示例#1
0
文件: engine.go 项目: kosmikko/go.sec
func (e *engine) DecisionEx(roleName string, res string, perms ...string) bool {
	rootId, _, exist := e.GetRole(roleName, false)
	if !exist {
		return false
	}
	r1, err := resource.Parse(res)
	if err != nil {
		panic(err)
	}
	for _, permName := range perms {
		f := func(rid int) bool {
			for _, pid := range e.rolePerm[rid] {
				if e.storage[pid].sName != permName {
					continue
				} else if r2, err := resource.Parse(e.storage[pid].sContent); err != nil {
					panic(err)
				} else if r2.Contains(r1) {
					return true
				}
			}
			return false
		}
		found := e.searchRoleGraph(rootId, f)
		if !found {
			return false
		}
	}
	return true
}
示例#2
0
文件: engine.go 项目: kosmikko/go.sec
func (e *mongoEngine) DecisionEx(roleName string, res string, perms ...string) bool {
	if permids, err := e.getPermIds(res, perms, false); err == nil {
		q := e.Roles.Find(M{"_id": roleName, "indirectgrants.permids": M{"$all": permids}})
		if n, err := q.Count(); err == nil && n == 1 {
			return true
		}
	}
	e.buildRoleCache(roleName)
	role := NewRoleRecord()
	if err := e.Roles.FindId(roleName).One(role); err != nil {
		return false
	}
	permids := role.IndirectGrants.PermIds
	r1, err := resource.Parse(res)
	if err != nil {
		panic(err)
	}
	pm := make(map[string][]resource.Resource)
	for _, pid := range permids {
		perm := NewPerm()
		if err := e.Perms.Find(M{"id": pid}).One(perm); err != nil {
			continue
		}
		r2, err := resource.Parse(perm.Perm.Resource.Url)
		if err != nil {
			continue
		}
		pm[perm.Perm.PermName] = append(pm[perm.Perm.PermName], r2)
	}
	for _, p := range perms {
		found := false
		for _, r3 := range pm[p] {
			if r3.Contains(r1) {
				found = true
				break
			}
		}
		if !found {
			return false
		}
	}
	return true
}
示例#3
0
文件: res.go 项目: kosmikko/go.sec
func Res(resString string) resource.Resource {
	res, _ := resource.Parse(resString, "")
	return res
}