Documentation
¶
Index ¶
- Variables
- func NewSimpleCacheAdapter() rbac.CacheAdapter
- type CacheError
- type PermissionManager
- func (m *PermissionManager) AddRolePermission(ctx context.Context, roleCode string, domain string, resource string, ...) error
- func (m *PermissionManager) AssignRoleToUser(ctx context.Context, userUUID string, roleCode string, domain string) error
- func (m *PermissionManager) CheckABACPermission(ctx context.Context, userAttrs map[string]any, resourceAttrs map[string]any, ...) (bool, error)
- func (m *PermissionManager) CheckUserPermission(ctx context.Context, userUUID string, domain string, resource string, ...) (bool, error)
- func (m *PermissionManager) CreateABACPolicy(ctx context.Context, rule abac.PolicyRule) error
- func (m *PermissionManager) CreateUnifiedAuthMiddleware(config frameAuth.AuthConfig, apiKeyStore frameAuth.APIKeyStore) *frameAuth.UnifiedAuthMiddleware
- func (m *PermissionManager) Enforcer() *casbinlib.Enforcer
- func (m *PermissionManager) GetRolePermissions(ctx context.Context, roleCode, domain string) ([]*rbac.Permission, error)
- func (m *PermissionManager) GetUserRoles(ctx context.Context, userUUID, domain string) ([]*rbac.Role, error)
- func (m *PermissionManager) LoadPolicy() error
- func (m *PermissionManager) RemoveRolePermission(ctx context.Context, roleCode string, domain string, resource string, ...) error
- func (m *PermissionManager) RevokeRoleFromUser(ctx context.Context, userUUID string, roleCode string, domain string) error
- func (m *PermissionManager) SavePolicy() error
- func (m *PermissionManager) SyncRolePermissions(ctx context.Context, roleCode string, domain string, ...) error
- type SimpleCacheAdapter
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrCacheNotFound = &CacheError{Message: "cache not found"} ErrCacheExpired = &CacheError{Message: "cache expired"} )
缓存错误定义
Functions ¶
func NewSimpleCacheAdapter ¶
func NewSimpleCacheAdapter() rbac.CacheAdapter
NewSimpleCacheAdapter 创建简单缓存适配器
Types ¶
type CacheError ¶
type CacheError struct {
Message string
}
CacheError 缓存错误
func (*CacheError) Error ¶
func (e *CacheError) Error() string
type PermissionManager ¶
type PermissionManager struct {
RBACManager *rbac.RBACManager
ABACManager *abac.ABACManager
// contains filtered or unexported fields
}
PermissionManager 权限管理器 封装 framework/auth 的 RBAC/ABAC 功能,提供统一的权限管理接口
func NewPermissionManager ¶
func NewPermissionManager( authCore *frameAuth.AuthCore, logger logging.Logger, ) (*PermissionManager, error)
NewPermissionManager 创建权限管理器 参数:
- authCore: framework/auth 实例(已初始化)
- logger: 日志记录器
func (*PermissionManager) AddRolePermission ¶
func (m *PermissionManager) AddRolePermission( ctx context.Context, roleCode string, domain string, resource string, action string, ) error
AddRolePermission 为角色添加权限 参数:
- ctx: 上下文
- roleCode: 角色代码
- domain: 域 (platform 或 tenant:{id})
- resource: 资源标识
- action: 操作类型
func (*PermissionManager) AssignRoleToUser ¶
func (m *PermissionManager) AssignRoleToUser(ctx context.Context, userUUID string, roleCode string, domain string) error
AssignRoleToUser 分配角色给用户 参数:
- ctx: 上下文
- userUUID: 用户 UUID
- roleCode: 角色代码 (如 "admin", "user", "guest")
- domain: 域 (platform 或 tenant:{id})
func (*PermissionManager) CheckABACPermission ¶
func (m *PermissionManager) CheckABACPermission( ctx context.Context, userAttrs map[string]any, resourceAttrs map[string]any, action string, contextAttrs map[string]any, ) (bool, error)
CheckABACPermission 检查基于属性的权限
func (*PermissionManager) CheckUserPermission ¶
func (m *PermissionManager) CheckUserPermission( ctx context.Context, userUUID string, domain string, resource string, action string, ) (bool, error)
CheckUserPermission 检查用户是否有权限访问指定资源 参数:
- ctx: 上下文
- userUUID: 用户 UUID
- domain: 域 (platform 或 tenant:{id})
- resource: 资源标识 (如 "user", "role", "menu")
- action: 操作类型 (如 "read", "write", "delete")
返回:
- bool: 是否有权限
- error: 错误信息
func (*PermissionManager) CreateABACPolicy ¶
func (m *PermissionManager) CreateABACPolicy(ctx context.Context, rule abac.PolicyRule) error
CreateABACPolicy 创建 ABAC 策略
func (*PermissionManager) CreateUnifiedAuthMiddleware ¶
func (m *PermissionManager) CreateUnifiedAuthMiddleware( config frameAuth.AuthConfig, apiKeyStore frameAuth.APIKeyStore, ) *frameAuth.UnifiedAuthMiddleware
CreateUnifiedAuthMiddleware 创建统一认证中间件 集成 JWT、API Key、RBAC、ABAC 等所有认证和授权功能
func (*PermissionManager) Enforcer ¶
func (m *PermissionManager) Enforcer() *casbinlib.Enforcer
Enforcer returns the underlying Casbin enforcer for advanced policy operations.
func (*PermissionManager) GetRolePermissions ¶
func (m *PermissionManager) GetRolePermissions(ctx context.Context, roleCode, domain string) ([]*rbac.Permission, error)
GetRolePermissions 获取角色的所有权限
func (*PermissionManager) GetUserRoles ¶
func (m *PermissionManager) GetUserRoles(ctx context.Context, userUUID, domain string) ([]*rbac.Role, error)
GetUserRoles 获取用户的所有角色
func (*PermissionManager) LoadPolicy ¶
func (m *PermissionManager) LoadPolicy() error
LoadPolicy 从数据库加载策略到内存
func (*PermissionManager) RemoveRolePermission ¶
func (m *PermissionManager) RemoveRolePermission( ctx context.Context, roleCode string, domain string, resource string, action string, ) error
RemoveRolePermission 移除角色的权限
func (*PermissionManager) RevokeRoleFromUser ¶
func (m *PermissionManager) RevokeRoleFromUser(ctx context.Context, userUUID string, roleCode string, domain string) error
RevokeRoleFromUser 撤销用户角色
func (*PermissionManager) SavePolicy ¶
func (m *PermissionManager) SavePolicy() error
SavePolicy 保存策略到数据库
func (*PermissionManager) SyncRolePermissions ¶
func (m *PermissionManager) SyncRolePermissions( ctx context.Context, roleCode string, domain string, permissions []rbac.Permission, ) error
SyncRolePermissions 同步角色权限到 Casbin 用于批量更新角色权限,会先清除旧权限再添加新权限
type SimpleCacheAdapter ¶
type SimpleCacheAdapter struct {
// contains filtered or unexported fields
}
SimpleCacheAdapter 简单的内存缓存适配器 实现 framework/auth/rbac.CacheAdapter 接口
func (*SimpleCacheAdapter) Delete ¶
func (c *SimpleCacheAdapter) Delete(key string) error
Delete 删除缓存
Source Files
Click to show internal directories.
Click to hide internal directories.