README
¶
Role 用户角色模块
提供用户角色管理功能以实现 github.com/herb-go/user 的Authorizer接口
Role 角色对象
角色对象是用户权限的最基础的元素,包括两部分内容,角色名和数据
r:=role.New("rolename")
//添加权限数据
r.AddData("fieldname","data1","data2")
//将role作为用户已经拥有的权限
ownedRoles=[]Role{role1,role2}
//将role作为待验证的权限规则
requiredRole=roleRequired
//判断用户是否拥有给定的权限。
//当用户有匹配的权限(权限名一致,所有的roledata都覆盖)时,返回true,否则返回false
TrueOrFalse,err=requiredRole.Execute(ownedRoles...)
Roles 角色列表对象
角色列表一般代表用户拥有的所有角色信息 //通过角色名列表创建角色列表对象。这种创建方式不能添加角色数据 roles:=role.NewRoles("role1","role2","role3")
//添加角色
roles.Add(role4)
//判断用户是否拥有给定的权限。
//当roles里所有的规则都被用户角色匹配时,返回true,否则返回false
TrueOrFalse,err=roles.Execute(ownedRoles...)
Rule 用户规则及相关操作
用户规则是用于角色权限控制的核心接口,代表被访问的资源需要的权限。
//多个规则进行and操作
rulesAnd=role.And(rule1,rule2,rule3)
//多个规则进行or操作
rulesOr=role.Or(rule2,rule2,rule3)
//not操作
ruleNot=role.Not(rule1)
//使用RuleSet
rs=role.NewRuleSet().
And(rule1,rule2.rule3).
Or(rule4,rule5).
Not()
Service 角色服务
角色服务包含了用户识别器和基于用户的角色获取器,能够直接从http请求中获取当前用户的所有角色
//创建新的角色服务
service:=role.NewService(RoleProvider,Identifier)
//获取当前用户的所有权限
roles,err=service.RolesFromRequest(r)
//传入规则生成器,生成响应权限验证中间件
//第二个参数为空则失败时返回403状态
authorizerMiddleware=service.AuthorizeMiddleware(RuleProvider,nil)
app.Use(authorizerMiddleware)
//根据传入的角色名,生成权限验证中间件
authorizerMiddleware=service.RolesAuthorizeOrForbiddenMiddleware(role1,role2)
app.Use(authorizerMiddleware)
Documentation
¶
Index ¶
- type Authorizer
- type Provider
- type Role
- type Roles
- type Rule
- type RuleAnd
- type RuleNot
- type RuleOr
- type RuleProvider
- type RuleSet
- type Service
- func (s *Service) AuthorizeMiddleware(rs RuleProvider, unauthorizedAction http.HandlerFunc) func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
- func (s *Service) Authorizer(rs RuleProvider) *Authorizer
- func (s *Service) RolesAuthorizeOrForbiddenMiddleware(ruleNames ...string) func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type Authorizer struct {
Service *Service
RuleProvider RuleProvider
}
Authorizer role service authorizer
func (*Authorizer) Authorize ¶
func (a *Authorizer) Authorize(r *http.Request) (bool, error)
Authorize authorized with requestWW
func (*Authorizer) RolesFromRequest ¶
func (a *Authorizer) RolesFromRequest(r *http.Request) (*Roles, error)
RolesFromRequest get roles from request
type Provider ¶
type Provider interface {
//Roles get roles by user id.
//Return user roles and any error if raised.
Roles(uid string) (*Roles, error)
}
Provider roles provider interface
type Role ¶
Role user role main struct
type Roles ¶
type Roles []*Role
Roles type role list
func NewRoles ¶
NewRoles create new roles with given rolesnames. You can't use this method to create roles with data.
type RuleProvider ¶
type RuleProvider interface {
//Rule get rule from http request.
//Return rule and any error if raised.
Rule(*http.Request) (Rule, error)
}
RuleProvider rule provider interface
type RuleSet ¶
type RuleSet struct {
Rule Rule
}
RuleSet a set of rule
type Service ¶
type Service struct {
RoleProvider Provider
Identifier user.Identifier
}
Service role authorize service
func NewService ¶
func NewService(RoleProvider Provider, Identifier user.Identifier) *Service
NewService create new role authorize service with role provider and user Identifier.
func (*Service) AuthorizeMiddleware ¶
func (s *Service) AuthorizeMiddleware(rs RuleProvider, unauthorizedAction http.HandlerFunc) func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
AuthorizeMiddleware middleware which authorize http request. If authorize fail,unauthorizedAction will be executed.
func (*Service) Authorizer ¶
func (s *Service) Authorizer(rs RuleProvider) *Authorizer
Authorizer create authorizer with given rule provider
func (*Service) RolesAuthorizeOrForbiddenMiddleware ¶
func (s *Service) RolesAuthorizeOrForbiddenMiddleware(ruleNames ...string) func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
RolesAuthorizeOrForbiddenMiddleware middleware which authorize http request. If authorize fail,http error forbidden will be executed.
Source Files