casbin

文档：https://pkg.go.dev/github.com/casbin/casbin/v2
官方教程：https://casbin.org

type Enforcer

Enforcer是用于授权实施和策略管理的实施者

type Enforcer struct {
    // contains filtered or unexported fields
}

func NewEnforcer(params …interface{}) (*Enforcer, error) NewEnforcer通过文件或DB创建一个enforcer

e, _ := casbin.NewEnforcer("path/to/basic_model.conf", "path/to/basic_policy.csv")

a, _ := gormadapter.NewAdapter("mysql", "root:root@xx@tcp(xxx:3306)/study", true)
e, err := casbin.NewEnforcer("configs/auth_model.conf", a)

func (e *Enforcer) AddFunction(name string, function govaluate.ExpressionFunction)

func CustomFunction(key1 string, key2 string) bool {
    if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" {
        return true
    } else if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId" {
        return true
    } else {
        return false
    }
}
func CustomFunctionWrapper(args ...interface{}) (interface{}, error) {
    key1 := args[0].(string)
    key2 := args[1].(string)
    return bool(CustomFunction(key1, key2)), nil
}
func main() {
    e := tools.GetCasbin()
    e.AddFunction("keyMatchCustom", CustomFunctionWrapper)
}

管理 API

获取所有policy

func (e Enforcer) GetPolicy() [][]string 获取策略中的所有授权规则
func (e Enforcer) GetNamedPolicy(ptype string) [][]string 获取给定命名策略中的所有授权规则

policy := e.GetPolicy()
// [[admin /api/nowtime GET] [eve data3 read]]
namedPolicy := e.GetNamedPolicy("p")
// [[admin /api/nowtime GET] [eve data3 read]]

清空所有policy

func (e *Enforcer) ClearPolicy() 清除所有策略

RBAC API

验证

func (e *Enforcer) Enforce(rvals …interface{}) (bool, error)

• execution决定一个“subject”是否可以通过操作“action”访问一个“object”，输入参数通常是:(sub, obj, act)。

  authority, err := e.Enforce(claims.Role, c.Request.URL.Path, c.Request.Method)
  if err != nil || !authority {
    验证失败的逻辑
  }
  验证成功的逻辑

增加policy

func (e *Enforcer) AddPolicy(params …interface{}) (bool, error)

• 添加一个策略，如果规则已经存在，函数返回false，并且不会添加规则。 否则，函数通过添加新规则并返回true

  ok, err := e.AddPolicy("admin", "/api/nowtime", "GET")

func (e *Enforcer) AddNamedPolicy(ptype string, params …interface{}) (bool, error)

• 将授权规则添加到当前命名策略。如果规则已经存在，函数将返回false，并且规则将不被添加。否则，函数将通过添加新规则返回true

  ok, err := e.AddNamedPolicy("p", "admin", "/api/nowtime", "GET")

  func (e *Enforcer) AddPolicies(rules [][]string) (bool, error) 批量增加policy ```go rules := [][] string {

            []string {"jack", "data4", "read"},
            []string {"katy", "data4", "write"},
            []string {"leyo", "data4", "read"},
            []string {"ham", "data4", "write"},
    }

areRulesAdded,err := e.AddPolicies(rules)

func (e *[Enforcer](https://pkg.go.dev/github.com/casbin/casbin/v2#Enforcer)) AddNamedPolicies(ptype [string](https://pkg.go.dev/builtin#string), rules [][][string](https://pkg.go.dev/builtin#string)) ([bool](https://pkg.go.dev/builtin#bool), [error](https://pkg.go.dev/builtin#error))  批量增加policy
```go
rules := [][] string {
                []string {"jack", "data4", "read"},
                []string {"katy", "data4", "write"},
                []string {"leyo", "data4", "read"},
                []string {"ham", "data4", "write"},
        }
areRulesAdded,err := e.AddNamedPolicies("p", rules)

删除policy

func (e *Enforcer) RemovePolicy(params …interface{}) (bool, error)

• RemovePolicy从当前策略中删除授权规则

  ok, err := e.RemovePolicy("alice", "data1", "read")

func (e *Enforcer) RemoveNamedPolicy(ptype string, params …interface{}) (bool, error)

• RemoveNamedPolicy从当前命名策略中删除授权规则

  ok, err := e.RemoveNamedPolicy("p", "alice", "data1", "read")

func (e *Enforcer) RemovePolicies(rules [][]string) (bool, error) 批量删除policy

rules := [][] string {
                []string {"jack", "data4", "read"},
                []string {"katy", "data4", "write"},
                []string {"leyo", "data4", "read"},
                []string {"ham", "data4", "write"},
        }
areRulesRemoved,err := e.RemovePolicies(rules)

func (e *Enforcer) RemoveNamedPolicies(ptype string, rules [][]string) (bool, error) 批量删除policy

rules := [][] string {
                []string {"jack", "data4", "read"},
                []string {"katy", "data4", "write"},
                []string {"leyo", "data4", "read"},
                []string {"ham", "data4", "write"},
        }
areRulesRemoved,err := e.RemoveNamedPolicies("p", rules)

更新policy

func (e Enforcer) UpdatePolicy(oldPolicy []string, newPolicy []string) (bool, error)
func (e Enforcer) UpdateNamedPolicy(ptype string, p1 []string, p2 []string) (bool, error)

updated, err := e.UpdatePolicy([]string{"eve", "data3", "read"}, []string{"eve", "data3", "write"})

加载policy

func (e *Enforcer) LoadPolicy() error 加载策略，初始化做一次就ok。增加，修改，删除，不用重新加载

a, _ := gormadapter.NewAdapter("mysql", "root:root@xx@tcp(xxx:3306)/study", true)
e, err := casbin.NewEnforcer("configs/auth_model.conf", a)
e.LoadPolicy()

保存policy

func (e *Enforcer) SavePolicy() error SavePolicy保存当前的策略