gorbac: github.com/mikespook/gorbac Index | Files | Directories

package gorbac

import "github.com/mikespook/gorbac"

Package gorbac provides a lightweight role-based access control implementation in Golang.

For the purposes of this package:

* an identity has one or more roles.
* a role requests access to a permission.
* a permission is given to a role.

Thus, RBAC has the following model:

* many to many relationship between identities and roles.
* many to many relationship between roles and permissions.
* roles can have parent roles.

Index

Package Files

helper.go permission.go rbac.go role.go

Variables

var (
    // ErrRoleNotExist occurred if a role cann't be found
    ErrRoleNotExist = errors.New("Role does not exist")
    // ErrRoleExist occurred if a role shouldn't be found
    ErrRoleExist = errors.New("Role has already existed")
)
var (
    ErrFoundCircle = fmt.Errorf("Found circle")
)

func AllGranted Uses

func AllGranted(rbac *RBAC, roles []string, permission Permission,
    assert AssertionFunc) (rslt bool)

AllGranted checks if all roles have the permission.

func AnyGranted Uses

func AnyGranted(rbac *RBAC, roles []string, permission Permission,
    assert AssertionFunc) (rslt bool)

AnyGranted checks if any role has the permission.

func InherCircle Uses

func InherCircle(rbac *RBAC) (err error)

InherCircle returns an error when detecting any circle inheritance.

func Walk Uses

func Walk(rbac *RBAC, h WalkHandler) (err error)

Walk passes each Role to WalkHandler

type AssertionFunc Uses

type AssertionFunc func(*RBAC, string, Permission) bool

AssertionFunc supplies more fine-grained permission controls.

type LayerPermission Uses

type LayerPermission struct {
    IDStr string `json:"id"`
    Sep   string `json:"sep"`
}

LayerPermission firstly checks the Id of permission. If the Id is matched, it can be consIdered having the permission. Otherwise, it checks every layers of permission. A role which has an upper layer granted, will be granted sub-layers permissions.

func (*LayerPermission) ID Uses

func (p *LayerPermission) ID() string

ID returns the identity of permission

func (*LayerPermission) Match Uses

func (p *LayerPermission) Match(a Permission) bool

Match another permission

type Permission Uses

type Permission interface {
    ID() string
    Match(Permission) bool
}

Permission exports `Id` and `Match`

func NewLayerPermission Uses

func NewLayerPermission(id string) Permission

NewLayerPermission returns an instance of layered permission with `id`

func NewStdPermission Uses

func NewStdPermission(id string) Permission

NewStdPermission returns a Permission instance with `id`

type Permissions Uses

type Permissions map[string]Permission

Permissions is a map

type RBAC Uses

type RBAC struct {
    // contains filtered or unexported fields
}

RBAC object, in most cases it should be used as a singleton.

func New Uses

func New() *RBAC

New returns a RBAC structure. The default role structure will be used.

func (*RBAC) Add Uses

func (rbac *RBAC) Add(r Role) (err error)

Add a role `r`.

func (*RBAC) Get Uses

func (rbac *RBAC) Get(id string) (r Role, parents []string, err error)

Get the role by `id` and a slice of its parents id.

func (*RBAC) GetParents Uses

func (rbac *RBAC) GetParents(id string) ([]string, error)

GetParents return `parents` of the role `id`. If the role is not existing, an error will be returned. Or the role doesn't have any parents, a nil slice will be returned.

func (*RBAC) IsGranted Uses

func (rbac *RBAC) IsGranted(id string, p Permission, assert AssertionFunc) (rslt bool)

IsGranted tests if the role `id` has Permission `p` with the condition `assert`.

func (*RBAC) Remove Uses

func (rbac *RBAC) Remove(id string) (err error)

Remove the role by `id`.

func (*RBAC) RemoveParent Uses

func (rbac *RBAC) RemoveParent(id string, parent string) error

RemoveParent unbind the `parent` with the role `id`. If the role or the parent is not existing, an error will be returned.

func (*RBAC) SetParent Uses

func (rbac *RBAC) SetParent(id string, parent string) error

SetParent bind the `parent` to the role `id`. If the role or the parent is not existing, an error will be returned.

func (*RBAC) SetParents Uses

func (rbac *RBAC) SetParents(id string, parents []string) error

SetParents bind `parents` to the role `id`. If the role or any of parents is not existing, an error will be returned.

type Role Uses

type Role interface {
    ID() string
    Permit(Permission) bool
}

Role is an interface. You should implement this interface for your own role structures.

type Roles Uses

type Roles map[string]Role

Roles is a map

type StdPermission Uses

type StdPermission struct {
    IDStr string
}

StdPermission only checks if the Ids are fully matching.

func (*StdPermission) ID Uses

func (p *StdPermission) ID() string

ID returns the identity of permission

func (*StdPermission) Match Uses

func (p *StdPermission) Match(a Permission) bool

Match another permission

type StdRole Uses

type StdRole struct {
    sync.RWMutex
    // IDStr is the identity of role
    IDStr string `json:"id"`
    // contains filtered or unexported fields
}

StdRole is the default role implement. You can combine this struct into your own Role implement.

func NewStdRole Uses

func NewStdRole(id string) *StdRole

NewStdRole is the default role factory function. It matches the declaration to RoleFactoryFunc.

func (*StdRole) Assign Uses

func (role *StdRole) Assign(p Permission) error

Assign a permission to the role.

func (*StdRole) ID Uses

func (role *StdRole) ID() string

ID returns the role's identity name.

func (*StdRole) Permissions Uses

func (role *StdRole) Permissions() []Permission

Permissions returns all permissions into a slice.

func (*StdRole) Permit Uses

func (role *StdRole) Permit(p Permission) (rslt bool)

Permit returns true if the role has specific permission.

func (*StdRole) Revoke Uses

func (role *StdRole) Revoke(p Permission) error

Revoke the specific permission.

type WalkHandler Uses

type WalkHandler func(Role, []string) error

WalkHandler is a function defined by user to handle role

Directories

PathSynopsis
examples/persistence
examples/user-definedUser-defined gorbac example

Package gorbac imports 4 packages (graph) and is imported by 8 packages. Updated 2019-01-10. Refresh now. Tools for package owners.