feat:完善项目信息
This commit is contained in:
henry
@ -14,26 +14,21 @@ type (
|
||||
Auth struct {
|
||||
enforcer *casbin.Enforcer
|
||||
}
|
||||
|
||||
// Permission 权限信息
|
||||
Permission struct {
|
||||
Identity *Identity // 身份信息
|
||||
Roles []string // 角色
|
||||
Request []*AuthRequest
|
||||
request []*AuthRequest // 请求信息
|
||||
tenant string // 租户信息
|
||||
roles []string // 角色信息
|
||||
user string // 用户唯一表示
|
||||
}
|
||||
|
||||
// Identity 身份信息
|
||||
Identity struct {
|
||||
Tenant string // 平台-小区
|
||||
User string // 用户唯一标识
|
||||
}
|
||||
|
||||
// AuthRequest 请求验证
|
||||
AuthRequest struct {
|
||||
Url string
|
||||
Method string
|
||||
}
|
||||
|
||||
IdentityPermission func(tenant, user string) *Permission
|
||||
|
||||
PermissionOptions func(permission *Permission)
|
||||
)
|
||||
|
||||
var auth *Auth
|
||||
@ -43,7 +38,7 @@ var adapter = map[string]func(params ...interface{}) interface{}{
|
||||
"mysql": adapterForOrm, "sqlite": adapterForOrm,
|
||||
}
|
||||
|
||||
// adapterForOrm
|
||||
// adapterForOrm 规则引擎
|
||||
func adapterForOrm(params ...interface{}) interface{} {
|
||||
db := params[0].(*gorm.DB)
|
||||
obj := params[1].(string)
|
||||
@ -51,6 +46,30 @@ func adapterForOrm(params ...interface{}) interface{} {
|
||||
return adapter
|
||||
}
|
||||
|
||||
func WithAuthRequest(request []*AuthRequest) PermissionOptions {
|
||||
return func(permission *Permission) {
|
||||
permission.request = request
|
||||
}
|
||||
}
|
||||
|
||||
func WithAuthTenant(tenant string) PermissionOptions {
|
||||
return func(permission *Permission) {
|
||||
permission.tenant = tenant
|
||||
}
|
||||
}
|
||||
|
||||
func WithAuthRoles(roles []string) PermissionOptions {
|
||||
return func(permission *Permission) {
|
||||
permission.roles = roles
|
||||
}
|
||||
}
|
||||
|
||||
func WithAuthUser(user string) PermissionOptions {
|
||||
return func(permission *Permission) {
|
||||
permission.user = user
|
||||
}
|
||||
}
|
||||
|
||||
// Register 注册权限
|
||||
// 多平台 admin tenant1, data1, read (角色-域-用户-事件)
|
||||
// p admin tenant1, data1, read (角色-域-用户-事件)
|
||||
@ -78,124 +97,93 @@ func (this *Auth) Register() func(mode string, params ...interface{}) interface{
|
||||
}
|
||||
}
|
||||
|
||||
// tenantIdentity 平台租户信息
|
||||
func (this *Identity) tenantIdentity() string {
|
||||
return fmt.Sprintf("%s%s", "t_", this.Tenant)
|
||||
// tenantFormat 平台信息
|
||||
func (this *Permission) tenantFormat() string {
|
||||
return fmt.Sprintf("%s%s", "t_", this.tenant)
|
||||
}
|
||||
|
||||
// userIdentity 用户身份信息
|
||||
func (this *Identity) userIdentity() string {
|
||||
return fmt.Sprintf("%s%s", "u_", this.User)
|
||||
// userFormat 用户信息
|
||||
func (this *Permission) userFormat() string {
|
||||
return fmt.Sprintf("%s%s", "u_", this.user)
|
||||
}
|
||||
|
||||
// roleIdentity 角色身份信息
|
||||
func (this *Permission) roleIdentity() []string {
|
||||
// roleFormat 角色信息
|
||||
func (this *Permission) roleFormat() []string {
|
||||
roles := make([]string, 0)
|
||||
|
||||
for _, v := range this.Roles {
|
||||
for _, v := range this.roles {
|
||||
roles = append(roles, fmt.Sprintf("%s%s", "r_", v))
|
||||
}
|
||||
return roles
|
||||
}
|
||||
|
||||
// AddTenant 追加租户
|
||||
func (this *Permission) AddTenant(tenant string) {
|
||||
this.tenant = tenant
|
||||
}
|
||||
|
||||
// AddRole 追加角色
|
||||
