func (e *engine) Decision(roleName string, res string, perms ...string) bool {
rootId, _, exist := e.GetRole(roleName, false)
if !exist {
return false
}
for _, p := range perms {
pid, exist := e.GetPerm(p, res, false)
if !exist {
return false
}
f := func(rid int) bool {
if pms, ok := e.rolePerm[rid]; !ok {
return false
} else if i := pms.Search(pid); i < len(pms) && pms[i] == pid {
return true
}
return false
}
found := e.searchRoleGraph(rootId, f)
if !found {
return false
}
}
return true
}
func (e *engine) GrantPerm(roleName, resString string, perms ...string) error {
rid, _, exist := e.GetRole(roleName, true)
for _, perm := range perms {
pid, _ := e.GetPerm(perm, resString, true)
permIds := e.rolePerm[rid]
if idx := permIds.Search(pid); idx >= permIds.Len() || permIds[idx] != pid {
e.rolePerm[rid] = append(e.rolePerm[rid], pid)
e.rolePerm[rid].Sort()
}
}
if !exist {
return errs.ErrRoleNotExist
}
return nil
}
func (e *engine) RevokePerm(roleName string, res string, perms ...string) error {
rid, _, exist := e.GetRole(roleName, false)
if !exist {
return errs.ErrRoleNotExist
}
permIds := e.rolePerm[rid]
for _, permName := range perms {
if pid, exist := e.GetPerm(permName, res, false); exist {
RP:
if i := permIds.Search(pid); i < len(permIds) && permIds[i] == pid { //found
permIds = append(permIds[:i], permIds[i+1:]...)
goto RP
}
}
}
e.rolePerm[rid] = permIds
return nil
}