func (e *engine) DecisionEx(roleName string, res string, perms ...string) bool { rootId, _, exist := e.GetRole(roleName, false) if !exist { return false } r1, err := resource.Parse(res) if err != nil { panic(err) } for _, permName := range perms { f := func(rid int) bool { for _, pid := range e.rolePerm[rid] { if e.storage[pid].sName != permName { continue } else if r2, err := resource.Parse(e.storage[pid].sContent); err != nil { panic(err) } else if r2.Contains(r1) { return true } } return false } found := e.searchRoleGraph(rootId, f) if !found { return false } } return true }
func (e *engine) Decision(roleName string, res string, perms ...string) bool { rootId, _, exist := e.GetRole(roleName, false) if !exist { return false } for _, p := range perms { pid, exist := e.GetPerm(p, res, false) if !exist { return false } f := func(rid int) bool { if pms, ok := e.rolePerm[rid]; !ok { return false } else if i := pms.Search(pid); i < len(pms) && pms[i] == pid { return true } return false } found := e.searchRoleGraph(rootId, f) if !found { return false } } return true }
func (e *engine) GrantRole(grantee string, grants ...string) error { gid, _, _ := e.GetRole(grantee, true) for _, roleName := range grants { rid, rType, _ := e.GetRole(roleName, true) if rType != ROLE { return errs.ErrUserNotGrantable } e.roleGraph[gid] = append(e.roleGraph[gid], rid) e.roleGraph[gid].Sort() } return nil }
func (e *engine) GrantPerm(roleName, resString string, perms ...string) error { rid, _, exist := e.GetRole(roleName, true) for _, perm := range perms { pid, _ := e.GetPerm(perm, resString, true) permIds := e.rolePerm[rid] if idx := permIds.Search(pid); idx >= permIds.Len() || permIds[idx] != pid { e.rolePerm[rid] = append(e.rolePerm[rid], pid) e.rolePerm[rid].Sort() } } if !exist { return errs.ErrRoleNotExist } return nil }
func (e *engine) DropRole(roleName string) error { e.Lock() defer e.Unlock() rid, _, exist := e.GetRole(roleName, false) if !exist { return errs.ErrRoleNotExist } delete(e.roleMap, roleName) delete(e.roleGraph, rid) delete(e.storage, rid) for k, v := range e.roleGraph { if idx := v.Search(rid); idx < v.Len() && v[idx] == rid { e.roleGraph[k] = append(v[:idx], v[idx+1:]...) } } return nil }
func (e *engine) RevokePerm(roleName string, res string, perms ...string) error { rid, _, exist := e.GetRole(roleName, false) if !exist { return errs.ErrRoleNotExist } permIds := e.rolePerm[rid] for _, permName := range perms { if pid, exist := e.GetPerm(permName, res, false); exist { RP: if i := permIds.Search(pid); i < len(permIds) && permIds[i] == pid { //found permIds = append(permIds[:i], permIds[i+1:]...) goto RP } } } e.rolePerm[rid] = permIds return nil }
func (e *engine) RevokeRole(revokee string, revoked ...string) error { eid, _, exist := e.GetRole(revokee, true) if !exist { return errs.ErrRoleNotExist } grantedRoleId := e.roleGraph[eid] for _, roleName := range revoked { if rid, _, exist := e.GetRole(roleName, false); !exist { return errs.ErrRoleNotExist } else { if idx := grantedRoleId.Search(rid); idx < grantedRoleId.Len() && grantedRoleId[idx] == rid { grantedRoleId = append(grantedRoleId[:idx], grantedRoleId[idx+1:]...) } } } e.roleGraph[eid] = grantedRoleId return nil }
func (e *engine) HasAnyRole(roleName string, hasRoleNames ...string) bool { rootId, _, exist := e.GetRole(roleName, false) if !exist { return false } for _, r := range hasRoleNames { id, _, exist := e.GetRole(r, false) if !exist { continue } f := func(nid int) bool { return nid == id } found := e.searchRoleGraph(rootId, f) if found { return true } } return false }