func (this *Permission) AddRole(roles []string) {
|
||||
this.roles = roles
|
||||
}
|
||||
|
||||
// AddUser 追加用户
|
||||
func (this *Permission) AddUser(user string) {
|
||||
this.user = user
|
||||
}
|
||||
|
||||
// AddRoleForUser 增加用户角色
|
||||
func (this *Permission) AddRoleForUser() (bool, error) {
|
||||
if this.Roles == nil || len(this.Roles) <= 0 {
|
||||
return false, errors.New("无角色信息")
|
||||
if len(this.roles) <= 0 {
|
||||
return false, errors.New("not role")
|
||||
}
|
||||
for _, role := range this.roleIdentity() {
|
||||
if _, err := auth.enforcer.AddRoleForUser(this.Identity.userIdentity(), role, this.Identity.tenantIdentity()); err != nil {
|
||||
for _, role := range this.roleFormat() {
|
||||
if _, err := auth.enforcer.AddRoleForUser(this.userFormat(), role, this.tenantFormat()); err != nil {
|
||||
return false, err
|
||||
}
|
||||
}
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// DeleteRoleForUser 删除用户角色
|
||||
//func (this *Permission) DeleteRoleForUser() (bool, error) {
|
||||
// if this.Roles == nil || len(this.Roles) <= 0 {
|
||||
// return false, errors.New("角色信息不存在")
|
||||
// }
|
||||
// for _, role := range this.roleIdentity() {
|
||||
// status, err := auth.enforcer.DeleteRoleForUser(this.Identity.userIdentity(), role, this.Identity.tenantIdentity())
|
||||
// if err != nil {
|
||||
// return false, err
|
||||
// } else if !status {
|
||||
// return false, errors.New("删除失败")
|
||||
// }
|
||||
// }
|
||||
// return true, nil
|
||||
//}
|
||||
|
||||
// DeleteRolesForUser 删除用户所有角色
|
||||
func (this *Permission) DeleteRolesForUser(allTenant bool) (bool, error) {
|
||||
if allTenant {
|
||||
return auth.enforcer.DeleteRolesForUser(this.Identity.userIdentity())
|
||||
return auth.enforcer.DeleteRolesForUser(this.userFormat())
|
||||
}
|
||||
return auth.enforcer.DeleteRolesForUser(this.Identity.userIdentity(), this.Identity.tenantIdentity())
|
||||
return auth.enforcer.DeleteRolesForUser(this.userFormat(), this.tenantFormat())
|
||||
}
|
||||
|
||||
//// AddPolicy 增加规则
|
||||
//func (this *Permission) AddPolicy() (bool, error) {
|
||||
// if this.Request == nil || len(this.Request) <= 0 {
|
||||
// return false, errors.New("请求事件错误")
|
||||
// }
|
||||
// return auth.enforcer.AddPolicy(this.roleIdentity()[0], this.Identity.tenantIdentity(), this.Request[0].Url, this.Request[0].Method)
|
||||
//}
|
||||
|
||||
// AddPolicies TODO:增加多个规则
|
||||
func (this *Permission) AddPolicies() (bool, error) {
|
||||
if this.Request == nil || len(this.Request) <= 0 {
|
||||
return false, errors.New("请求事件错误")
|
||||
if len(this.request) <= 0 {
|
||||
return false, errors.New("not request")
|
||||
}
|
||||
rules := make([][]string, 0)
|
||||
|
||||
for _, s := range this.Request {
|
||||
for _, s := range this.request {
|
||||
rules = append(rules, []string{
|
||||
this.roleIdentity()[0], this.Identity.tenantIdentity(), s.Url, s.Method,
|
||||
this.roleFormat()[0], this.tenantFormat(), s.Url, s.Method,
|
||||
})
|
||||
}
|
||||
return auth.enforcer.AddPolicies(rules)
|
||||
}
|
||||
|
||||
//// RemovePolicy TODO:删除规则
|
||||
//func (this *Permission) RemovePolicy() (bool, error) {
|
||||
// if this.Request == nil || len(this.Request) <= 0 {
|
||||
// return false, errors.New("请求事件错误")
|
||||
// }
|
||||
