Ejemplo n.º 1
0
// Shows how to add/check/remove permissions for a n entity (resource) of a user or a group entity
func Example_acl() {
	entityManager := initEntityManager()
	fmt.Println("ExampleShowACLAddCheckRemovePermissions")
	fmt.Printf("User: %q, permission %q is: %v\n", userName1, canUsePermission,
		acl.CheckUserPermission(entityManager, userName1, resourceName, acl.Permission(canUsePermission)))
	data, _ := entityManager.GetPropertyAttachedToEntity(resourceName, stc.AclPropertyName)
	a, ok := data.(*acl.Acl)
	if ok == false {
		fmt.Println("Error: can't get property", stc.AclPropertyName, "attached to resource", resourceName)
		return
	}
	a.AddPermissionToResource(entityManager, userName1, acl.Permission(canUsePermission))
	fmt.Printf("User: %q, permission %q is: %v\n", userName1, canUsePermission,
		acl.CheckUserPermission(entityManager, userName1, resourceName, acl.Permission(canUsePermission)))
	a.AddPermissionToResource(entityManager, groupName, acl.Permission(supportPermission))
	a.AddPermissionToResource(entityManager, groupName, acl.Permission(canUsePermission))
	a.AddPermissionToResource(entityManager, stc.AclAllEntryName, acl.Permission(allPermission))
	a.AddPermissionToResource(entityManager, userInGroupName1, acl.Permission(usersPermission))
	permissions, _ := acl.GetUserPermissions(entityManager, userInGroupName1, resourceName)
	fmt.Printf("All the permissions for user: %q, on resource %q are: %q\n",
		userInGroupName1, resourceName, permissions)
	permissions, _ = acl.GetUserPermissions(entityManager, groupName, resourceName)
	fmt.Printf("All the permissions for group %q on resource %q are: %q\n", groupName, resourceName, permissions)
	a.RemovePermissionFromEntity(groupName, acl.Permission(canUsePermission))
	fmt.Printf("After remove permission: %q from group %q\n", canUsePermission, groupName)
	fmt.Printf("User: %q, permission %q is: %v\n", userInGroupName1, canUsePermission,
		acl.CheckUserPermission(entityManager, userInGroupName1, resourceName, acl.Permission(canUsePermission)))
	fmt.Printf("All the permissions are: %q\n", a.GetAllPermissions())
}
Ejemplo n.º 2
0
func (a aclRestful) getPermissions(request *restful.Request, response *restful.Response) {
	aclData, _, err := a.getResourceAclData(request, response)
	if err != nil {
		return
	}
	permissions := aclData.GetAllPermissions()
	ret := make(permissionsVecT)
	cnt := 0
	for p, _ := range permissions {
		ret[acl.Permission(fmt.Sprintf("%v", cnt))] = acl.Permission(p)
		cnt = cnt + 1
	}
	//	if err != nil {
	//		a.setError(response, http.StatusNotFound, err)
	//	} else {
	//		response.WriteEntity(ret)
	//	}
	response.WriteEntity(ret)
}
Ejemplo n.º 3
0
func (a aclRestful) deletePermission(request *restful.Request, response *restful.Response) {
	aclData, aclInfo, err := a.getResourceAclData(request, response)
	if err != nil {
		return
	}
	err = aclData.RemovePermissionFromEntity(aclInfo.UserName, acl.Permission(aclInfo.Permission))
	if err != nil {
		a.setError(response, http.StatusNotFound, err)
	} else {
		response.WriteHeader(http.StatusNoContent)
	}
}
Ejemplo n.º 4
0
func (a aclRestful) setPermission(request *restful.Request, response *restful.Response) {
	a1, aclInfo, err := a.getResourceAclData(request, response)
	if a1 == nil {
		a.addAclToResource(request, response, aclInfo.ResourceName)
		a1, aclInfo, _ = a.getResourceAclData(request, response)
	}
	err = a1.AddPermissionToResource(a.st.UsersList, aclInfo.UserName, acl.Permission(aclInfo.Permission))
	if err != nil {
		a.setError(response, http.StatusNotFound, err)
	} else {
		response.WriteHeader(http.StatusCreated)
		response.WriteEntity(a.getUrlPath(request, aclInfo.Permission))
	}
}
Ejemplo n.º 5
0
func generateAcl() (string, *acl.Acl, error) {
	stRestful.UsersList.AddResource(resourceName1)
	stRestful.UsersList.AddGroup(groupName)
	for _, name := range usersName {
		stRestful.UsersList.AddUser(name)
		stRestful.UsersList.AddUserToGroup(groupName, name)
	}
	aclData := acl.NewACL()
	for _, name := range usersName {
		for _, p := range usersPermissions {
			aclData.AddPermissionToResource(stRestful.UsersList, name, acl.Permission(p))
		}
	}
	aclData.AddPermissionToResource(stRestful.UsersList, stc.AclAllEntryName, perAll)
	stRestful.UsersList.AddPropertyToEntity(resourceName1, stc.AclPropertyName, aclData)
	data, _ := json.Marshal(aclData)
	return string(data), aclData, nil
}
Ejemplo n.º 6
0
func (a aclRestful) restSetPermission(request *restful.Request, response *restful.Response) {
	a1, aclInfo, err := a.getResourceAclData(request, response)
	if err != nil {
		a.setError(response, http.StatusNotFound, err)
		return
	}
	if a1 == nil {
		eAcl := acl.NewACL()
		a.addAclToResource(request, response, aclInfo.ResourceName, eAcl)
		a1, aclInfo, err = a.getResourceAclData(request, response)
		if err != nil {
			a.setError(response, http.StatusInternalServerError, err)
			return
		}
	}
	err = a1.AddPermissionToResource(a.st.UsersList, aclInfo.UserName, acl.Permission(aclInfo.Permission))
	if err != nil {
		a.setError(response, http.StatusNotFound, err)
	} else {
		response.WriteHeader(http.StatusCreated)
		response.WriteEntity(a.getUrlPath(request, entityToken, fmt.Sprintf("%v/%v/%v/%v/%v", aclInfo.UserName, resourceToken, aclInfo.ResourceName, permissionsToken, aclInfo.Permission)))
	}
}
Ejemplo n.º 7
0
func (a aclRestful) restCheckPermission(request *restful.Request, response *restful.Response) {
	a1, aclInfo, err := a.getResourceAclData(request, response)
	if err != nil {
		a.setError(response, http.StatusNotFound, err)
		return
	}
	if a1 == nil {
		a.setError(response, http.StatusNotFound, err)
		return
	}
	ok := false
	status := http.StatusOK
	if a1 != nil && aclInfo != nil {
		ok = acl.CheckUserPermission(a.st.UsersList, aclInfo.UserName, aclInfo.ResourceName, acl.Permission(aclInfo.Permission))
	}
	str := fmt.Sprintf("Permission '%v' is allowed", aclInfo.Permission)
	if ok == false {
		str = fmt.Sprintf("Permission '%v' doesn't allowed", aclInfo.Permission)
		status = http.StatusNotFound
	}
	res := cr.Match{Match: ok, Message: str}
	response.WriteHeader(status)
	response.WriteEntity(res)
}