// Shows how to add/check/remove permissions for a n entity (resource) of a user or a group entity func Example_acl() { entityManager := initEntityManager() fmt.Println("ExampleShowACLAddCheckRemovePermissions") fmt.Printf("User: %q, permission %q is: %v\n", userName1, canUsePermission, acl.CheckUserPermission(entityManager, userName1, resourceName, acl.Permission(canUsePermission))) data, _ := entityManager.GetPropertyAttachedToEntity(resourceName, stc.AclPropertyName) a, ok := data.(*acl.Acl) if ok == false { fmt.Println("Error: can't get property", stc.AclPropertyName, "attached to resource", resourceName) return } a.AddPermissionToResource(entityManager, userName1, acl.Permission(canUsePermission)) fmt.Printf("User: %q, permission %q is: %v\n", userName1, canUsePermission, acl.CheckUserPermission(entityManager, userName1, resourceName, acl.Permission(canUsePermission))) a.AddPermissionToResource(entityManager, groupName, acl.Permission(supportPermission)) a.AddPermissionToResource(entityManager, groupName, acl.Permission(canUsePermission)) a.AddPermissionToResource(entityManager, stc.AclAllEntryName, acl.Permission(allPermission)) a.AddPermissionToResource(entityManager, userInGroupName1, acl.Permission(usersPermission)) permissions, _ := acl.GetUserPermissions(entityManager, userInGroupName1, resourceName) fmt.Printf("All the permissions for user: %q, on resource %q are: %q\n", userInGroupName1, resourceName, permissions) permissions, _ = acl.GetUserPermissions(entityManager, groupName, resourceName) fmt.Printf("All the permissions for group %q on resource %q are: %q\n", groupName, resourceName, permissions) a.RemovePermissionFromEntity(groupName, acl.Permission(canUsePermission)) fmt.Printf("After remove permission: %q from group %q\n", canUsePermission, groupName) fmt.Printf("User: %q, permission %q is: %v\n", userInGroupName1, canUsePermission, acl.CheckUserPermission(entityManager, userInGroupName1, resourceName, acl.Permission(canUsePermission))) fmt.Printf("All the permissions are: %q\n", a.GetAllPermissions()) }
func (a aclRestful) getPermissions(request *restful.Request, response *restful.Response) { aclData, _, err := a.getResourceAclData(request, response) if err != nil { return } permissions := aclData.GetAllPermissions() ret := make(permissionsVecT) cnt := 0 for p, _ := range permissions { ret[acl.Permission(fmt.Sprintf("%v", cnt))] = acl.Permission(p) cnt = cnt + 1 } // if err != nil { // a.setError(response, http.StatusNotFound, err) // } else { // response.WriteEntity(ret) // } response.WriteEntity(ret) }
func (a aclRestful) deletePermission(request *restful.Request, response *restful.Response) { aclData, aclInfo, err := a.getResourceAclData(request, response) if err != nil { return } err = aclData.RemovePermissionFromEntity(aclInfo.UserName, acl.Permission(aclInfo.Permission)) if err != nil { a.setError(response, http.StatusNotFound, err) } else { response.WriteHeader(http.StatusNoContent) } }
func (a aclRestful) setPermission(request *restful.Request, response *restful.Response) { a1, aclInfo, err := a.getResourceAclData(request, response) if a1 == nil { a.addAclToResource(request, response, aclInfo.ResourceName) a1, aclInfo, _ = a.getResourceAclData(request, response) } err = a1.AddPermissionToResource(a.st.UsersList, aclInfo.UserName, acl.Permission(aclInfo.Permission)) if err != nil { a.setError(response, http.StatusNotFound, err) } else { response.WriteHeader(http.StatusCreated) response.WriteEntity(a.getUrlPath(request, aclInfo.Permission)) } }
func generateAcl() (string, *acl.Acl, error) { stRestful.UsersList.AddResource(resourceName1) stRestful.UsersList.AddGroup(groupName) for _, name := range usersName { stRestful.UsersList.AddUser(name) stRestful.UsersList.AddUserToGroup(groupName, name) } aclData := acl.NewACL() for _, name := range usersName { for _, p := range usersPermissions { aclData.AddPermissionToResource(stRestful.UsersList, name, acl.Permission(p)) } } aclData.AddPermissionToResource(stRestful.UsersList, stc.AclAllEntryName, perAll) stRestful.UsersList.AddPropertyToEntity(resourceName1, stc.AclPropertyName, aclData) data, _ := json.Marshal(aclData) return string(data), aclData, nil }
func (a aclRestful) restSetPermission(request *restful.Request, response *restful.Response) { a1, aclInfo, err := a.getResourceAclData(request, response) if err != nil { a.setError(response, http.StatusNotFound, err) return } if a1 == nil { eAcl := acl.NewACL() a.addAclToResource(request, response, aclInfo.ResourceName, eAcl) a1, aclInfo, err = a.getResourceAclData(request, response) if err != nil { a.setError(response, http.StatusInternalServerError, err) return } } err = a1.AddPermissionToResource(a.st.UsersList, aclInfo.UserName, acl.Permission(aclInfo.Permission)) if err != nil { a.setError(response, http.StatusNotFound, err) } else { response.WriteHeader(http.StatusCreated) response.WriteEntity(a.getUrlPath(request, entityToken, fmt.Sprintf("%v/%v/%v/%v/%v", aclInfo.UserName, resourceToken, aclInfo.ResourceName, permissionsToken, aclInfo.Permission))) } }
func (a aclRestful) restCheckPermission(request *restful.Request, response *restful.Response) { a1, aclInfo, err := a.getResourceAclData(request, response) if err != nil { a.setError(response, http.StatusNotFound, err) return } if a1 == nil { a.setError(response, http.StatusNotFound, err) return } ok := false status := http.StatusOK if a1 != nil && aclInfo != nil { ok = acl.CheckUserPermission(a.st.UsersList, aclInfo.UserName, aclInfo.ResourceName, acl.Permission(aclInfo.Permission)) } str := fmt.Sprintf("Permission '%v' is allowed", aclInfo.Permission) if ok == false { str = fmt.Sprintf("Permission '%v' doesn't allowed", aclInfo.Permission) status = http.StatusNotFound } res := cr.Match{Match: ok, Message: str} response.WriteHeader(status) response.WriteEntity(res) }