mirror of
https://github.com/paralus/paralus.git
synced 2026-05-08 17:36:56 +00:00
c66bdc25cd
* restructure rcloud-base as a single base controller * updated master.rest * moved sentry from internal to pkg as it is used by relay * removing unused rpc and it's dependencies * Fix usermgmt tests * Don't redefine variables in rest file Co-authored-by: Abin Simon <abin.simon@rafay.co>
58 lines
1.1 KiB
Go
58 lines
1.1 KiB
Go
package enforcer
|
|
|
|
import (
|
|
"github.com/casbin/casbin/v2"
|
|
"github.com/casbin/casbin/v2/model"
|
|
"github.com/casbin/casbin/v2/util"
|
|
gormadapter "github.com/casbin/gorm-adapter/v3"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
type casbinEnforcer struct {
|
|
db *gorm.DB
|
|
}
|
|
|
|
func NewCasbinEnforcer(db *gorm.DB) *casbinEnforcer {
|
|
return &casbinEnforcer{
|
|
db: db,
|
|
}
|
|
}
|
|
|
|
func (e *casbinEnforcer) Init() (*casbin.CachedEnforcer, error) {
|
|
adapter, err := gormadapter.NewAdapterByDB(e.db)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
modelText := `
|
|
[request_definition]
|
|
r = sub, ns, proj, org, obj, act
|
|
|
|
[policy_definition]
|
|
p = sub, ns, proj, org, obj, act
|
|
|
|
[role_definition]
|
|
g = _, _
|
|
g2 = _, _
|
|
|
|
[policy_effect]
|
|
e = some(where (p.eft == allow))
|
|
|
|
[matchers]
|
|
m = g2(r.sub, p.sub) && globMatch(r.ns, p.ns) && globMatch(r.proj, p.proj) && r.org == p.org && g(r.obj, p.obj) && globMatch(r.act, p.act)
|
|
`
|
|
m, err := model.NewModelFromString(modelText)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
enforcer, err := casbin.NewCachedEnforcer(m, adapter)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
enforcer.Enforcer.AddNamedDomainMatchingFunc("g", "", util.KeyMatch2)
|
|
|
|
return enforcer, nil
|
|
}
|