diff --git a/rbac.go b/rbac.go new file mode 100644 index 0000000..3a85062 --- /dev/null +++ b/rbac.go @@ -0,0 +1,211 @@ +package rbac + +const ( + SubNull Subject = "" + AtrDefault Atribute = "*" +) + +type Subject string +type Object string +type Action string +type Atribute string + +// Filter defines the filtering +type RbacList struct { + P []RbacRuleP + G []RbacRuleG +} + +type RbacRule struct { + P RbacRuleP + G RbacRuleG +} + +// CasbinRule is the model for casbin rule +type RbacRuleP struct { + Sub Subject + Obj Object + Act Action + Atr Atribute +} + +// CasbinRule is the model for casbin rule +type RbacRuleG struct { + Sub1 Subject + Sub2 Subject +} + +// Initialize policy enforce +func NewRbacRule() *RbacList { + rbac := new(RbacList) + + return rbac +} + +//Add policy in table P (policy) +func (r *RbacList) AddDefP(sub Subject, obj Object, act Action, atr ...Atribute) { + + rb := NewRbacRuleP(sub.String(), obj, act, atr...) + + rr := RbacRuleP{ + Sub: rb.P.Sub, + Obj: rb.P.Obj, + Act: rb.P.Act, + Atr: rb.P.Atr, + } + + r.P = append(r.P, rr) +} + +//Add policy in table P (policy) +func (r *RbacList) AddDefG(sub1 Subject, sub2 Subject) { + + rr := RbacRuleG{ + Sub1: Subject(sub1), + Sub2: sub2, + } + + r.G = append(r.G, rr) +} + +func (r *RbacRuleP) String() string { + + return r.Sub.String() + ", " + r.Obj.String() + ", " + r.Act.String() + ", " + r.Atr.String() + +} + +func (r *RbacRuleG) String() string { + + return r.Sub1.String() + ", " + r.Sub2.String() + +} + +// Converted EnforcesPolicy To String +func (r *RbacList) String() string { + var str string + + if len(r.P) > 0 { + for _, p := range r.P { + str = str + p.String() + "\n" + + } + } + + if len(r.G) > 0 { + for _, g := range r.G { + str = str + g.String() + "\n" + + } + } + return str +} + +func (s Subject) String() string { + + b := []byte(s) + + return string(b) +} + +func (o Object) String() string { + + b := []byte(o) + + return string(b) +} + +func (a Action) String() string { + + b := []byte(a) + + return string(b) +} + +func (a Atribute) String() string { + + b := []byte(a) + + return string(b) +} + +func NewSubject(login string) Subject { + + s := Subject(login) + return s +} + +func NewRbacRuleP(police string, obj Object, act Action, atr ...Atribute) RbacRule { + var rule RbacRule + var atrList Atribute + if len(atr) == 0 { + atrList = AtrDefault + } else { + atrList = atr[0] + } + rule.G.Sub1 = SubNull + rule.P.Sub = NewSubject(police) + rule.P.Obj = obj + rule.P.Act = act + rule.P.Atr = atrList + return rule +} + +func NewRbacRuleG(login string, sub Subject) RbacRule { + var rule RbacRule + rule.P.Sub = SubNull + rule.G.Sub1 = NewSubject(login) + rule.G.Sub2 = sub + return rule +} + +// Enforced +func (r *RbacList) Enforce(login string, obj Object, act Action) *Atribute { + + // Detected policy list for login + for _, enf := range r.P { + if login == enf.Sub.String() && enf.Obj == obj && enf.Act == act { + return &enf.Atr + } + } + + // Detected policy list for group + var listP []RbacRuleP + + listG := listEnforce(login, r) + + for _, lG := range listG { + for _, rdbP := range r.P { + if lG == rdbP.Sub || login == rdbP.Sub.String() { + listP = append(listP, rdbP) + } + } + } + + for _, enf := range listP { + if enf.Obj == obj && enf.Act == act { + return &enf.Atr + } + } + + return nil +} + +// List Enforced for iterated +func listEnforce(login string, rules *RbacList) []Subject { + var listG []Subject + + for _, rdbG := range rules.G { + if login == rdbG.Sub1.String() { + listG = append(listG, rdbG.Sub2) + } + } + + for _, listFull := range listG { + if login != listFull.String() { + lG := listEnforce(listFull.String(), rules) + listG = append(listG, lG...) + } + } + + return listG +}