func (e *engine) DecisionEx(roleName string, res string, perms ...string) bool {
rootId, _, exist := e.GetRole(roleName, false)
if !exist {
return false
}
r1, err := resource.Parse(res)
if err != nil {
panic(err)
}
for _, permName := range perms {
f := func(rid int) bool {
for _, pid := range e.rolePerm[rid] {
if e.storage[pid].sName != permName {
continue
} else if r2, err := resource.Parse(e.storage[pid].sContent); err != nil {
panic(err)
} else if r2.Contains(r1) {
return true
}
}
return false
}
found := e.searchRoleGraph(rootId, f)
if !found {
return false
}
}
return true
}
func (e *engine) Decision(roleName string, res string, perms ...string) bool {
rootId, _, exist := e.GetRole(roleName, false)
if !exist {
return false
}
for _, p := range perms {
pid, exist := e.GetPerm(p, res, false)
if !exist {
return false
}
f := func(rid int) bool {
if pms, ok := e.rolePerm[rid]; !ok {
return false
} else if i := pms.Search(pid); i < len(pms) && pms[i] == pid {
return true
}
return false
}
found := e.searchRoleGraph(rootId, f)
if !found {
return false
}
}
return true
}
func (e *engine) GrantRole(grantee string, grants ...string) error {
gid, _, _ := e.GetRole(grantee, true)
for _, roleName := range grants {
rid, rType, _ := e.GetRole(roleName, true)
if rType != ROLE {
return errs.ErrUserNotGrantable
}
e.roleGraph[gid] = append(e.roleGraph[gid], rid)
e.roleGraph[gid].Sort()
}
return nil
}
func (e *engine) GrantPerm(roleName, resString string, perms ...string) error {
rid, _, exist := e.GetRole(roleName, true)
for _, perm := range perms {
pid, _ := e.GetPerm(perm, resString, true)
permIds := e.rolePerm[rid]
if idx := permIds.Search(pid); idx >= permIds.Len() || permIds[idx] != pid {
e.rolePerm[rid] = append(e.rolePerm[rid], pid)
e.rolePerm[rid].Sort()
}
}
if !exist {
return errs.ErrRoleNotExist
}
return nil
}
func (e *engine) DropRole(roleName string) error {
e.Lock()
defer e.Unlock()
rid, _, exist := e.GetRole(roleName, false)
if !exist {
return errs.ErrRoleNotExist
}
delete(e.roleMap, roleName)
delete(e.roleGraph, rid)
delete(e.storage, rid)
for k, v := range e.roleGraph {
if idx := v.Search(rid); idx < v.Len() && v[idx] == rid {
e.roleGraph[k] = append(v[:idx], v[idx+1:]...)
}
}
return nil
}
func (e *engine) RevokePerm(roleName string, res string, perms ...string) error {
rid, _, exist := e.GetRole(roleName, false)
if !exist {
return errs.ErrRoleNotExist
}
permIds := e.rolePerm[rid]
for _, permName := range perms {
if pid, exist := e.GetPerm(permName, res, false); exist {
RP:
if i := permIds.Search(pid); i < len(permIds) && permIds[i] == pid { //found
permIds = append(permIds[:i], permIds[i+1:]...)
goto RP
}
}
}
e.rolePerm[rid] = permIds
return nil
}
func (e *engine) RevokeRole(revokee string, revoked ...string) error {
eid, _, exist := e.GetRole(revokee, true)
if !exist {
return errs.ErrRoleNotExist
}
grantedRoleId := e.roleGraph[eid]
for _, roleName := range revoked {
if rid, _, exist := e.GetRole(roleName, false); !exist {
return errs.ErrRoleNotExist
} else {
if idx := grantedRoleId.Search(rid); idx < grantedRoleId.Len() && grantedRoleId[idx] == rid {
grantedRoleId = append(grantedRoleId[:idx], grantedRoleId[idx+1:]...)
}
}
}
e.roleGraph[eid] = grantedRoleId
return nil
}
func (e *engine) HasAnyRole(roleName string, hasRoleNames ...string) bool {
rootId, _, exist := e.GetRole(roleName, false)
if !exist {
return false
}
for _, r := range hasRoleNames {
id, _, exist := e.GetRole(r, false)
if !exist {
continue
}
f := func(nid int) bool {
return nid == id
}
found := e.searchRoleGraph(rootId, f)
if found {
return true
}
}
return false
}
