README
¶
Mithril RBAC Example
This example demonstrates Role-Based Access Control (RBAC) and Access Control Lists (ACL) in the Mithril framework.
Features Demonstrated
- Role management (Admin, Moderator, User, Guest)
- Permission management (CRUD operations on resources)
- User-role associations
- Role-permission associations
- Direct user permissions
- Route protection with roles and permissions
- Database-backed RBAC
Running the Example
# Start the server
go run example-rbac/main.go
The server will start on http://localhost:3005.
Database
The example uses SQLite for simplicity. On first run, it will:
- Create the database schema
- Seed default roles and permissions
- Create test users
Test Users
- admin@example.com - Admin role (all permissions)
- moderator@example.com - Moderator role (limited permissions)
- user@example.com - User role (basic permissions)
API Endpoints
Public Endpoints
# Get API information
curl http://localhost:3005/
# Public endpoint (no auth required)
curl http://localhost:3005/public
Authentication (Simplified)
# Login (simplified for example)
curl -X POST http://localhost:3005/login \
-H "Content-Type: application/json" \
-d '{"email":"admin@example.com"}'
Protected Endpoints
The example uses a simplified auth system where you pass the email as a query parameter or header.
# List users (requires: user.list permission)
curl "http://localhost:3005/users?email=admin@example.com"
# Create user (requires: user.create permission)
curl -X POST "http://localhost:3005/users?email=admin@example.com"
# Admin panel (requires: admin role)
curl "http://localhost:3005/admin?email=admin@example.com"
# Moderator panel (requires: moderator or admin role)
curl "http://localhost:3005/moderator?email=admin@example.com"
RBAC API Usage
Creating Roles
import "github.com/mithril-framework/mithril/pkg/acl"
rbac := acl.NewRBAC(db)
role := &models.Role{
Name: "Editor",
Slug: "editor",
Description: "Content editor",
}
rbac.CreateRole(role)
Creating Permissions
permission := &models.Permission{
Name: "Edit Articles",
Slug: "article.edit",
Resource: "article",
Action: "edit",
Description: "Can edit articles",
}
rbac.CreatePermission(permission)
Assigning Roles to Users
rbac.AssignRoleToUser(userID, roleID)
Assigning Permissions to Roles
rbac.AssignPermissionToRole(roleID, permissionID)
Giving Direct Permissions to Users
rbac.GivePermissionToUser(userID, permissionID)
Middleware Usage
Require Specific Role
app.Get("/admin",
middleware.RequireRole("admin"),
func(c *fiber.Ctx) error {
return c.JSON(fiber.Map{"message": "Admin only"})
})
Require Any Role
app.Get("/staff",
middleware.RequireAnyRole("admin", "moderator"),
func(c *fiber.Ctx) error {
return c.JSON(fiber.Map{"message": "Staff area"})
})
Require Specific Permission
app.Post("/articles",
middleware.RequirePermission("article.create"),
func(c *fiber.Ctx) error {
return c.JSON(fiber.Map{"message": "Article created"})
})
Require Any Permission
app.Get("/content",
middleware.RequireAnyPermission("article.read", "page.read"),
func(c *fiber.Ctx) error {
return c.JSON(fiber.Map{"message": "Content access"})
})
Model Methods
User Model
// Check if user has a role
user.HasRole("admin") // returns bool
// Check if user has a permission
user.HasPermission("user.create") // returns bool
// Get all permissions (direct + from roles)
permissions := user.GetAllPermissions() // returns []string
// Assign a role
user.AssignRole(db, role)
// Remove a role
user.RemoveRole(db, role)
// Give direct permission
user.GivePermission(db, permission)
// Revoke direct permission
user.RevokePermission(db, permission)
Role Model
// Check if role has permission
role.HasPermission("user.create") // returns bool
// Add permission to role
role.AddPermission(db, permission)
// Remove permission from role
role.RemovePermission(db, permission)
// Sync permissions (replace all)
role.SyncPermissions(db, []*Permission{perm1, perm2})
Default Roles
- admin - Administrator with full access
- moderator - Moderator with limited access
- user - Regular user
- guest - Guest with minimal access
Default Permissions
User Permissions
user.create- Create usersuser.read- Read user datauser.update- Update usersuser.delete- Delete usersuser.list- List users
Role Permissions
role.create- Create rolesrole.read- Read rolesrole.update- Update rolesrole.delete- Delete rolesrole.list- List roles
Permission Permissions
permission.create- Create permissionspermission.read- Read permissionspermission.update- Update permissionspermission.delete- Delete permissionspermission.list- List permissions
CLI Commands
Mithril provides CLI commands for RBAC management:
# Create a role
./artisan make:role editor --slug=editor --description="Content Editor"
# Create a permission
./artisan make:permission edit_articles --slug=article.edit --resource=article --action=edit
# Assign role to user
./artisan assign:role editor user@example.com
# Assign permission to role
./artisan assign:permission article.edit editor
# List all roles
./artisan role:list
# List all permissions
./artisan permission:list
# Show user permissions
./artisan user:permissions user@example.com
# Seed default RBAC data
./artisan rbac:seed
Production Considerations
- JWT Authentication: Replace the mock auth middleware with proper JWT
- Database: Use PostgreSQL or MySQL in production
- Caching: Cache role/permission checks for performance
- Audit Log: Track permission changes
- Hierarchical Roles: Implement role inheritance if needed
- Dynamic Permissions: Allow creating permissions at runtime
- UI: Build admin panel for managing roles/permissions
Next Steps
- Implement hierarchical roles (role inheritance)
- Add resource-level permissions (e.g., can edit own posts)
- Add time-based permissions (temporary access)
- Create admin dashboard for RBAC management
- Add permission groups/categories
- Implement permission wildcards (e.g.,
article.*)
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.