@ type (
Auth struct {
enforcer *casbin.Enforcer
}
// Permission 权限信息
Permission struct {
Identity *Identity // 身份信息
Roles []string // 角色
Request []*AuthRequest
request []*AuthRequest // 请求信息
tenant string // 租户信息
roles []string // 角色信息
user string // 用户唯一表示
}
// Identity 身份信息
Identity struct {
Tenant string // 平台-小区
User string // 用户唯一标识
}
// AuthRequest 请求验证
AuthRequest struct {
Url string
Method string
}
IdentityPermission func(tenant, user string) *Permission
PermissionOptions func(permission *Permission)
)
var auth *Auth
@ -43,7 +38,7 @@ var adapter = map[string]func(params ...interface{}) interface{}{
"mysql": adapterForOrm, "sqlite": adapterForOrm,
}
// adapterForOrm
// adapterForOrm 规则引擎
func adapterForOrm(params ...interface{}) interface{} {
db := params[0].(*gorm.DB)
obj := params[1].(string)
@ -51,6 +46,30 @@ func adapterForOrm(params ...interface{}) interface{} {
return adapter
}
func WithAuthRequest(request []*AuthRequest) PermissionOptions {
return func(permission *Permission) {
permission.request = request
}
}
func WithAuthTenant(tenant string) PermissionOptions {
return func(permission *Permission) {
permission.tenant = tenant
}
}
func WithAuthRoles(roles []string) PermissionOptions {
return func(permission *Permission) {
permission.roles = roles
}
}
func WithAuthUser(user string) PermissionOptions {
return func(permission *Permission) {
permission.user = user
}
}
// Register 注册权限
// 多平台 admin tenant1, data1, read (角色-域-用户-事件)
// p admin tenant1, data1, read (角色-域-用户-事件)
@ -78,124 +97,93 @@ func (this *Auth) Register() func(mode string, params ...interface{}) interface{
}
}
// tenantIdentity 平台租户信息
func (this *Identity) tenantIdentity() string {
return fmt.Sprintf("%s%s", "t_", this.Tenant)
// tenantFormat 平台信息
func (this *Permission) tenantFormat() string {
return fmt.Sprintf("%s%s", "t_", this.tenant)
}
// userIdentity 用户身份信息
func (this *Identity) userIdentity() string {
return fmt.Sprintf("%s%s", "u_", this.User)
// userFormat 用户信息
func (this *Permission) userFormat() string {
return fmt.Sprintf("%s%s", "u_", this.user)
}
// roleIdentity 角色身份信息
func (this *Permission) roleIdentity() []string {
// roleFormat 角色信息
func (this *Permission) roleFormat() []string {
roles := make([]string, 0)
for _, v := range this.Roles {
for _, v := range this.roles {
roles = append(roles, fmt.Sprintf("%s%s", "r_", v))
}
return roles
}
// AddTenant 追加租户
func (this *Permission) AddTenant(tenant string) {
this.tenant = tenant
}
// AddRole 追加角色
func (this *Permission) AddRole(roles []string) {
this.roles = roles
}
// AddUser 追加用户
func (this *Permission) AddUser(user string) {
this.user = user
}
// AddRoleForUser 增加用户角色
func (this *Permission) AddRoleForUser() (bool, error) {
if this.Roles == nil || len(this.Roles) <= 0 {
return false, errors.New("无角色信息")
if len(this.roles) <= 0 {
return false, errors.New("not role")
}
for _, role := range this.roleIdentity() {
if _, err := auth.enforcer.AddRoleForUser(this.Identity.userIdentity(), role, this.Identity.tenantIdentity()); err != nil {
for _, role := range this.roleFormat() {
if _, err := auth.enforcer.AddRoleForUser(this.userFormat(), role, this.tenantFormat()); err != nil {
return false, err
}
}
return true, nil
}
// DeleteRoleForUser 删除用户角色
//func (this *Permission) DeleteRoleForUser() (bool, error) {
// if this.Roles == nil || len(this.Roles) <= 0 {
// return false, errors.New("角色信息不存在")
// }
// for _, role := range this.roleIdentity() {
// status, err := auth.enforcer.DeleteRoleForUser(this.Identity.userIdentity(), role, this.Identity.tenantIdentity())
// if err != nil {
// return false, err
// } else if !status {
// return false, errors.New("删除失败")
// }
// }
// return true, nil
//}
// DeleteRolesForUser 删除用户所有角色
func (this *Permission) DeleteRolesForUser(allTenant bool) (bool, error) {
if allTenant {
return auth.enforcer.DeleteRolesForUser(this.Identity.userIdentity())
return auth.enforcer.DeleteRolesForUser(this.userFormat())
}
