100 lines
2.2 KiB
Go
100 lines
2.2 KiB
Go
package casbin
|
|
|
|
import (
|
|
"sync"
|
|
|
|
"github.com/casbin/casbin/v2"
|
|
"github.com/casbin/casbin/v2/model"
|
|
gormadapter "github.com/casbin/gorm-adapter/v3"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
var (
|
|
syncedCachedEnforcer *casbin.SyncedCachedEnforcer
|
|
once sync.Once
|
|
)
|
|
|
|
// InitCasbin 初始化Casbin
|
|
func InitCasbin(db *gorm.DB, modelPath string) (*casbin.SyncedCachedEnforcer, error) {
|
|
var err error
|
|
once.Do(func() {
|
|
adapter, adapterErr := gormadapter.NewAdapterByDB(db)
|
|
if adapterErr != nil {
|
|
err = adapterErr
|
|
return
|
|
}
|
|
|
|
var m model.Model
|
|
if modelPath != "" {
|
|
m, err = model.NewModelFromFile(modelPath)
|
|
} else {
|
|
// 默认RBAC模型
|
|
m, err = model.NewModelFromString(`
|
|
[request_definition]
|
|
r = sub, obj, act
|
|
|
|
[policy_definition]
|
|
p = sub, obj, act
|
|
|
|
[role_definition]
|
|
g = _, _
|
|
|
|
[policy_effect]
|
|
e = some(where (p.eft == allow))
|
|
|
|
[matchers]
|
|
m = r.sub == p.sub && keyMatch2(r.obj,p.obj) && r.act == p.act
|
|
`)
|
|
}
|
|
if err != nil {
|
|
return
|
|
}
|
|
|
|
syncedCachedEnforcer, err = casbin.NewSyncedCachedEnforcer(m, adapter)
|
|
if err != nil {
|
|
return
|
|
}
|
|
syncedCachedEnforcer.SetExpireTime(60 * 60)
|
|
_ = syncedCachedEnforcer.LoadPolicy()
|
|
})
|
|
return syncedCachedEnforcer, err
|
|
}
|
|
|
|
// GetEnforcer 获取Enforcer实例
|
|
func GetEnforcer() *casbin.SyncedCachedEnforcer {
|
|
return syncedCachedEnforcer
|
|
}
|
|
|
|
// CheckPermission 检查权限
|
|
func CheckPermission(sub, obj, act string) (bool, error) {
|
|
if syncedCachedEnforcer == nil {
|
|
return false, nil
|
|
}
|
|
return syncedCachedEnforcer.Enforce(sub, obj, act)
|
|
}
|
|
|
|
// AddPolicy 添加策略
|
|
func AddPolicy(sub, obj, act string) (bool, error) {
|
|
return syncedCachedEnforcer.AddPolicy(sub, obj, act)
|
|
}
|
|
|
|
// RemovePolicy 删除策略
|
|
func RemovePolicy(sub, obj, act string) (bool, error) {
|
|
return syncedCachedEnforcer.RemovePolicy(sub, obj, act)
|
|
}
|
|
|
|
// GetPoliciesForUser 获取用户的所有策略
|
|
func GetPoliciesForUser(sub string) [][]string {
|
|
policies, _ := syncedCachedEnforcer.GetFilteredPolicy(0, sub)
|
|
return policies
|
|
}
|
|
|
|
// UpdateCasbinApi 更新API权限
|
|
func UpdateCasbinApi(oldPath, newPath, oldMethod, newMethod string) error {
|
|
_, err := syncedCachedEnforcer.UpdatePolicy(
|
|
[]string{"", oldPath, oldMethod},
|
|
[]string{"", newPath, newMethod},
|
|
)
|
|
return err
|
|
}
|