policy/rbac/rbac.go

package rbac

const (
	SubNull    Subject  = ""
	AtrDefault Atribute = "*"
)

type Subject string
type Object string
type Action string
type Atribute string

// Filter defines the filtering
type RbacList struct {
	P []RbacRuleP
	G []RbacRuleG
}

type RbacRule struct {
	P RbacRuleP
	G RbacRuleG
}

// CasbinRule is the model for casbin rule
type RbacRuleP struct {
	Sub Subject
	Obj Object
	Act Action
	Atr Atribute
}

// CasbinRule is the model for casbin rule
type RbacRuleG struct {
	Sub1 Subject
	Sub2 Subject
}

// Initialize policy enforce
func NewRbacRule() *RbacList {
	rbac := new(RbacList)

	return rbac
}

//Add policy in table P (policy)
func (r *RbacList) AddDefP(sub Subject, obj Object, act Action, atr ...Atribute) {

	rb := NewRbacRuleP(sub.String(), obj, act, atr...)

	rr := RbacRuleP{
		Sub: rb.P.Sub,
		Obj: rb.P.Obj,
		Act: rb.P.Act,
		Atr: rb.P.Atr,
	}

	r.P = append(r.P, rr)
}

//Add policy in table P (policy)
func (r *RbacList) AddDefG(sub1 Subject, sub2 Subject) {

	rr := RbacRuleG{
		Sub1: Subject(sub1),
		Sub2: sub2,
	}

	r.G = append(r.G, rr)
}

func (r *RbacRuleP) String() string {

	return r.Sub.String() + ", " + r.Obj.String() + ", " + r.Act.String() + ", " + r.Atr.String()

}

func (r *RbacRuleG) String() string {

	return r.Sub1.String() + ", " + r.Sub2.String()

}

// Converted EnforcesPolicy To String
func (r *RbacList) String() string {
	var str string

	if len(r.P) > 0 {
		for _, p := range r.P {
			str = str + p.String() + "\n"

		}
	}

	if len(r.G) > 0 {
		for _, g := range r.G {
			str = str + g.String() + "\n"

		}
	}
	return str
}

func (s Subject) String() string {

	b := []byte(s)

	return string(b)
}

func (o Object) String() string {

	b := []byte(o)

	return string(b)
}

func (a Action) String() string {

	b := []byte(a)

	return string(b)
}

func (a Atribute) String() string {

	b := []byte(a)

	return string(b)
}

func NewSubject(login string) Subject {

	s := Subject(login)
	return s
}

func NewRbacRuleP(police string, obj Object, act Action, atr ...Atribute) RbacRule {
	var rule RbacRule
	var atrList Atribute
	if len(atr) == 0 {
		atrList = AtrDefault
	} else {
		atrList = atr[0]
	}
	rule.G.Sub1 = SubNull
	rule.P.Sub = NewSubject(police)
	rule.P.Obj = obj
	rule.P.Act = act
	rule.P.Atr = atrList
	return rule
}

func NewRbacRuleG(login string, sub Subject) RbacRule {
	var rule RbacRule
	rule.P.Sub = SubNull
	rule.G.Sub1 = NewSubject(login)
	rule.G.Sub2 = sub
	return rule
}

// Enforced
func (r *RbacList) Enforce(login string, obj Object, act Action) *Atribute {

	// Detected policy list for login
	for _, enf := range r.P {
		if login == enf.Sub.String() && enf.Obj == obj && enf.Act == act {
			return &enf.Atr
		}
	}

	// Detected policy list for group
	var listP []RbacRuleP

	listG := listEnforce(login, r)

	for _, lG := range listG {
		for _, rdbP := range r.P {
			if lG == rdbP.Sub || login == rdbP.Sub.String() {
				listP = append(listP, rdbP)
			}
		}
	}

	for _, enf := range listP {
		if enf.Obj == obj && enf.Act == act {
			return &enf.Atr
		}
	}

	return nil
}

// List Enforced for iterated
func listEnforce(login string, rules *RbacList) []Subject {
	var listG []Subject

	for _, rdbG := range rules.G {
		if login == rdbG.Sub1.String() {
			listG = append(listG, rdbG.Sub2)
		}
	}

	for _, listFull := range listG {
		if login != listFull.String() {
			lG := listEnforce(listFull.String(), rules)
			listG = append(listG, lG...)
		}
	}

	return listG
}
Добавление rback 2022-07-30 11:53:46 +03:00			`package rbac`

			`const (`
			`SubNull Subject = ""`
			`AtrDefault Atribute = "*"`
			`)`

			`type Subject string`
			`type Object string`
			`type Action string`
			`type Atribute string`

			`// Filter defines the filtering`
			`type RbacList struct {`
			`P []RbacRuleP`
			`G []RbacRuleG`
			`}`

