123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130 |
- package example_basics
- import (
- "net/http"
- "github.com/ory/ladon"
- "github.com/qor5/admin/presets"
- "github.com/qor5/x/perm"
- )
- func permissionPieces() {
- _ = []interface{}{
-
- perm.Allowed,
-
-
- perm.Denied,
-
-
- presets.PermList,
-
-
- presets.PermGet,
-
-
- presets.PermCreate,
-
-
- presets.PermUpdate,
-
-
- presets.PermDelete,
-
- }
- var Who, Able, What, Something string
- var Context perm.Conditions
-
- perm.PolicyFor(Who).WhoAre(Able).ToDo(What).On(Something).Given(Context)
-
- var permBuilder perm.Builder
- var subjects_like_user_roles []string
-
- permBuilder.SubjectsFunc(func(r *http.Request) []string {
- return subjects_like_user_roles
- })
-
- type resource1 struct {
- Owner string
- }
-
- permBuilder.ContextFunc(func(r *http.Request, objs []interface{}) perm.Context {
- c := make(perm.Context)
- for _, obj := range objs {
- switch v := obj.(type) {
- case resource1:
- c["owner"] = v.Owner
-
- }
- }
- return c
- })
-
-
- perm.PolicyFor(Who).WhoAre(Able).ToDo(What).On("*:resource1:*").Given(perm.Conditions{
- "owner": &ladon.EqualsSubjectCondition{},
- })
-
- var presetsBuilder *presets.Builder
- type User struct {
- ID string
- Roles []string
- }
- var getCurrentUser func(r *http.Request) *User
- type Article struct {
- OwnerID string
- }
-
- presetsBuilder.Permission(
- perm.New().Policies(
-
- perm.PolicyFor("admin").WhoAre(perm.Allowed).ToDo(perm.Anything).On(perm.Anything),
-
- perm.PolicyFor("viewer").WhoAre(perm.Allowed).ToDo(presets.PermRead...).On(perm.Anything),
- perm.PolicyFor("viewer").WhoAre(perm.Denied).ToDo(perm.Anything).On("*:users:*"),
-
- perm.PolicyFor("editor").WhoAre(perm.Allowed).ToDo(perm.Anything).On("*:articles:*").Given(perm.Conditions{
- "owner_id": &ladon.EqualsSubjectCondition{},
- }),
- ).SubjectsFunc(func(r *http.Request) (ss []string) {
- user := getCurrentUser(r)
- ss = append(ss, user.ID)
- ss = append(ss, user.Roles...)
- return ss
- }).ContextFunc(func(r *http.Request, objs []interface{}) perm.Context {
- c := make(perm.Context)
- for _, obj := range objs {
- switch v := obj.(type) {
- case *Article:
- c["owner_id"] = v.OwnerID
- }
- }
- return c
- }),
- )
-
-
- perm.Verbose = true
-
- var r *http.Request
- var user interface{}
-
- verifier := perm.NewVerifier("module_users", presetsBuilder.GetPermission())
-
-
- if verifier.Do("ban").ObjectOn(user).WithReq(r).IsAllowed() == nil {
-
-
- }
-
-
- perm.PolicyFor("super_admin").WhoAre(perm.Allowed).ToDo("ban").On(":module_users:*")
-
- }
|