Add adapter
This commit is contained in:
Ingo Oppermann
parent
8014512a82
commit
96eae9a539
542
app/casbin/adapter.go
Normal file
542
app/casbin/adapter.go
Normal file
File diff suppressed because it is too large
Load Diff
Binary file not shown.
@ -17,14 +17,15 @@ func main() {
|
||||
var object string
|
||||
var action string
|
||||
|
||||
flag.StringVar(&subject, "subject", "", "subject of this request")
|
||||
flag.StringVar(&subject, "subject", "$anon", "subject of this request")
|
||||
flag.StringVar(&domain, "domain", "$none", "domain of this request")
|
||||
flag.StringVar(&object, "object", "", "object of this request")
|
||||
flag.StringVar(&action, "action", "", "action of this request")
|
||||
|
||||
flag.Parse()
|
||||
|
||||
e, err := casbin.NewEnforcer("./model.conf", "./policy.csv")
|
||||
policy := NewAdapter("./policy.json")
|
||||
e, err := casbin.NewEnforcer("./model.conf", policy)
|
||||
if err != nil {
|
||||
fmt.Printf("error: %s\n", err)
|
||||
os.Exit(1)
|
||||
@ -33,6 +34,24 @@ func main() {
|
||||
e.AddFunction("ResourceMatch", ResourceMatchFunc)
|
||||
e.AddFunction("ActionMatch", ActionMatchFunc)
|
||||
|
||||
if err := addGroup(e, "foobar"); err != nil {
|
||||
fmt.Printf("error: %s\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
if err := addGroupUser(e, "foobar", "franz", "admin"); err != nil {
|
||||
fmt.Printf("error: %s\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
if err := addGroupUser(e, "foobar", "$anon", "anonymous"); err != nil {
|
||||
fmt.Printf("error: %s\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
e.RemovePolicy("bob", "igelcamp", "processid:*", "COMMAND")
|
||||
e.AddPolicy("bob", "igelcamp", "processid:bob-*", "COMMAND")
|
||||
|
||||
ok, err := e.Enforce(subject, domain, object, action)
|
||||
if err != nil {
|
||||
fmt.Printf("error: %s\n", err)
|
||||
@ -138,3 +157,36 @@ func getPrefix(s string) (string, string) {
|
||||
|
||||
return splits[0], splits[1]
|
||||
}
|
||||
|
||||
func addGroup(e *casbin.Enforcer, name string) error {
|
||||
rules := [][]string{}
|
||||
|
||||
rules = append(rules, []string{"role:admin", name, "api:/process/**", "GET|POST|PUT|DELETE"})
|
||||
rules = append(rules, []string{"role:admin", name, "processid:*", "CONFIG|PROGRESS|REPORT|METADATA|COMMAND"})
|
||||
rules = append(rules, []string{"role:admin", name, "rtmp:" + name + "/*", "PUBLISH|PLAY"})
|
||||
rules = append(rules, []string{"role:admin", name, "srt:" + name + "/*", "PUBLISH|PLAY"})
|
||||
rules = append(rules, []string{"role:admin", name, "fs:/" + name + "/**", "GET|POST|PUT|DELETE"})
|
||||
rules = append(rules, []string{"role:admin", name, "fs:/memfs/" + name + "/**", "GET|POST|PUT|DELETE"})
|
||||
|
||||
rules = append(rules, []string{"role:user", name, "api:/process/**", "GET"})
|
||||
rules = append(rules, []string{"role:user", name, "processid:*", "PROGRESS"})
|
||||
rules = append(rules, []string{"role:user", name, "rtmp:" + name + "/*", "PLAY"})
|
||||
rules = append(rules, []string{"role:user", name, "srt:" + name + "/*", "PLAY"})
|
||||
rules = append(rules, []string{"role:user", name, "fs:/" + name + "/**", "GET"})
|
||||
rules = append(rules, []string{"role:user", name, "fs:/memfs/" + name + "/**", "GET"})
|
||||
|
||||
rules = append(rules, []string{"role:anonymous", name, "rtmp:" + name + "/*", "PLAY"})
|
||||
rules = append(rules, []string{"role:anonymous", name, "srt:" + name + "/*", "PLAY"})
|
||||
rules = append(rules, []string{"role:anonymous", name, "fs:/" + name + "/**", "GET"})
|
||||
rules = append(rules, []string{"role:anonymous", name, "fs:/memfs/" + name + "/**", "GET"})
|
||||
|
||||
_, err := e.AddPolicies(rules)
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
func addGroupUser(e *casbin.Enforcer, group, username, role string) error {
|
||||
_, err := e.AddGroupingPolicy(username, "role:"+role, group)
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
206
app/casbin/policy.json
Normal file
206
app/casbin/policy.json
Normal file
@ -0,0 +1,206 @@
|
||||
[
|
||||
{
|
||||
"name": "igelcamp",
