212 lines
3.4 KiB
Go
212 lines
3.4 KiB
Go
package rbac
|
|
|
|
const (
|
|
SubNull Subject = ""
|
|
AtrDefault Atribute = "*"
|
|
)
|
|
|
|
type Subject string
|
|
type Object string
|
|
type Action string
|
|
type Atribute string
|
|
|
|
// Filter defines the filtering
|
|
type RbacList struct {
|
|
P []RbacRuleP
|
|
G []RbacRuleG
|
|
}
|
|
|
|
type RbacRule struct {
|
|
P RbacRuleP
|
|
G RbacRuleG
|
|
}
|
|
|
|
// CasbinRule is the model for casbin rule
|
|
type RbacRuleP struct {
|
|
Sub Subject
|
|
Obj Object
|
|
Act Action
|
|
Atr Atribute
|
|
}
|
|
|
|
// CasbinRule is the model for casbin rule
|
|
type RbacRuleG struct {
|
|
Sub1 Subject
|
|
Sub2 Subject
|
|
}
|
|
|
|
// Initialize policy enforce
|
|
func NewRbacRule() *RbacList {
|
|
rbac := new(RbacList)
|
|
|
|
return rbac
|
|
}
|
|
|
|
//Add policy in table P (policy)
|
|
func (r *RbacList) AddDefP(sub Subject, obj Object, act Action, atr ...Atribute) {
|
|
|
|
rb := NewRbacRuleP(sub.String(), obj, act, atr...)
|
|
|
|
rr := RbacRuleP{
|
|
Sub: rb.P.Sub,
|
|
Obj: rb.P.Obj,
|
|
Act: rb.P.Act,
|
|
Atr: rb.P.Atr,
|
|
}
|
|
|
|
r.P = append(r.P, rr)
|
|
}
|
|
|
|
//Add policy in table P (policy)
|
|
func (r *RbacList) AddDefG(sub1 Subject, sub2 Subject) {
|
|
|
|
rr := RbacRuleG{
|
|
Sub1: Subject(sub1),
|
|
Sub2: sub2,
|
|
}
|
|
|
|
r.G = append(r.G, rr)
|
|
}
|
|
|
|
func (r *RbacRuleP) String() string {
|
|
|
|
return r.Sub.String() + ", " + r.Obj.String() + ", " + r.Act.String() + ", " + r.Atr.String()
|
|
|
|
}
|
|
|
|
func (r *RbacRuleG) String() string {
|
|
|
|
return r.Sub1.String() + ", " + r.Sub2.String()
|
|
|
|
}
|
|
|
|
// Converted EnforcesPolicy To String
|
|
func (r *RbacList) String() string {
|
|
var str string
|
|
|
|
if len(r.P) > 0 {
|
|
for _, p := range r.P {
|
|
str = str + p.String() + "\n"
|
|
|
|
}
|
|
}
|
|
|
|
if len(r.G) > 0 {
|
|
for _, g := range r.G {
|
|
str = str + g.String() + "\n"
|
|
|
|
}
|
|
}
|
|
return str
|
|
}
|
|
|
|
func (s Subject) String() string {
|
|
|
|
b := []byte(s)
|
|
|
|
return string(b)
|
|
}
|
|
|
|
func (o Object) String() string {
|
|
|
|
b := []byte(o)
|
|
|
|
return string(b)
|
|
}
|
|
|
|
func (a Action) String() string {
|
|
|
|
b := []byte(a)
|
|
|
|
return string(b)
|
|
}
|
|
|
|
func (a Atribute) String() string {
|
|
|
|
b := []byte(a)
|
|
|
|
return string(b)
|
|
}
|
|
|
|
func NewSubject(login string) Subject {
|
|
|
|
s := Subject(login)
|
|
return s
|
|
}
|
|
|
|
func NewRbacRuleP(police string, obj Object, act Action, atr ...Atribute) RbacRule {
|
|
var rule RbacRule
|
|
var atrList Atribute
|
|
if len(atr) == 0 {
|
|
atrList = AtrDefault
|
|
} else {
|
|
atrList = atr[0]
|
|
}
|
|
rule.G.Sub1 = SubNull
|
|
rule.P.Sub = NewSubject(police)
|
|
rule.P.Obj = obj
|
|
rule.P.Act = act
|
|
rule.P.Atr = atrList
|
|
return rule
|
|
}
|
|
|
|
func NewRbacRuleG(login string, sub Subject) RbacRule {
|
|
var rule RbacRule
|
|
rule.P.Sub = SubNull
|
|
rule.G.Sub1 = NewSubject(login)
|
|
rule.G.Sub2 = sub
|
|
return rule
|
|
}
|
|
|
|
// Enforced
|
|
func (r *RbacList) Enforce(login string, obj Object, act Action) *Atribute {
|
|
|
|
// Detected policy list for login
|
|
for _, enf := range r.P {
|
|
if login == enf.Sub.String() && enf.Obj == obj && enf.Act == act {
|
|
return &enf.Atr
|
|
}
|
|
}
|
|
|
|
// Detected policy list for group
|
|
var listP []RbacRuleP
|
|
|
|
listG := listEnforce(login, r)
|
|
|
|
for _, lG := range listG {
|
|
for _, rdbP := range r.P {
|
|
if lG == rdbP.Sub || login == rdbP.Sub.String() {
|
|
listP = append(listP, rdbP)
|
|
}
|
|
}
|
|
}
|
|
|
|
for _, enf := range listP {
|
|
if enf.Obj == obj && enf.Act == act {
|
|
return &enf.Atr
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// List Enforced for iterated
|
|
func listEnforce(login string, rules *RbacList) []Subject {
|
|
var listG []Subject
|
|
|
|
for _, rdbG := range rules.G {
|
|
if login == rdbG.Sub1.String() {
|
|
listG = append(listG, rdbG.Sub2)
|
|
}
|
|
}
|
|
|
|
for _, listFull := range listG {
|
|
if login != listFull.String() {
|
|
lG := listEnforce(listFull.String(), rules)
|
|
listG = append(listG, lG...)
|
|
}
|
|
}
|
|
|
|
return listG
|
|
}
|