abac

Documentation

Index

• type ABACManager
  • func NewABACManager(cache CacheAdapter) *ABACManager
  • func (m *ABACManager) AddExpression(id, name, condition, effect string, priority int) error
  • func (m *ABACManager) BatchCheckPermission(ctx context.Context, userAttrs map[string]interface{}, ...) ([]bool, error)
  • func (m *ABACManager) CheckPermission(ctx context.Context, userAttrs map[string]interface{}, ...) (bool, error)
  • func (m *ABACManager) ClearPolicies() error
  • func (m *ABACManager) CreatePolicy(ctx context.Context, rule PolicyRule) error
  • func (m *ABACManager) DeletePolicy(ctx context.Context, id string) error
  • func (m *ABACManager) EvaluateCondition(expr string, attrs Attributes) (bool, error)
  • func (m *ABACManager) GetExpression(id string) (*Expression, error)
  • func (m *ABACManager) GetMatchingPolicies(userAttrs map[string]interface{}, resourceAttrs map[string]interface{}, ...) ([]*Expression, error)
  • func (m *ABACManager) GetPolicies(ctx context.Context) ([]*PolicyRule, error)
  • func (m *ABACManager) GetPolicyCount() int
  • func (m *ABACManager) RemoveExpression(id string) error
  • func (m *ABACManager) TestPolicy(condition string, attrs Attributes) (bool, error)
  • func (m *ABACManager) UpdatePolicy(ctx context.Context, id string, rule PolicyRule) error
  • func (m *ABACManager) ValidatePolicy(condition string) error
• type Attributes
• type CacheAdapter
• type Expression
• type PolicyRule

Types

type ABACManager

type ABACManager struct {
	// contains filtered or unexported fields
}

ABACManager ABAC 管理器

func NewABACManager

func NewABACManager(cache CacheAdapter) *ABACManager

NewABACManager 创建 ABAC 管理器

func (*ABACManager) AddExpression

func (m *ABACManager) AddExpression(id, name, condition, effect string, priority int) error

AddExpression 添加表达式

func (*ABACManager) BatchCheckPermission

func (m *ABACManager) BatchCheckPermission(
	ctx context.Context,
	userAttrs map[string]interface{},
	resourceAttrsList []map[string]interface{},
	action string,
	contextAttrs map[string]interface{},
) ([]bool, error)

BatchCheckPermission 批量权限检查

func (*ABACManager) CheckPermission

func (m *ABACManager) CheckPermission(
	ctx context.Context,
	userAttrs map[string]interface{},
	resourceAttrs map[string]interface{},
	action string,
	contextAttrs map[string]interface{},
) (bool, error)

CheckPermission 权限检查

func (*ABACManager) ClearPolicies

func (m *ABACManager) ClearPolicies() error

ClearPolicies 清空所有策略

func (*ABACManager) CreatePolicy

func (m *ABACManager) CreatePolicy(ctx context.Context, rule PolicyRule) error

CreatePolicy 创建策略

func (*ABACManager) DeletePolicy

func (m *ABACManager) DeletePolicy(ctx context.Context, id string) error

DeletePolicy 删除策略

func (*ABACManager) EvaluateCondition

func (m *ABACManager) EvaluateCondition(expr string, attrs Attributes) (bool, error)

EvaluateCondition 评估条件表达式（简化版）

func (*ABACManager) GetExpression

func (m *ABACManager) GetExpression(id string) (*Expression, error)

GetExpression 获取表达式

func (*ABACManager) GetMatchingPolicies

func (m *ABACManager) GetMatchingPolicies(
	userAttrs map[string]interface{},
	resourceAttrs map[string]interface{},
	action string,
	contextAttrs map[string]interface{},
) ([]*Expression, error)

GetMatchingPolicies 获取匹配的策略

func (*ABACManager) GetPolicies

func (m *ABACManager) GetPolicies(ctx context.Context) ([]*PolicyRule, error)

GetPolicies 获取所有策略

func (*ABACManager) GetPolicyCount

func (m *ABACManager) GetPolicyCount() int

GetPolicyCount 获取策略数量

func (*ABACManager) RemoveExpression

func (m *ABACManager) RemoveExpression(id string) error

RemoveExpression 移除表达式

func (*ABACManager) TestPolicy

func (m *ABACManager) TestPolicy(condition string, attrs Attributes) (bool, error)

TestPolicy 测试策略

func (*ABACManager) UpdatePolicy

func (m *ABACManager) UpdatePolicy(ctx context.Context, id string, rule PolicyRule) error

UpdatePolicy 更新策略

func (*ABACManager) ValidatePolicy

func (m *ABACManager) ValidatePolicy(condition string) error

ValidatePolicy 验证策略语法

type Attributes

type Attributes struct {
	User     map[string]interface{} `json:"user"`
	Resource map[string]interface{} `json:"resource"`
	Context  map[string]interface{} `json:"context"`
}

Attributes 属性结构

type CacheAdapter

type CacheAdapter interface {
	Get(key string) (interface{}, error)
	Set(key string, value interface{}, ttl int64) error
	Delete(key string) error
}

CacheAdapter 缓存适配器

type Expression

type Expression struct {
	ID          string    `json:"id"`
	Name        string    `json:"name"`
	Description string    `json:"description"`
	Condition   string    `json:"condition"`
	Effect      string    `json:"effect"`
	Priority    int       `json:"priority"`
	CreatedAt   time.Time `json:"created_at"`
}

Expression 表达式

type PolicyRule

type PolicyRule struct {
	ID          string    `json:"id"`
	Name        string    `json:"name"`
	Description string    `json:"description"`
	Condition   string    `json:"condition"`
	Effect      string    `json:"effect"`
	Priority    int       `json:"priority"`
	CreatedAt   time.Time `json:"created_at"`
}

PolicyRule 策略规则