Esempio n. 1
0
func main() {
	rbac = &myRbac{Rbac: gorbac.New()}

	h := possum.NewHandler()
	h.PreHandler = func(r *http.Request) (int, error) {
		host, _, err := net.SplitHostPort(r.RemoteAddr)
		if err != nil {
			return http.StatusInternalServerError, err
		}
		if host != "127.0.0.1" {
			return http.StatusForbidden, fmt.Errorf("Localhost only")
		}
		return http.StatusOK, nil
	}

	h.PostHandler = func(r *http.Request, status int, data interface{}) {
		fmt.Printf("[%s] %s %s \"%s\" %d\n", time.Now(), r.RemoteAddr, r.Method, r.URL.String(), status)
	}

	if err := h.AddResource("/rbac", rbac); err != nil {
		fmt.Println(err)
		return
	}

	h.AddRPC("/isgranded", isGranded)
	fmt.Printf("[%s] %s\n", time.Now(), addr)
	if err := http.ListenAndServe(addr, h); err != nil {
		fmt.Println(err)
		return
	}
}
Esempio n. 2
0
/*
	Suppose:

	The role-a is inheriting from role-b.
	The role-b is inheriting from role-c, role-d.
	The role-c is individual.
	The role-d is individual.
	The role-e is inheriting from role-d.
	Every roles have thire own permissions.
*/
func ExampleRbac() {
	normalCases := map[string]map[string][]string{
		RA: {
			"permissions": {PA},
			"parents":     {RB},
		},
		RB: {
			"permissions": {PB},
			"parents":     {RC, RD},
		},
		RC: {
			"permissions": {PC},
			"parents":     nil,
		},
		RD: {
			"permissions": {PD},
			"parents":     nil,
		},
		RE: {
			"permissions": nil,
			"parents":     {RD},
		},
	}
	rbac := gorbac.New()

	for role, c := range normalCases {
		rbac.Add(role, convPermissions(c["permissions"]), c["parents"])
	}

	if rbac.IsGranted(RA, gorbac.NewStdPermission(PA), nil) &&
		rbac.IsGranted(RA, gorbac.NewStdPermission(PB), nil) &&
		rbac.IsGranted(RA, gorbac.NewStdPermission(PC), nil) &&
		rbac.IsGranted(RA, gorbac.NewStdPermission(PD), nil) {
		fmt.Println("The role-a has been granted permis-a, b, c and d.")
	}
	if rbac.IsGranted(RB, gorbac.NewStdPermission(PB), nil) &&
		rbac.IsGranted(RB, gorbac.NewStdPermission(PC), nil) &&
		rbac.IsGranted(RB, gorbac.NewStdPermission(PD), nil) {
		fmt.Println("The role-b has been granted permis-b, c and d.")
	}
	// When a circle inheratance ocurred,
	rbac.Get(RC).AddParent(RA)
	// it could be detected as following code:
	if err := gorbac.InherCircle(rbac); err != nil {
		fmt.Println("A circle inheratance ocurred.")
	}
	// Output:
	// The role-a has been granted permis-a, b, c and d.
	// The role-b has been granted permis-b, c and d.
	// A circle inheratance ocurred.
}
Esempio n. 3
0
/*
	Suppose:

	The role-a is inheriting from role-b.
	The role-b is inheriting from role-c, role-d.
	The role-c is individual.
	The role-d is individual.
	The role-e is inheriting from role-d.
	Every roles have thire own permissions.
*/
func ExampleRbac() {
	rbac := gorbac.New()
	rA := gorbac.NewStdRole("role-a")
	rB := gorbac.NewStdRole("role-b")
	rC := gorbac.NewStdRole("role-c")
	rD := gorbac.NewStdRole("role-d")
	rE := gorbac.NewStdRole("role-e")

	pA := gorbac.NewStdPermission("permission-a")
	pB := gorbac.NewStdPermission("permission-b")
	pC := gorbac.NewStdPermission("permission-c")
	pD := gorbac.NewStdPermission("permission-d")
	pE := gorbac.NewStdPermission("permission-e")

	rA.AddPermission(pA)
	rB.AddPermission(pB)
	rC.AddPermission(pC)
	rD.AddPermission(pD)
	rE.AddPermission(pE)

	rbac.Add(rA)
	rbac.Add(rB)
	rbac.Add(rC)
	rbac.Add(rD)
	rbac.Add(rE)
	rbac.SetParent("role-a", "role-b")
	rbac.SetParents("role-b", []string{"role-c", "role-d"})
	rbac.SetParent("role-e", "role-d")

