role

README

Role 用户角色模块

提供用户角色管理功能以实现 github.com/herb-go/user 的Authorizer接口

Role 角色对象

角色对象是用户权限的最基础的元素，包括两部分内容，角色名和数据

r:=role.New("rolename")
//添加权限数据
r.AddData("fieldname","data1","data2")

//将role作为用户已经拥有的权限
ownedRoles=[]Role{role1,role2}

//将role作为待验证的权限规则
requiredRole=roleRequired

//判断用户是否拥有给定的权限。
//当用户有匹配的权限(权限名一致，所有的roledata都覆盖)时，返回true，否则返回false
TrueOrFalse,err=requiredRole.Execute(ownedRoles...)

Roles 角色列表对象

角色列表一般代表用户拥有的所有角色信息 //通过角色名列表创建角色列表对象。这种创建方式不能添加角色数据 roles:=role.NewRoles("role1","role2","role3")

//添加角色
roles.Add(role4)

//判断用户是否拥有给定的权限。
//当roles里所有的规则都被用户角色匹配时，返回true,否则返回false
TrueOrFalse,err=roles.Execute(ownedRoles...)

Rule 用户规则及相关操作

用户规则是用于角色权限控制的核心接口，代表被访问的资源需要的权限。

//多个规则进行and操作
rulesAnd=role.And(rule1,rule2,rule3)
//多个规则进行or操作
rulesOr=role.Or(rule2,rule2,rule3)
//not操作
ruleNot=role.Not(rule1)

//使用RuleSet
rs=role.NewRuleSet().
    And(rule1,rule2.rule3).
    Or(rule4,rule5).
    Not()

Service 角色服务

角色服务包含了用户识别器和基于用户的角色获取器，能够直接从http请求中获取当前用户的所有角色

//创建新的角色服务
service:=role.NewService(RoleProvider,Identifier)

//获取当前用户的所有权限
roles,err=service.RolesFromRequest(r)

//传入规则生成器，生成响应权限验证中间件
//第二个参数为空则失败时返回403状态
authorizerMiddleware=service.AuthorizeMiddleware(RuleProvider,nil)
app.Use(authorizerMiddleware)

//根据传入的角色名，生成权限验证中间件
authorizerMiddleware=service.RolesAuthorizeOrForbiddenMiddleware(role1,role2)
app.Use(authorizerMiddleware)

Documentation

Index

• type Authorizer
  • func (a *Authorizer) Authorize(r *http.Request) (bool, error)
  • func (a *Authorizer) RolesFromRequest(r *http.Request) (*Roles, error)
• type Provider
• type Role
  • func New(name string) *Role
  • func (r *Role) AddData(field string, data ...string)
  • func (r *Role) Execute(roles ...*Role) (bool, error)
• type Roles
  • func NewRoles(rolenames ...string) *Roles
  • func (rules *Roles) Add(r *Role) *Roles
  • func (rules *Roles) Execute(roles ...*Role) (bool, error)
  • func (rules *Roles) Rule(*http.Request) (Rule, error)
• type Rule
• type RuleAnd
  • func And(c ...Rule) *RuleAnd
  • func (c *RuleAnd) Execute(roles ...*Role) (bool, error)
• type RuleNot
  • func Not(c Rule) *RuleNot
  • func (c *RuleNot) Execute(roles ...*Role) (bool, error)
• type RuleOr
  • func Or(c ...Rule) *RuleOr
  • func (c *RuleOr) Execute(roles ...*Role) (bool, error)
• type RuleProvider
• type RuleSet
  • func NewRuleSet(Rule Rule) *RuleSet
  • func (ruleset *RuleSet) And(c ...Rule) *RuleSet
  • func (ruleset *RuleSet) Execute(roles ...*Role) (bool, error)
  • func (ruleset *RuleSet) Not() *RuleSet
  • func (ruleset *RuleSet) Or(c ...Rule) *RuleSet
• type Service
  • func NewService(RoleProvider Provider, Identifier user.Identifier) *Service
  • func (s *Service) AuthorizeMiddleware(rs RuleProvider, unauthorizedAction http.HandlerFunc) func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
  • func (s *Service) Authorizer(rs RuleProvider) *Authorizer
  • func (s *Service) RolesAuthorizeOrForbiddenMiddleware(ruleNames ...string) func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)

Types

type Authorizer

type Authorizer struct {
	Service      *Service
	RuleProvider RuleProvider
}

Authorizer role service authorizer

func (*Authorizer) Authorize

func (a *Authorizer) Authorize(r *http.Request) (bool, error)

