README
¶
RBAC
Overview
This package provides Role-Based Access Control (RBAC) functionality using Casbin. It allows you to define roles, permissions, and enforce access control in your application.
Getting Started
Step 1: Create a Policy File
Create a policy.csv file to define your roles and permissions. Below is an example:
p, superadmin, *, *
p, admin, /api/v1/admin/*, *
p, user, /api/v1/*, *
pdefines a policy.- The first column is the role.
- The second column is the resource (e.g., URL path).
- The third column is the action (e.g., HTTP method or
*for all actions).
Step 2: Initialize the RBAC Manager
Use the NewManager function to initialize the RBAC manager with the policy file.
import (
"github.com/rizalgowandy/gdk/pkg/rbac"
)
func main() {
policyFile := "path/to/policy.csv"
rbacManager, err := rbac.NewManager(policyFile)
if err != nil {
panic(err)
}
// Use rbacManager in your application
}
Step 3: Use the Middleware
Auth Middleware
The Auth middleware validates JWT tokens and sets the user claims in the context.
import (
"github.com/labstack/echo/v4"
"github.com/rizalgowandy/gdk/pkg/auth"
"github.com/rizalgowandy/gdk/pkg/httpx/echo/middleware"
)
func main() {
e := echo.New()
authOperator := auth.NewOperator("your-secret-key")
e.Use(middleware.Auth(authOperator))
// Define your routes
e.Start(":8080")
}
RBAC Middleware
The RBAC middleware enforces role-based access control based on the user's roles and permissions.
import (
"github.com/labstack/echo/v4"
"github.com/rizalgowandy/gdk/pkg/httpx/echo/middleware"
"github.com/rizalgowandy/gdk/pkg/rbac"
)
func main() {
e := echo.New()
rbacManager, _ := rbac.NewManager("path/to/policy.csv")
authOperator := auth.NewOperator("your-secret-key")
e.Use(middleware.Auth(authOperator))
e.Use(middleware.RBAC(rbacManager, authOperator))
// Define your routes
e.GET("/api/v1/admin/dashboard", func(c echo.Context) error {
return c.JSON(200, map[string]string{"message": "Welcome Admin!"})
})
e.Start(":8080")
}
Notes
- Ensure the
policy.csvfile is accessible and contains the correct permissions. - The
Authmiddleware must be used before theRBACmiddleware to ensure user claims are available for RBAC checks.
Documentation
¶
Index ¶
- type Manager
- func (r *Manager) AddRoleForUser(user, role string) (bool, error)
- func (r *Manager) AssignUserRole(userID int, roleType ...Role) error
- func (r *Manager) DeleteRoleForUser(user, role string) (bool, error)
- func (r *Manager) Enforce(sub, obj, act string) (bool, error)
- func (r *Manager) GetRolesForUser(user string) ([]string, error)
- func (r *Manager) HasRoleForUser(user, role string) (bool, error)
- type Role
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager represents the role-based access control manager
func NewManager ¶
NewManager creates a new RBAC manager It initializes the Casbin enforcer with a model and a policy file. The model defines the structure of the policy, and the policy file contains the actual rules.
Example usage:
policyFile := "pkg/rbac/policy_example.csv"
func (*Manager) AddRoleForUser ¶
AddRoleForUser adds a role for a user
func (*Manager) AssignUserRole ¶
AssignUserRole assigns a role to a user based on the role type It should be called after the user login or signup Usually on login, so when the database is changes, the next login user can get the new role
func (*Manager) DeleteRoleForUser ¶
DeleteRoleForUser removes a role from a user
func (*Manager) GetRolesForUser ¶
GetRolesForUser gets roles for a user
Source Files