// return auth.enforcer.RemovePolicy(this.roleIdentity()[0], this.Identity.tenantIdentity(), this.Request[0].Url, this.Request[0].Method)
|
||||
//}
|
||||
//
|
||||
//// RemovePolicies 删除多个规则
|
||||
//func (this *Permission) RemovePolicies() (bool, error) {
|
||||
// rules := make([][]string, 0)
|
||||
//
|
||||
// for _, s := range this.Request {
|
||||
// rules = append(rules, []string{
|
||||
// this.roleIdentity()[0], this.Identity.tenantIdentity(), s.Url, s.Method,
|
||||
// })
|
||||
// }
|
||||
// return auth.enforcer.RemovePolicies(rules)
|
||||
//}
|
||||
|
||||
// RemoveRolePolicy 删除角色的所有规则
|
||||
func (this *Permission) RemoveRolePolicy() (bool, error) {
|
||||
if this.Roles == nil || len(this.Roles) <= 0 {
|
||||
return false, errors.New("角色信息不存在")
|
||||
if len(this.roles) <= 0 {
|
||||
return false, errors.New("not role")
|
||||
}
|
||||
return auth.enforcer.RemoveFilteredPolicy(0, this.roleIdentity()[0], this.Identity.tenantIdentity())
|
||||
return auth.enforcer.RemoveFilteredPolicy(0, this.roleFormat()[0], this.tenantFormat())
|
||||
}
|
||||
|
||||
// RemoveNamedGroupingPolicies 删除租户下角色的权限
|
||||
func (this *Permission) RemoveNamedGroupingPolicies() (bool, error) {
|
||||
rules := make([][]string, 0)
|
||||
|
||||
roles := this.roleIdentity()
|
||||
|
||||
for _, role := range roles {
|
||||
for _, role := range this.roleFormat() {
|
||||
rule := make([]string, 0)
|
||||
for _, request := range this.Request {
|
||||
rule = append(rule, role, this.Identity.tenantIdentity(), request.Url, request.Method)
|
||||
for _, request := range this.request {
|
||||
rule = append(rule, role, this.tenantFormat(), request.Url, request.Method)
|
||||
}
|
||||
rules = append(rules, rule)
|
||||
}
|
||||
@ -204,32 +192,28 @@ func (this *Permission) RemoveNamedGroupingPolicies() (bool, error) {
|
||||
|
||||
// RemoveFilteredGroupingPolicy 删除组权限规则
|
||||
func (this *Permission) RemoveFilteredGroupingPolicy() (bool, error) {
|
||||
return auth.enforcer.RemoveFilteredGroupingPolicy(0, this.Identity.tenantIdentity())
|
||||
return auth.enforcer.RemoveFilteredGroupingPolicy(0, this.tenantFormat())
|
||||
}
|
||||
|
||||
// HasPolicy 检查访问权限
|
||||
// Enforce 检查访问权限
|
||||
func (this *Permission) Enforce() (bool, error) {
|
||||
if this.Request == nil || len(this.Request) <= 0 {
|
||||
return false, errors.New("请求事件错误")
|
||||
if len(this.request) <= 0 {
|
||||
return false, errors.New("not request")
|
||||
}
|
||||
return auth.enforcer.Enforce(this.Identity.userIdentity(), this.Identity.tenantIdentity(), this.Request[0].Url, "*")
|
||||
return auth.enforcer.Enforce(this.userFormat(), this.tenantFormat(), this.request[0].Url, "*")
|
||||
}
|
||||
|
||||
// NewAuth
|
||||
// NewAuth 创建验证
|
||||
func NewAuth() *Auth {
|
||||
return &Auth{}
|
||||
}
|
||||
|
||||
// NewPermission
|
||||
func NewPermission(roles []string, act ...*AuthRequest) IdentityPermission {
|
||||
return func(tenant, user string) *Permission {
|
||||
return &Permission{
|
||||
Identity: &Identity{
|
||||
Tenant: tenant,
|
||||
User: user,
|
||||
},
|
||||
Roles: roles,
|
||||
Request: act,
|
||||
}
|
||||
// NewPermission 创建权限
|
||||
func NewPermission(options ...PermissionOptions) *Permission {
|
||||
out := new(Permission)
|
||||
|
||||
for _, option := range options {
|
||||
option(out)
|
||||
}
|
||||
return out
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user