			`type RbacRule struct {`
			`P RbacRuleP`
			`G RbacRuleG`
			`}`

			`// CasbinRule is the model for casbin rule`
			`type RbacRuleP struct {`
			`Sub Subject`
			`Obj Object`
			`Act Action`
			`Atr Atribute`
			`}`

			`// CasbinRule is the model for casbin rule`
			`type RbacRuleG struct {`
			`Sub1 Subject`
			`Sub2 Subject`
			`}`

			`// Initialize policy enforce`
			`func NewRbacRule() *RbacList {`
			`rbac := new(RbacList)`

			`return rbac`
			`}`

			`//Add policy in table P (policy)`
			`func (r *RbacList) AddDefP(sub Subject, obj Object, act Action, atr ...Atribute) {`

			`rb := NewRbacRuleP(sub.String(), obj, act, atr...)`

			`rr := RbacRuleP{`
			`Sub: rb.P.Sub,`
			`Obj: rb.P.Obj,`
			`Act: rb.P.Act,`
			`Atr: rb.P.Atr,`
			`}`

			`r.P = append(r.P, rr)`
			`}`

			`//Add policy in table P (policy)`
			`func (r *RbacList) AddDefG(sub1 Subject, sub2 Subject) {`

			`rr := RbacRuleG{`
			`Sub1: Subject(sub1),`
			`Sub2: sub2,`
			`}`

			`r.G = append(r.G, rr)`
			`}`

			`func (r *RbacRuleP) String() string {`

			`return r.Sub.String() + ", " + r.Obj.String() + ", " + r.Act.String() + ", " + r.Atr.String()`

			`}`

			`func (r *RbacRuleG) String() string {`

			`return r.Sub1.String() + ", " + r.Sub2.String()`

			`}`

			`// Converted EnforcesPolicy To String`
			`func (r *RbacList) String() string {`
			`var str string`

			`if len(r.P) > 0 {`
			`for _, p := range r.P {`
			`str = str + p.String() + "\n"`

			`}`
			`}`

			`if len(r.G) > 0 {`
			`for _, g := range r.G {`
			`str = str + g.String() + "\n"`

			`}`
			`}`
			`return str`
			`}`

			`func (s Subject) String() string {`

			`b := []byte(s)`

			`return string(b)`
			`}`

			`func (o Object) String() string {`

			`b := []byte(o)`

			`return string(b)`
			`}`

			`func (a Action) String() string {`

			`b := []byte(a)`

			`return string(b)`
			`}`

			`func (a Atribute) String() string {`

			`b := []byte(a)`

			`return string(b)`
			`}`

			`func NewSubject(login string) Subject {`

			`s := Subject(login)`
			`return s`
			`}`

			`func NewRbacRuleP(police string, obj Object, act Action, atr ...Atribute) RbacRule {`
			`var rule RbacRule`
			`var atrList Atribute`
			`if len(atr) == 0 {`
			`atrList = AtrDefault`
			`} else {`
			`atrList = atr[0]`
			`}`
			`rule.G.Sub1 = SubNull`
			`rule.P.Sub = NewSubject(police)`
			`rule.P.Obj = obj`
			`rule.P.Act = act`
			`rule.P.Atr = atrList`
			`return rule`
			`}`

			`func NewRbacRuleG(login string, sub Subject) RbacRule {`
			`var rule RbacRule`
			`rule.P.Sub = SubNull`
			`rule.G.Sub1 = NewSubject(login)`
			`rule.G.Sub2 = sub`
			`return rule`
			`}`

			`// Enforced`
			`func (r RbacList) Enforce(login string, obj Object, act Action) Atribute {`

			`// Detected policy list for login`
			`for _, enf := range r.P {`
			`if login == enf.Sub.String() && enf.Obj == obj && enf.Act == act {`
			`return &enf.Atr`
			`}`
			`}`

			`// Detected policy list for group`
			`var listP []RbacRuleP`

			`listG := listEnforce(login, r)`

			`for _, lG := range listG {`
			`for _, rdbP := range r.P {`
			`if lG == rdbP.Sub \|\| login == rdbP.Sub.String() {`
			`listP = append(listP, rdbP)`
			`}`
			`}`
			`}`

			`for _, enf := range listP {`
			`if enf.Obj == obj && enf.Act == act {`
			`return &enf.Atr`
			`}`
			`}`

			`return nil`
			`}`

			`// List Enforced for iterated`
			`func listEnforce(login string, rules *RbacList) []Subject {`
			`var listG []Subject`

			`for _, rdbG := range rules.G {`
			`if login == rdbG.Sub1.String() {`
			`listG = append(listG, rdbG.Sub2)`
			`}`
			`}`

			`for _, listFull := range listG {`
			`if login != listFull.String() {`
			`lG := listEnforce(listFull.String(), rules)`
			`listG = append(listG, lG...)`
			`}`
			`}`

			`return listG`
			`}`