// Shows how to add/check/remove permissions for a n entity (resource) of a user or a group entity
func Example_acl() {
entityManager := initEntityManager()
fmt.Println("ExampleShowACLAddCheckRemovePermissions")
fmt.Printf("User %q permission %q is %v\n", userName1, canUsePermission,
acl.CheckUserPermission(entityManager, userName1, resourceName, en.Permission(canUsePermission)))
data, _ := entityManager.GetPropertyAttachedToEntity(resourceName, defs.AclPropertyName)
a, ok := data.(*acl.Acl)
if ok == false {
fmt.Println("Error: Cannot get property", defs.AclPropertyName, "attached to resource", resourceName)
return
}
a.AddPermissionToEntity(entityManager, userName1, en.Permission(canUsePermission))
fmt.Printf("User %q permission %q is: %v\n", userName1, canUsePermission,
acl.CheckUserPermission(entityManager, userName1, resourceName, en.Permission(canUsePermission)))
a.AddPermissionToEntity(entityManager, groupName, en.Permission(supportPermission))
a.AddPermissionToEntity(entityManager, groupName, en.Permission(canUsePermission))
a.AddPermissionToEntity(entityManager, defs.AclAllEntryName, en.Permission(allPermission))
a.AddPermissionToEntity(entityManager, userInGroupName1, en.Permission(usersPermission))
permissions, _ := acl.GetUserPermissions(entityManager, userInGroupName1, resourceName)
fmt.Printf("All the permissions for user %q on resource %q are: %q\n",
userInGroupName1, resourceName, permissions)
permissions, _ = acl.GetUserPermissions(entityManager, groupName, resourceName)
fmt.Printf("All the permissions for group %q on resource %q are: %q\n", groupName, resourceName, permissions)
a.RemovePermissionFromEntity(groupName, en.Permission(canUsePermission))
fmt.Printf("After remove permission: %q from group %q\n", canUsePermission, groupName)
fmt.Printf("User %q permission %q is: %v\n", userInGroupName1, canUsePermission,
acl.CheckUserPermission(entityManager, userInGroupName1, resourceName, en.Permission(canUsePermission)))
fmt.Printf("All the permissions are: %q\n", a.GetAllPermissions())
}
// Test estGetAllPermissionsOfEntity
// Add a set of permissions to resource for a given users list and verify that the respobse is as expected
func Test_getAllPermissionsOfEntity(t *testing.T) {
initState()
generateAcl()
baseURL := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[getAllPermissionsOfEntityCommand]), entityToken, userName1, resourceToken, resourceName1)
url := fmt.Sprintf("%v/%v", resourcePath, baseURL)
data, _ := acl.GetUserPermissions(stRestful.UsersList, userName1, resourceName1)
res := []string{}
for p := range data {
res = append(res, string(p))
}
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", res)
}
func (a AclRestful) restGetAllPermissionsOfEntity(request *restful.Request, response *restful.Response) {
userName := request.PathParameter(entityNameParam)
resourceName := request.PathParameter(resourceNameParam)
res, err := acl.GetUserPermissions(a.st.UsersList, userName, resourceName)
if err != nil {
a.setError(response, http.StatusNotFound, err)
return
}
data := []string{}
for name := range res {
data = append(data, string(name))
}
response.WriteHeaderAndEntity(http.StatusOK, data)
}