|
||||
"roles": {
|
||||
"admin": [
|
||||
{
|
||||
"resource": "api:/process/**",
|
||||
"actions": "GET|POST|PUT|DELETE"
|
||||
},
|
||||
{
|
||||
"resource": "processid:*",
|
||||
"actions": "CONFIG|PROGRESS|REPORT|METADATA|COMMAND"
|
||||
},
|
||||
{
|
||||
"resource": "rtmp:igelcamp/*",
|
||||
"actions": "PUBLISH|PLAY"
|
||||
},
|
||||
{
|
||||
"resource": "srt:igelcamp/*",
|
||||
"actions": "PUBLISH|PLAY"
|
||||
},
|
||||
{
|
||||
"resource": "fs:/igelcamp/**",
|
||||
"actions": "GET|POST|PUT|DELETE"
|
||||
},
|
||||
{
|
||||
"resource": "fs:/memfs/igelcamp/**",
|
||||
"actions": "GET|POST|PUT|DELETE"
|
||||
}
|
||||
],
|
||||
"anonymous": [
|
||||
{
|
||||
"resource": "rtmp:igelcamp/*",
|
||||
"actions": "PLAY"
|
||||
},
|
||||
{
|
||||
"resource": "srt:igelcamp/*",
|
||||
"actions": "PLAY"
|
||||
},
|
||||
{
|
||||
"resource": "fs:/igelcamp/**",
|
||||
"actions": "GET"
|
||||
},
|
||||
{
|
||||
"resource": "fs:/memfs/igelcamp/**",
|
||||
"actions": "GET"
|
||||
}
|
||||
],
|
||||
"user": [
|
||||
{
|
||||
"resource": "api:/process/**",
|
||||
"actions": "GET"
|
||||
},
|
||||
{
|
||||
"resource": "processid:*",
|
||||
"actions": "PROGRESS"
|
||||
},
|
||||
{
|
||||
"resource": "rtmp:igelcamp/*",
|
||||
"actions": "PLAY"
|
||||
},
|
||||
{
|
||||
"resource": "srt:igelcamp/*",
|
||||
"actions": "PLAY"
|
||||
},
|
||||
{
|
||||
"resource": "fs:/igelcamp/**",
|
||||
"actions": "GET"
|
||||
},
|
||||
{
|
||||
"resource": "fs:/memfs/igelcamp/**",
|
||||
"actions": "GET"
|
||||
}
|
||||
]
|
||||
},
|
||||
"users": [
|
||||
{
|
||||
"username": "alice",
|
||||
"role": "admin"
|
||||
},
|
||||
{
|
||||
"username": "bob",
|
||||
"role": "user"
|
||||
},
|
||||
{
|
||||
"username": "$anon",
|
||||
"role": "anonymous"
|
||||
}
|
||||
],
|
||||
"policies": [
|
||||
{
|
||||
"username": "bob",
|
||||
"resource": "processid:bob-*",
|
||||
"actions": "COMMAND"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "$none",
|
||||
"roles": {
|
||||
"anonymous": [
|
||||
{
|
||||
"resource": "fs:/*",
|
||||
"actions": "GET"
|
||||
}
|
||||
]
|
||||
},
|
||||
"users": [
|
||||
{
|
||||
"username": "$anon",
|
||||
"role": "anonymous"
|
||||
},
|
||||
{
|
||||
"username": "alice",
|
||||
"role": "anonymous"
|
||||
},
|
||||
{
|
||||
"username": "bob",
|
||||
"role": "anonymous"
|
||||
}
|
||||
],
|
||||
"policies": null
|
||||
},
|
||||
{
|
||||
"name": "foobar",
|
||||
"roles": {
|
||||
"admin": [
|
||||
{
|
||||
"resource": "processid:*",
|
||||
"actions": "CONFIG|PROGRESS|REPORT|METADATA|COMMAND"
|
||||
},
|
||||
{
|
||||
"resource": "rtmp:foobar/*",
|
||||
"actions": "PUBLISH|PLAY"
|
||||
},
|
||||
{
|
||||
"resource": "srt:foobar/*",
|
||||
"actions": "PUBLISH|PLAY"
|
||||
},
|
||||
{
|
||||
"resource": "fs:/foobar/**",
|
||||
"actions": "GET|POST|PUT|DELETE"
|
||||
},
|
||||
{
|
||||
"resource": "fs:/memfs/foobar/**",
|
||||
"actions": "GET|POST|PUT|DELETE"
|
||||
}
|
||||
],
|
||||
"anonymous": [
|
||||
{
|
||||
"resource": "rtmp:foobar/*",
|
||||
"actions": "PLAY"
|
||||
},
|
||||
{
|
||||
"resource": "srt:foobar/*",
|
||||
"actions": "PLAY"
|
||||
},
|
||||
{
|
||||
"resource": "fs:/foobar/**",
|
||||
"actions": "GET"
|
||||
},
|
||||
{
|
||||
"resource": "fs:/memfs/foobar/**",
|
||||
"actions": "GET"
|
||||
}
|
||||
],
|
||||
"user": [
|
||||
{
|
||||
"resource": "api:/process/**",
|
||||
"actions": "GET"
|
||||
},
|
||||
{
|
||||
"resource": "processid:*",
|
||||
"actions": "PROGRESS"
|
||||
},
|
||||
{
|
||||
"resource": "rtmp:foobar/*",
|
||||
"actions": "PLAY"
|
||||
},
|
||||
{
|
||||
"resource": "srt:foobar/*",
|
||||
"actions": "PLAY"
|
||||
},
|
||||
{
|
||||
"resource": "fs:/foobar/**",
|
||||
"actions": "GET"
|
||||
},
|
||||
{
|
||||
"resource": "fs:/memfs/foobar/**",
|
||||
"actions": "GET"
|
||||
}
|
||||
]
|
||||
},
|
||||
"users": [
|
||||
{
|
||||
"username": "franz",
|
||||
"role": "admin"
|
||||
},
|
||||
{
|
||||
"username": "$anon",
|
||||
"role": "anonymous"
|
||||
}
|
||||
],
|
||||
"policies": null
|
||||
}
|
||||
]
|
||||
Loading…
x
Reference in New Issue
Block a user