return auth.enforcer.DeleteRolesForUser(this.Identity.userIdentity(), this.Identity.tenantIdentity())
return auth.enforcer.DeleteRolesForUser(this.userFormat(), this.tenantFormat())
}
//// AddPolicy 增加规则
//func (this *Permission) AddPolicy() (bool, error) {
// if this.Request == nil || len(this.Request) <= 0 {
// return false, errors.New("请求事件错误")
// }
// return auth.enforcer.AddPolicy(this.roleIdentity()[0], this.Identity.tenantIdentity(), this.Request[0].Url, this.Request[0].Method)
//}
// AddPolicies TODO:增加多个规则
func (this *Permission) AddPolicies() (bool, error) {
if this.Request == nil || len(this.Request) <= 0 {
return false, errors.New("请求事件错误")
if len(this.request) <= 0 {
return false, errors.New("not request")
}
rules := make([][]string, 0)
for _, s := range this.Request {
for _, s := range this.request {
rules = append(rules, []string{
this.roleIdentity()[0], this.Identity.tenantIdentity(), s.Url, s.Method,
this.roleFormat()[0], this.tenantFormat(), s.Url, s.Method,
})
}
return auth.enforcer.AddPolicies(rules)
}
//// RemovePolicy TODO:删除规则
//func (this *Permission) RemovePolicy() (bool, error) {
// if this.Request == nil || len(this.Request) <= 0 {
// return false, errors.New("请求事件错误")
// }
// return auth.enforcer.RemovePolicy(this.roleIdentity()[0], this.Identity.tenantIdentity(), this.Request[0].Url, this.Request[0].Method)
//}
//
//// RemovePolicies 删除多个规则
//func (this *Permission) RemovePolicies() (bool, error) {
// rules := make([][]string, 0)
//
// for _, s := range this.Request {
// rules = append(rules, []string{
// this.roleIdentity()[0], this.Identity.tenantIdentity(), s.Url, s.Method,
// })
// }
// return auth.enforcer.RemovePolicies(rules)
//}
// RemoveRolePolicy 删除角色的所有规则
func (this *Permission) RemoveRolePolicy() (bool, error) {
if this.Roles == nil || len(this.Roles) <= 0 {
return false, errors.New("角色信息不存在")
if len(this.roles) <= 0 {
return false, errors.New("not role")
}
return auth.enforcer.RemoveFilteredPolicy(0, this.roleIdentity()[0], this.Identity.tenantIdentity())
return auth.enforcer.RemoveFilteredPolicy(0, this.roleFormat()[0], this.tenantFormat())
}
// RemoveNamedGroupingPolicies 删除租户下角色的权限
func (this *Permission) RemoveNamedGroupingPolicies() (bool, error) {
rules := make([][]string, 0)
roles := this.roleIdentity()
for _, role := range roles {
for _, role := range this.roleFormat() {
rule := make([]string, 0)
for _, request := range this.Request {
rule = append(rule, role, this.Identity.tenantIdentity(), request.Url, request.Method)
for _, request := range this.request {
rule = append(rule, role, this.tenantFormat(), request.Url, request.Method)
}
rules = append(rules, rule)
}
@ -204,32 +192,28 @@ func (this *Permission) RemoveNamedGroupingPolicies() (bool, error) {
// RemoveFilteredGroupingPolicy 删除组权限规则
func (this *Permission) RemoveFilteredGroupingPolicy() (bool, error) {
return auth.enforcer.RemoveFilteredGroupingPolicy(0, this.Identity.tenantIdentity())
return auth.enforcer.RemoveFilteredGroupingPolicy(0, this.tenantFormat())
}
// HasPolicy 检查访问权限
// Enforce 检查访问权限
func (this *Permission) Enforce() (bool, error) {
if this.Request == nil || len(this.Request) <= 0 {
return false, errors.New("请求事件错误")
if len(this.request) <= 0 {
return false, errors.New("not request")
}
return auth.enforcer.Enforce(this.Identity.userIdentity(), this.Identity.tenantIdentity(), this.Request[0].Url, "*")
return auth.enforcer.Enforce(this.userFormat(), this.tenantFormat(), this.request[0].Url, "*")
}
// NewAuth
// NewAuth 创建验证
func NewAuth() *Auth {
return &Auth{}
}
// NewPermission
func NewPermission(roles []string, act ...*AuthRequest) IdentityPermission {
return func(tenant, user string) *Permission {
return &Permission{
Identity: &Identity{
Tenant: tenant,
User: user,
},
Roles: roles,
Request: act,
}
// NewPermission 创建权限
func NewPermission(options ...PermissionOptions) *Permission {
out := new(Permission)
for _, option := range options {
option(out)
}
return out
}