Exemple #1
0
func (sm *DefaultSecurityManager) IsPermitted(principals []interface{}, permission string) bool {
	if len(principals) == 0 {
		return false
	}

	for _, re := range sm.realms {
		if r, ok := re.(authz.Authorizer); ok {
			return r.IsPermitted(principals, permission)
		}

		if r, ok := re.(realm.AuthorizingRealm); ok {
			info, _ := r.AuthorizationInfo(principals)

			if info != nil {
				compiledperm, _ := authz.NewWildcardPermission(permission)
				for _, p := range info.Permissions() {
					if p.Implies(compiledperm) {
						return true
					}
				}
			}
		}
	}

	return false
}
Exemple #2
0
func (a *SimpleAccount) AddPermission(permission string) error {
	p, err := authz.NewWildcardPermission(permission)
	if err == nil {
		a.AddPermissionP(p)
	}

	return err
}
Exemple #3
0
func (r *SimpleAccountRealm) IsPermitted(subjectPrincipal []interface{}, permission string) bool {
	p, err := authz.NewWildcardPermission(permission)

	if err != nil {
		return false
	}

	return r.IsPermittedP(subjectPrincipal, p)
}
Exemple #4
0
func (a *SimpleAccount) IsPermitted(permission string) bool {
	wp, err := authz.NewWildcardPermission(permission)

	if err != nil {
		return false
	}

	return a.IsPermittedP(wp)
}
Exemple #5
0
// Creates a new IniRealm, reading from a Reader.
func NewIni(name string, in io.Reader) (*IniRealm, error) {
	realm := IniRealm{SimpleAccountRealm{name: name}}
	realm.users = make(map[string]authc.SimpleAccount)
	realm.roles = make(map[string]authz.SimpleRole)
	realm.credentialsMatcher = &credential.PlainText{}

	ini, err := ini.Load(in)

	if err != nil {
		return nil, err
	}

	// Users
	for username, val := range ini.Section("users") {
		vals := strings.Split(val, ",")

		if len(vals) == 0 {
			return nil, errors.New("Invalid property in the INI file; assumed at least a password for user " + username)
		}

		// User account
		acct := authc.NewAccount(stringer(username), strings.TrimSpace(vals[0]), name)

		for _, role := range vals[1:] {
			acct.AddRole(strings.TrimSpace(role))
		}

		realm.users[username] = *acct
	}

	// Roles
	for role, permlist := range ini.Section("roles") {
		perms := strings.Split(permlist, ",")

		if len(perms) == 0 {
			return nil, errors.New("Role does not have any permissions")
		}

		r := authz.NewRole(role)

		for _, p := range perms {
			perm, err := authz.NewWildcardPermission(p)

			if err != nil {
				return nil, err
			}
			r.AddPermission(perm)
		}

		realm.roles[role] = *r
	}

	return &realm, nil
}