README
¶
ACLs for Revel
This will be a simple ACL system for Revel. Do not use, very early phase.
Introduction
TBD.
- User has Roles (basically...)
- Objects have ACLs (permission + principal)
- MatchedRoles
Usage
import "github.com/mikkolehtisalo/revel/acl"
// Imaginary Model
type Opinion struct {
Uuid string
Message string
}
// Must be implemented, gets ACL entry for arbitrary item from cache
func (o Opinion) GetACLEntry(reference string) acl.ACLEntry {
entry := acl.GetEntry(reference)
if len(entry.ObjReference)==0 {
// Wasn't found from cache, build new!
entry = o.BuildACLEntry(reference)
// Save to cache
acl.SetEntry(entry)
}
return entry;
}
// Must be implemented, builds ACL entry if one can not be fetched from cache
func (w Wiki) BuildACLEntry(reference string) acl.ACLEntry {
entry := acl.ACLEntry{}
// Should probably be built from some data from database etc
acls := acl.BuildPermissionACLs("criticize", []string{"u:mikkolehtisalo"})
entry.ObjReference = reference
entry.ACLs = acls
entry.Inheritation = w.BuildACLInheritation()
entry.Parent = w.BuildACLParent()
return entry
}
// Generate a cache key that will distinguish different types of items
func (w Wiki) BuildACLReference() string {
return "opinion:"+w.Wiki_id
}
// Inheritation in use?
func (w Wiki) BuildACLInheritation() bool {
return false
}
// Reference to parent - used with inheritation
func (w Wiki) BuildACLParent() string {
return ""
}
// Imaginary Controller
type Opinions struct {
*revel.Controller
}
// Method in Controller
func (c Opinions) List revel.Result {
// Gets []Opinion from database
opins := db.GetManyOpinions()
// Logged on user must have permission to criticize in order to see an item!
filtered := acl.Filter(c.Args, []string{"criticize"}, opins)
// Return the filtered list
return c.RenderJson(filtered)
}
Gotchas
acl.Filter will return []Filterable. If the slice contents will be used for anything else besides printing, asserting type will be probably needed. For example:
filtered := acl.Filter(c.Args, []string{"criticize"}, opins)
// Naive handling of the slice
op := filtered[0].(Opinion)
// After previous the item will handle like Opinion
Documentation
¶
Index ¶
Constants ¶
View Source
const (
ACL_ENTRY_ID = "ACL_ENTRY"
)
Variables ¶
This section is empty.
Functions ¶
func GetPermissions ¶
TODO: inheritation!
Types ¶
type ACL ¶
type ACL struct {
// The permission, eg. "read", "write", "admin"
Permission string
// Who has the permission, eg. "u:michael", "g:administrators"
Principal string
}
func BuildPermissionACLs ¶
type ACLEntry ¶
type ACLEntry struct {
// Parseable reference to the object ACL entry belongs to, eg. "wiki:example1"
ObjReference string
// All the defined ACLs for object
ACLs []ACL
// Should be use inheritation with ACLs?
Inheritation bool
// Parent for calculating inheritation, eg. "page:level2page" or ""
Parent string
}
func GetACLEntry ¶
func GetACLEntry(reference string, item Filterable, inheritation bool) ACLEntry
Get ACL entry from cache. If not available, build new (and set in cache) If the type changes in inheritation, the BuildACLEntry before change should know how to build the next types!
type Filterable ¶
type Filterable interface {
SetMatched(permissions []string) interface{}
BuildACLReference() string
BuildACLEntry(reference string) ACLEntry
BuildACLInheritation() bool
BuildACLParent() string
}
func Filter ¶
func Filter(c map[string]interface{}, permissions []string, i interface{}, inheritation bool) []Filterable
Filters items based on user's roles. Returns those that match any of the listed permissions.
func Get_filterable ¶
func Get_filterable(items interface{}) []Filterable
Takes any interface{} and attempts to convert it to []Filterable
Source Files
Click to show internal directories.
Click to hide internal directories.