package rbac const ( SubNull Subject = "" AtrDefault Atribute = "*" ) type Subject string type Object string type Action string type Atribute string // Filter defines the filtering type RbacList struct { P []RbacRuleP G []RbacRuleG } type RbacRule struct { P RbacRuleP G RbacRuleG } // CasbinRule is the model for casbin rule type RbacRuleP struct { Sub Subject Obj Object Act Action Atr Atribute } // CasbinRule is the model for casbin rule type RbacRuleG struct { Sub1 Subject Sub2 Subject } // Initialize policy enforce func NewRbacRule() *RbacList { rbac := new(RbacList) return rbac } //Add policy in table P (policy) func (r *RbacList) AddDefP(sub Subject, obj Object, act Action, atr ...Atribute) { rb := NewRbacRuleP(sub.String(), obj, act, atr...) rr := RbacRuleP{ Sub: rb.P.Sub, Obj: rb.P.Obj, Act: rb.P.Act, Atr: rb.P.Atr, } r.P = append(r.P, rr) } //Add policy in table P (policy) func (r *RbacList) AddDefG(sub1 Subject, sub2 Subject) { rr := RbacRuleG{ Sub1: Subject(sub1), Sub2: sub2, } r.G = append(r.G, rr) } func (r *RbacRuleP) String() string { return r.Sub.String() + ", " + r.Obj.String() + ", " + r.Act.String() + ", " + r.Atr.String() } func (r *RbacRuleG) String() string { return r.Sub1.String() + ", " + r.Sub2.String() } // Converted EnforcesPolicy To String func (r *RbacList) String() string { var str string if len(r.P) > 0 { for _, p := range r.P { str = str + p.String() + "\n" } } if len(r.G) > 0 { for _, g := range r.G { str = str + g.String() + "\n" } } return str } func (s Subject) String() string { b := []byte(s) return string(b) } func (o Object) String() string { b := []byte(o) return string(b) } func (a Action) String() string { b := []byte(a) return string(b) } func (a Atribute) String() string { b := []byte(a) return string(b) } func NewSubject(login string) Subject { s := Subject(login) return s } func NewRbacRuleP(police string, obj Object, act Action, atr ...Atribute) RbacRule { var rule RbacRule var atrList Atribute if len(atr) == 0 { atrList = AtrDefault } else { atrList = atr[0] } rule.G.Sub1 = SubNull rule.P.Sub = NewSubject(police) rule.P.Obj = obj rule.P.Act = act rule.P.Atr = atrList return rule } func NewRbacRuleG(login string, sub Subject) RbacRule { var rule RbacRule rule.P.Sub = SubNull rule.G.Sub1 = NewSubject(login) rule.G.Sub2 = sub return rule } // Enforced func (r *RbacList) Enforce(login string, obj Object, act Action) *Atribute { // Detected policy list for login for _, enf := range r.P { if login == enf.Sub.String() && enf.Obj == obj && enf.Act == act { return &enf.Atr } } // Detected policy list for group var listP []RbacRuleP listG := listEnforce(login, r) for _, lG := range listG { for _, rdbP := range r.P { if lG == rdbP.Sub || login == rdbP.Sub.String() { listP = append(listP, rdbP) } } } for _, enf := range listP { if enf.Obj == obj && enf.Act == act { return &enf.Atr } } return nil } // List Enforced for iterated func listEnforce(login string, rules *RbacList) []Subject { var listG []Subject for _, rdbG := range rules.G { if login == rdbG.Sub1.String() { listG = append(listG, rdbG.Sub2) } } for _, listFull := range listG { if login != listFull.String() { lG := listEnforce(listFull.String(), rules) listG = append(listG, lG...) } } return listG }