	if rbac.IsGranted("role-a", pA, nil) &&
		rbac.IsGranted("role-a", pB, nil) &&
		rbac.IsGranted("role-a", pC, nil) &&
		rbac.IsGranted("role-a", pD, nil) {
		fmt.Println("The role-a has been granted permis-a, b, c and d.")
	}
	if rbac.IsGranted("role-b", pB, nil) &&
		rbac.IsGranted("role-b", pC, nil) &&
		rbac.IsGranted("role-b", pD, nil) {
		fmt.Println("The role-b has been granted permis-b, c and d.")
	}
	// When a circle inheratance ocurred,
	rbac.SetParent("role-c", "role-a")
	// it could be detected as following code:
	if err := gorbac.InherCircle(rbac); err != nil {
		fmt.Println("A circle inheratance ocurred.")
	}
	// Output:
	// The role-a has been granted permis-a, b, c and d.
	// The role-b has been granted permis-b, c and d.
	// A circle inheratance ocurred.
}
Esempio n. 4
0
/*
Suppose:

The role-c is inheriting from role-a, role-b.
The role-d is individual.
The role-e is inheriting from role-c, role-d.
Every roles have thire own permissions.

Thus:

The role-c has been granted permis-a/b/c.
The role-e has been granted permis-a/b/c/d.
*/
func ExampleRbac() {
	testingcases := map[string]map[string][]string{
		"role-a": map[string][]string{
			"permissions": []string{"permis-a"},
			"parents":     nil,
		},
		"role-b": map[string][]string{
			"permissions": []string{"permis-b"},
			"parents":     nil,
		},
		"role-c": map[string][]string{
			"permissions": []string{"permis-c"},
			"parents":     []string{"role-a", "role-b"},
		},
		"role-d": map[string][]string{
			"permissions": []string{"permis-d"},
			"parents":     nil,
		},
		"role-e": map[string][]string{
			"permissions": nil,
			"parents":     []string{"role-c", "role-d"},
		},
	}
	rbac := gorbac.New()

	for role, testingcase := range testingcases {
		rbac.Add(role, testingcase["permissions"], testingcase["parents"])
	}

	if rbac.IsGranted("role-c", "permis-a", nil) &&
		rbac.IsGranted("role-c", "permis-b", nil) &&
		rbac.IsGranted("role-c", "permis-c", nil) {
		fmt.Println("The role-c has been granted permis-a/b/c.")
	}
	if rbac.IsGranted("role-e", "permis-a", nil) &&
		rbac.IsGranted("role-e", "permis-b", nil) &&
		rbac.IsGranted("role-e", "permis-c", nil) &&
		rbac.IsGranted("role-e", "permis-d", nil) {
		fmt.Println("The role-e has been granted permis-a/b/c/d.")
	}
	// Output: The role-c has been granted permis-a/b/c.
	// The role-e has been granted permis-a/b/c/d.
}
Esempio n. 5
0
func main() {
	rbac := gorbac.New()
	r1 := newMyRole("role-1")
	r2 := newMyRole("role-2")
	r3 := newMyRole("role-3")
	r4 := newMyRole("role-4")
	if err := rbac.Add(r1); err != nil {
		fmt.Printf("Error: %s", err)
		return
	}
	if err := rbac.Add(r2); err != nil {
		fmt.Printf("Error: %s", err)
		return
	}
	if err := rbac.Add(r3); err != nil {
		fmt.Printf("Error: %s", err)
		return
	}
	if err := rbac.Add(r4); err != nil {
		fmt.Printf("Error: %s", err)
		return
	}

	if err := rbac.SetParents("role-1", []string{"role-2", "role-3"}); err != nil {
		fmt.Printf("Error: %s", err)
		return
	}

	if err := rbac.SetParent("role-3", "role-4"); err != nil {
		fmt.Printf("Error: %s", err)
		return
	}

	role, parents, err := rbac.Get("role-1")
	if err != nil {
		fmt.Printf("Error: %s", err)
		return
	}
	if myRole, ok := role.(*myRole); ok {
		fmt.Printf("Name:\t%s\nLabel:\t%s\nDesc:\t%s\nParents:\t%s\n",
			myRole.Id(), myRole.Label, myRole.Description, parents)
	}
}
Esempio n. 6
0
	"encoding/json"
	"fmt"
	"io/ioutil"
	"net"
	"net/http"
	"time"

	"github.com/mikespook/gorbac"
	"github.com/mikespook/possum"
	"github.com/mikespook/possum/router"
	"github.com/mikespook/possum/view"
)

const addr = "127.0.0.1:12345"

var rbac = gorbac.New()

func postHandler(ctx *possum.Context) error {
	body, err := ioutil.ReadAll(ctx.Request.Body)
	if err != nil {
		return err
	}
	defer ctx.Request.Body.Close()
	var m gorbac.Map
	if err := json.Unmarshal(body, &m); err != nil {
		return err
	}
	rbac = gorbac.Restore(m)
	ctx.Response.Data = rbac.Dump()
	return nil
}