Giter Club home page Giter Club logo

go-acl's Introduction

A Role-Based-Access-Control (RBAC) package for general access verification.

Features

There is a concept "scope"(ACScope) , which is similar to "resource" in some other ACL library. It is necessary when permission identifiers are not unique, and is ignorable when permission identifiers are unique.

install

go get -u github.com/nextwhale/go-acl@latest

Usage 1

While permission identifiers are not unique in different scopes, scope must be provided.

To initialize ACL

// Example: A merchant business system
var bizACL *ga.ACL

func ACL() {
    if bizACL != nil {
        return bizACL
    }
	// While permission identifiers are not unique, ACScope must be provided
	scope1 := &ga.ACScope{
		ID:          "order_editting",
		Name:        "Order permissions",
		Permissions: []string{"add", "edit", "delete", "close"},
	}
	scope2 := &ga.ACScope{
		ID:          "video_editting",
		Name:        "Video permissions",
		Permissions: []string{"add", "edit", "delete", "audit"},
	}
	roleEditor := &ga.ACRole{
		ID:   "editors",
		Name: "Editors Group",
	}
	roleAssistant := &ga.ACRole{
		ID:"assistants",
		Name: "Assistants Group",
	}

	roleEditor.AddScope(scope1, scope2)
	roleAssistant.AddScope(scope1)

	bizACL := &ga.ACL{}
	bizACL.AddRole(roleEditor, roleAssistant)

    return bizACL
}

To verify

if ACL().IsRoleAllowed([]string{"editors"}, "order_editting", "delete") {
    fmt.Println("Editors have access to delete order!")
}

Usage 2

While permissions are unique in different scopes, scope is not necessary.

To initialize ACL

// Example: A routes access system
var adminACL *ga.ACL

func ACL() {
    if adminACL != nil {
        return adminACL
    }
    roleAdmin := ga.NewRoleWithUniquePermissions("1", "Administrators Group", []string{"/admin/admin/list", "/admin/admin/edit/:id", "/admin/admin/del/:id"})
    roleEditor := ga.NewRoleWithUniquePermissions("2", "Editors Group", []string{"/admin/article/list", "/admin/article/edit/:id", "/admin/article/del/:id"})

	adminACl := &ga.ACL{}
	adminACl.AddRole(roleAdmin, roleEditor)

    return adminACL
}

To verify permissions

if ACL().IsRoleAllowedUniquely([]string{"1","2"}, "/admin/article/del/:id") {
    fmt.Println("You have access to delete article")
}

Note

if you encounter any issue, feel free to post it. And I strongly encourage contributing to this project.

License

Distributed under MIT License, please see license file in code for more details.

go-acl's People

Contributors

nextwhale avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.