abac_model.conf

1
2
3
4
5
6
7
8
9
10
11
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj,act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub.App == r.obj.App && r.sub.Type == r.obj.Type && r.sub.Method==r.obj.Method

main.go

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package main

import (
    "fmt"
    "github.com/casbin/casbin"
)

type User struct {
    Id       int
    UserName string
    Group    []Group
}

type Group struct {
    Id       int
    Name     string
    App      string // app
    Type     string // 类型
    Method   string // 方法
    Priority int    // 优先级
}

type Obj struct {
    App    string // app
    Type   string // 类型
    Method string // 方法
}

func main() {
    // 无需policy.csv文件
    e := casbin.NewEnforcer("E:\\go-test\\test\\abac\\abac_model.conf")

    group1 := Group{
        Name:     "group1",
        App:      "asset",
        Type:     "aliyun",
        Method:   "Get",
        Priority: 100,
    }

    group2 := Group{
        Name:     "group2",
        App:      "asset",
        Type:     "aliyun",
        Method:   "Get",
        Priority: 100,
    }

    //  用户 hequan  属于 group1 , group2
    user1 := User{
        UserName: "hequan",
        Group:    []Group{group1, group2},
    }

    obj := Obj{
        App:    "asset",
        Type:   "aliyun",
        Method: "Get",
    }

    var perms = false

    // 检查 用户 hequan 所有的组  是否有权限
    for _, v := range user1.Group {
        if e.Enforce(v, obj, ""){
            perms = true
            break
        }
    }
    if perms {
        fmt.Println("权限正常")
    } else {
        fmt.Println("没有权限")
    }
}