コード例 #1
0
ファイル: rbac_plain_api.go プロジェクト: kosmikko/go.sec
func main() {
	sess, err := mgo.Dial("localhost")
	if err != nil {
		panic("cannot connect to localhost")
	}
	db := sess.DB(fmt.Sprintf("rbac_%d", rand.New(rand.NewSource(time.Now().UnixNano())).Int31n))
	rbac.Init(db)
	rbac.NewUser("user1")
	rbac.NewUser("user2")
	rbac.NewUser("user3")
	employee := "oracle://*****:*****@localhost:1521/scott/emp"
	rbac.GrantRole("user1", "ceo")
	rbac.GrantRole("user2", "hr_mgr")
	rbac.GrantRole("user3", "hr_clk")
	rbac.GrantRole("ceo", "hr_mgr")
	rbac.GrantRole("hr_mgr", "hr_clk")
	rbac.GrantPerm("hr_mgr", employee, "update", "delete")
	rbac.GrantPerm("hr_clk", employee, "select", "insert")
	rbac.GrantGlobalPerm("ceo", "select")
	if !rbac.HasRole("user1", "hr_clk") {
		log.Fatal("user1 is ceo and should have hr_clk role")
	}
	if !rbac.Decision("user1", employee, "delete") {
		log.Fatal("user1 should have delete employee permission")
	}
	if rbac.Decision("user3", employee, "delete") {
		log.Fatal("user3 is hr_clk and should not have delete employee permission")
	}
	if rbac.Decision("hr_clerk", employee, "update", "insert", "delete") {
		log.Fatal("hr_clerk should not have update employee permission")
	}
	if !rbac.DecisionEx("user1", "abc", "select") {
		log.Fatal("user1 should has all select permission on all target")
	}
	rbac.RevokeRole("user1", "ceo")
	if rbac.Decision("user1", employee, "select") {
		log.Fatal("user1 should have not any employee permission")
	}
	rbac.DropRole("hr_clk")
	if rbac.HasRole("hr_mgr", "hr_clk") || rbac.HasRole("user1", "hr_clk") {
		log.Fatal("hr_clk role is dropped, user1 and hr_mgr should not have this role")
	}
	rbac.RevokePerm("hr_mgr", employee, "delete")
	if rbac.DecisionEx("ceo", employee, "delete") && rbac.DecisionEx("hr_mgr", employee, "delete") {
		log.Fatal("hr_mgr is revoked delete employee permission and ceo should not have it,eather")
	}
	db.DropDatabase()
	println("all test ok")
}
コード例 #2
0
ファイル: rbac_struct_api.go プロジェクト: kosmikko/go.sec
func main() {
	sess, err := mgo.Dial("localhost")
	if err != nil {
		panic("cannot connect to localhost")
	}
	db := sess.DB(fmt.Sprintf("rbac_%d", rand.New(rand.NewSource(time.Now().UnixNano())).Int31n))
	rbac.Init(db)
	user1, _ := rbac.NewUser("user1")
	user2, _ := rbac.NewUser("user2")
	user3, _ := rbac.NewUser("user3")
	roleCEO, _ := rbac.NewRole("ceo")
	roleHrManager, _ := rbac.NewRole("hr_mgr")
	roleHrClerk, _ := rbac.NewRole("hr_clk")
	permMeeting, _ := rbac.NewGlobalPerm("start_meeting")
	employee := "oracle://*****:*****@localhost:1521/scott/emp"
	all := "oracle://*****:*****@localhost:1521/scott"
	permSelectEmployee, _ := rbac.NewPerm("select", rbac.Res(employee))
	permUpdateEmployee, _ := rbac.NewPerm("update", rbac.Res(employee))
	permDeleteEmployee, _ := rbac.NewPerm("delete", rbac.Res(employee))
	permSelectAll, _ := rbac.NewPerm("select", rbac.Res(all))
	user2.GrantRole(roleHrManager)
	user3.GrantRole(roleHrClerk)
	rbac.GrantRole("user1", "ceo")
	rbac.GrantRole("hr_mgr", "hr_clk")
	roleCEO.GrantRole(roleHrManager)
	roleCEO.GrantPerm(permSelectAll)
	roleCEO.GrantPerm(permMeeting)
	rbac.GrantPerm("hr_clk", employee, "select", "insert")
	roleHrManager.GrantPerm(permUpdateEmployee)
	roleHrManager.GrantPerm(permDeleteEmployee)
	//rbac.RevokePerm("hr_manager", "employee", "delete")
	if !rbac.HasRole("user1", "hr_clk") || !user1.HasRole(roleHrClerk) || !user1.HasPerm(permSelectEmployee) {
		log.Fatal("user1 and hr_mgr should have hr_clk role and select on employee permission")
	}
	if !rbac.Decision("user1", employee, "delete") || !user1.HasPerm(permDeleteEmployee) {
		log.Fatal("user1 is ceo and should have delete employee permission")
	}
	roleHrManager.RevokePerm(permDeleteEmployee)
	if rbac.Decision("user1", employee, "delete") || user1.HasPerm(permDeleteEmployee) {
		log.Fatal("delete employee is revoked from hr_mgr, and user1 is ceo and should not have delete employee permission")
	}
	if rbac.Decision("hr_clerk", employee, "update", "insert", "delete") || roleHrClerk.HasPerm(permUpdateEmployee) {
		log.Fatal("hr_clerk should not have update employee permission")
	}
	if !rbac.DecisionEx("user3", employee, "select") {
		log.Fatal("user3 should has all select permission on all target")
	}
	if !rbac.DecisionEx("user1", "", "start_meeting") {
		log.Fatal("user1 is ceo and can start meeting")
	}
	db.DropDatabase()
	println("all test ok")
}