permissions.go 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. package basics
  2. import (
  3. "fmt"
  4. "strings"
  5. "github.com/qor5/docs/docsrc/generated"
  6. . "github.com/theplant/docgo"
  7. "github.com/theplant/docgo/ch"
  8. )
  9. var Permissions = Doc(
  10. Markdown(`
  11. QOR5 permission is based on https://github.com/ory/ladon.
  12. A piece of policy looks like this:
  13. **Who** is **able** to do **what** on **something** (with given some **context**)
  14. `),
  15. ch.Code(generated.PermissionSyntax).Language("go"),
  16. Markdown(fmt.Sprintf(`
  17. ## Who - Subject
  18. Typically in admin system, they are roles like %s, %s.
  19. Use %s to fetch current subjects:
  20. `, "`Admin`", "`Super Admin`", "`SubjectsFunc`")),
  21. ch.Code(generated.PermissionSubjectsFunc).Language("go"),
  22. Markdown(fmt.Sprintf(`
  23. ## Able - Effect
  24. - %s
  25. - %s
  26. ## What - Action
  27. presets has a list of actions:
  28. - %s
  29. - %s
  30. - %s
  31. - %s
  32. - %s
  33. And you can define other specific actions if needed.
  34. ## Something - Resource
  35. An arbitrary unique resource name.
  36. The presets builtin resource format is %s.
  37. For example %s represents the user record with id 1 under uri user_management.
  38. Use %s as wildcard.
  39. ## Context - Condition
  40. Optional.
  41. The current context that containing condition information about the resource.
  42. Use %s to set the context:
  43. `,
  44. strings.TrimRight(generated.PermissionAllowed, ","),
  45. strings.TrimRight(generated.PermissionDenied, ","),
  46. strings.TrimRight(generated.PermissionPermList, ","),
  47. strings.TrimRight(generated.PermissionPermGet, ","),
  48. strings.TrimRight(generated.PermissionPermCreate, ","),
  49. strings.TrimRight(generated.PermissionPermUpdate, ","),
  50. strings.TrimRight(generated.PermissionPermDelete, ","),
  51. "`:presets:mg_menu_group:uri:resource_rn:f_field:`",
  52. "`:presets:user_management:users:1:`",
  53. "`*`",
  54. "`ContextFunc`",
  55. )),
  56. ch.Code(generated.PermissionContextFunc).Language("go"),
  57. Markdown(fmt.Sprintf(`
  58. Policy uses %s to set conditions:
  59. `, "`Given`")),
  60. ch.Code(generated.PermissionGivenFunc).Language("go"),
  61. Markdown(fmt.Sprintf(`
  62. ## Custom Action
  63. Let's say there is a button on User detailing page used to ban the user. And only %s users have permission to execute this action.
  64. First, create a verifier
  65. `, "`super_admin`")),
  66. ch.Code(generated.PermissionNewVerifier).Language("go"),
  67. Markdown(fmt.Sprintf(`
  68. Then inject this verifier to relevant logic, such as
  69. - whether to show the ban button.
  70. - validate permission before execute the ban action.
  71. `)),
  72. ch.Code(generated.PermissionVerifierCheck).Language("go"),
  73. Markdown(`
  74. Finally, add policy
  75. `),
  76. ch.Code(generated.PermissionAddCustomPolicy).Language("go"),
  77. Markdown(`
  78. ## Example
  79. `),
  80. ch.Code(generated.PermissionExample).Language("go"),
  81. Markdown(`
  82. ## Debug
  83. `),
  84. ch.Code(generated.PermissionVerbose).Language("go"),
  85. Markdown(`
  86. prints permission logs which is very helpful for debugging the permission policies:
  87. `),
  88. ch.Code(`
  89. have permission: true, req: &ladon.Request{Resource:":presets:articles:", Action:"presets:list", Subject:"viewer", Context:ladon.Context(nil)}
  90. have permission: true, req: &ladon.Request{Resource:":presets:articles:articles:1:", Action:"presets:update", Subject:"viewer", Context:ladon.Context(nil)}
  91. have permission: false, req: &ladon.Request{Resource:":presets:articles:articles:2:", Action:"presets:update", Subject:"viewer", Context:ladon.Context(nil)}
  92. `).Language("plain"),
  93. ).Title("Permissions").
  94. Slug("presets-guide/permissions")