Ejemplo n.º 1
0
func (e *engine) DecisionEx(roleName string, res string, perms ...string) bool {
	rootId, _, exist := e.GetRole(roleName, false)
	if !exist {
		return false
	}
	r1, err := resource.Parse(res)
	if err != nil {
		panic(err)
	}
	for _, permName := range perms {
		f := func(rid int) bool {
			for _, pid := range e.rolePerm[rid] {
				if e.storage[pid].sName != permName {
					continue
				} else if r2, err := resource.Parse(e.storage[pid].sContent); err != nil {
					panic(err)
				} else if r2.Contains(r1) {
					return true
				}
			}
			return false
		}
		found := e.searchRoleGraph(rootId, f)
		if !found {
			return false
		}
	}
	return true
}
Ejemplo n.º 2
0
func (e *engine) Decision(roleName string, res string, perms ...string) bool {
	rootId, _, exist := e.GetRole(roleName, false)
	if !exist {
		return false
	}
	for _, p := range perms {
		pid, exist := e.GetPerm(p, res, false)
		if !exist {
			return false
		}
		f := func(rid int) bool {
			if pms, ok := e.rolePerm[rid]; !ok {
				return false
			} else if i := pms.Search(pid); i < len(pms) && pms[i] == pid {
				return true
			}
			return false
		}
		found := e.searchRoleGraph(rootId, f)
		if !found {
			return false
		}
	}
	return true
}
Ejemplo n.º 3
0
func (e *engine) GrantRole(grantee string, grants ...string) error {
	gid, _, _ := e.GetRole(grantee, true)
	for _, roleName := range grants {
		rid, rType, _ := e.GetRole(roleName, true)
		if rType != ROLE {
			return errs.ErrUserNotGrantable
		}
		e.roleGraph[gid] = append(e.roleGraph[gid], rid)
		e.roleGraph[gid].Sort()
	}
	return nil
}
Ejemplo n.º 4
0
func (e *engine) GrantPerm(roleName, resString string, perms ...string) error {
	rid, _, exist := e.GetRole(roleName, true)
	for _, perm := range perms {
		pid, _ := e.GetPerm(perm, resString, true)
		permIds := e.rolePerm[rid]
		if idx := permIds.Search(pid); idx >= permIds.Len() || permIds[idx] != pid {
			e.rolePerm[rid] = append(e.rolePerm[rid], pid)
			e.rolePerm[rid].Sort()
		}
	}
	if !exist {
		return errs.ErrRoleNotExist
	}
	return nil
}
Ejemplo n.º 5
0
func (e *engine) DropRole(roleName string) error {
	e.Lock()
	defer e.Unlock()
	rid, _, exist := e.GetRole(roleName, false)
	if !exist {
		return errs.ErrRoleNotExist
	}
	delete(e.roleMap, roleName)
	delete(e.roleGraph, rid)
	delete(e.storage, rid)
	for k, v := range e.roleGraph {
		if idx := v.Search(rid); idx < v.Len() && v[idx] == rid {
			e.roleGraph[k] = append(v[:idx], v[idx+1:]...)
		}
	}
	return nil
}
Ejemplo n.º 6
0
func (e *engine) RevokePerm(roleName string, res string, perms ...string) error {
	rid, _, exist := e.GetRole(roleName, false)
	if !exist {
		return errs.ErrRoleNotExist
	}
	permIds := e.rolePerm[rid]
	for _, permName := range perms {
		if pid, exist := e.GetPerm(permName, res, false); exist {
		RP:
			if i := permIds.Search(pid); i < len(permIds) && permIds[i] == pid { //found
				permIds = append(permIds[:i], permIds[i+1:]...)
				goto RP
			}
		}
	}
	e.rolePerm[rid] = permIds
	return nil
}
Ejemplo n.º 7
0
func (e *engine) RevokeRole(revokee string, revoked ...string) error {
	eid, _, exist := e.GetRole(revokee, true)
	if !exist {
		return errs.ErrRoleNotExist
	}
	grantedRoleId := e.roleGraph[eid]
	for _, roleName := range revoked {
		if rid, _, exist := e.GetRole(roleName, false); !exist {
			return errs.ErrRoleNotExist
		} else {
			if idx := grantedRoleId.Search(rid); idx < grantedRoleId.Len() && grantedRoleId[idx] == rid {
				grantedRoleId = append(grantedRoleId[:idx], grantedRoleId[idx+1:]...)
			}
		}
	}
	e.roleGraph[eid] = grantedRoleId
	return nil
}
Ejemplo n.º 8
0
func (e *engine) HasAnyRole(roleName string, hasRoleNames ...string) bool {
	rootId, _, exist := e.GetRole(roleName, false)
	if !exist {
		return false
	}
	for _, r := range hasRoleNames {
		id, _, exist := e.GetRole(r, false)
		if !exist {
			continue
		}
		f := func(nid int) bool {
			return nid == id
		}
		found := e.searchRoleGraph(rootId, f)
		if found {
			return true
		}
	}
	return false
}