func (e *engine) DecisionEx(roleName string, res string, perms ...string) bool {
rootId, _, exist := e.GetRole(roleName, false)
if !exist {
return false
}
r1, err := resource.Parse(res)
if err != nil {
panic(err)
}
for _, permName := range perms {
f := func(rid int) bool {
for _, pid := range e.rolePerm[rid] {
if e.storage[pid].sName != permName {
continue
} else if r2, err := resource.Parse(e.storage[pid].sContent); err != nil {
panic(err)
} else if r2.Contains(r1) {
return true
}
}
return false
}
found := e.searchRoleGraph(rootId, f)
if !found {
return false
}
}
return true
}
func (e *mongoEngine) DecisionEx(roleName string, res string, perms ...string) bool {
if permids, err := e.getPermIds(res, perms, false); err == nil {
q := e.Roles.Find(M{"_id": roleName, "indirectgrants.permids": M{"$all": permids}})
if n, err := q.Count(); err == nil && n == 1 {
return true
}
}
e.buildRoleCache(roleName)
role := NewRoleRecord()
if err := e.Roles.FindId(roleName).One(role); err != nil {
return false
}
permids := role.IndirectGrants.PermIds
r1, err := resource.Parse(res)
if err != nil {
panic(err)
}
pm := make(map[string][]resource.Resource)
for _, pid := range permids {
perm := NewPerm()
if err := e.Perms.Find(M{"id": pid}).One(perm); err != nil {
continue
}
r2, err := resource.Parse(perm.Perm.Resource.Url)
if err != nil {
continue
}
pm[perm.Perm.PermName] = append(pm[perm.Perm.PermName], r2)
}
for _, p := range perms {
found := false
for _, r3 := range pm[p] {
if r3.Contains(r1) {
found = true
break
}
}
if !found {
return false
}
}
return true
}
func Res(resString string) resource.Resource {
res, _ := resource.Parse(resString, "")
return res
}