Authorize authorized with requestWW

func (*Authorizer) RolesFromRequest

func (a *Authorizer) RolesFromRequest(r *http.Request) (*Roles, error)

RolesFromRequest get roles from request

type Provider

type Provider interface {
	//Roles get roles by user id.
	//Return user roles and any error if raised.
	Roles(uid string) (*Roles, error)
}

Provider roles provider interface

type Role

type Role struct {
	//Name role name
	Name string
	//Data role data
	Data map[string][]string
}

Role user role main struct

func New

func New(name string) *Role

New create new role with role name

func (*Role) AddData

func (r *Role) AddData(field string, data ...string)

AddData add data to role's special field

func (*Role) Execute

func (r *Role) Execute(roles ...*Role) (bool, error)

Execute execute role as rule provider. If rule data if empty,any role with same name will success. Otherwise,only roles with data which covers all rule data will success.

type Roles

type Roles []*Role

Roles type role list

func NewRoles

func NewRoles(rolenames ...string) *Roles

NewRoles create new roles with given rolesnames. You can't use this method to create roles with data.

func (*Roles) Add

func (rules *Roles) Add(r *Role) *Roles

Add add role to roles

func (*Roles) Execute

func (rules *Roles) Execute(roles ...*Role) (bool, error)

Execute execute role as rule provider. If rule data if empty,any role with same name will success. Otherwise,only roles with data which covers all rule data will success. Method will suceess if All rules success.

func (*Roles) Rule

func (rules *Roles) Rule(*http.Request) (Rule, error)

Rule implement rule provdier interface.

type Rule

type Rule interface {
	Execute(roles ...*Role) (bool, error)
}

Rule user authorize rule interface

type RuleAnd

type RuleAnd struct {
	Rules []Rule
}

RuleAnd rules commbined in not operation.

func And

func And(c ...Rule) *RuleAnd

And create a and rule

func (*RuleAnd) Execute

func (c *RuleAnd) Execute(roles ...*Role) (bool, error)

Execute will success if all rule success

type RuleNot

type RuleNot struct {
	Rule Rule
}

RuleNot a not operation to rule

func Not

func Not(c Rule) *RuleNot

Not Create a not rule

func (*RuleNot) Execute

func (c *RuleNot) Execute(roles ...*Role) (bool, error)

Execute will success if rule fail

type RuleOr

type RuleOr struct {
	Rules []Rule
}

RuleOr rules commbined in or operation.

func Or

func Or(c ...Rule) *RuleOr

Or create a or rule

func (*RuleOr) Execute

func (c *RuleOr) Execute(roles ...*Role) (bool, error)

Execute execute as rule provider. Execute will success if any rule success

type RuleProvider

type RuleProvider interface {
	//Rule get rule from http request.
	//Return rule and any error if raised.
	Rule(*http.Request) (Rule, error)
}

RuleProvider rule provider interface

type RuleSet

type RuleSet struct {
	Rule Rule
}

RuleSet a set of rule

func NewRuleSet

func NewRuleSet(Rule Rule) *RuleSet

NewRuleSet create new rule set

func (*RuleSet) And

func (ruleset *RuleSet) And(c ...Rule) *RuleSet

And combine ruleset with rules by and operate

func (*RuleSet) Execute

func (ruleset *RuleSet) Execute(roles ...*Role) (bool, error)

Execute exccute ruleset

func (*RuleSet) Not

func (ruleset *RuleSet) Not() *RuleSet

Not set ruleset to not operated rule.

func (*RuleSet) Or

func (ruleset *RuleSet) Or(c ...Rule) *RuleSet

Or combine ruleset with rules by or operate

type Service

type Service struct {
	RoleProvider Provider
	Identifier   user.Identifier
}

Service role authorize service

func NewService

func NewService(RoleProvider Provider, Identifier user.Identifier) *Service

NewService create new role authorize service with role provider and user Identifier.

func (*Service) AuthorizeMiddleware

func (s *Service) AuthorizeMiddleware(rs RuleProvider, unauthorizedAction http.HandlerFunc) func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)

AuthorizeMiddleware middleware which authorize http request. If authorize fail,unauthorizedAction will be executed.

func (*Service) Authorizer

func (s *Service) Authorizer(rs RuleProvider) *Authorizer

Authorizer create authorizer with given rule provider

func (*Service) RolesAuthorizeOrForbiddenMiddleware

func (s *Service) RolesAuthorizeOrForbiddenMiddleware(ruleNames ...string) func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)

RolesAuthorizeOrForbiddenMiddleware middleware which authorize http request. If authorize fail,http error forbidden will be executed.