82

GitHub - MrBoolean/acl: a lightweight acl manager for go.

 5 years ago
source link: https://github.com/MrBoolean/acl
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

README.md

ACL

Codacy Badge Build Status Codacy Badge Documentation

TL;DR;

acl is a lightweight acl manager for go.

Features

  • Design simple & reusable roles to empower your application.
  • Acquire the rights of other roles to build a powerful set of permissions.
  • Resolve possible roles by examine them in an unified way.

Example

type User struct {
    isAdmin bool
}

func main() {
    // first of all: create a new manager instance to register all your roles in one place
    manager := acl.NewManager()

    // now you can use `Ensure` to guarantee that the role with the passed identifier is present
    user := manager.Ensure("user").Grant("profile.edit")
    // use `Grant`, `Revoke` and `AcquireFrom` to extend the right stack
    editor := manager.Ensure("editor").Grant("news.list", "news.create", "news.edit").AcquireFrom(user)

    // you can also use NewRole to create a Role manually
    admin := acl.NewRole("admin").Grant("news.delete").AcquireFrom(editor)
    // note, that you have to register the role by yourself
    manager.Register(admin)

    // to check if a right was granted to a role you can use:
    var hasAccess bool
    hasAccess = admin.Has("some.right")

    // to check if at least one of the expected rights is present:
    hasAccess = admin.HasOneOf("news.list", "news.create")

    // ... and finally, to check that all the expected rights are present, use:
    hasAccess = admin.HasAllOf("news.delete", "news.list")

    // a role can be extended with an examiner to determine whether a role can be added
    // to a `ResultSet`
    admin.SetExaminer(func (payload interface{}) bool {
        user := payload.(User)
        return user.isAdmin
    })

    // to get a result set you can use the managers `Examine` function
    rs := manager.Examine(User{isAdmin: true})

    // a result set contains "Has", "HasOneOf" and "HasAllOf" as described above and...
    // `GetRole` to grab specific roles from the result set
    expectedRole := rs.GetRole("admin")

    // you can also check if a role was added to a result set using:
    if rs.HasRole("admin") {
        // ...
    }
}

Possible enhancements

  • Conditional IsAllowed (combine AND/OR queries into a ConditionGroup).

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK