Skip to content

Commit

Permalink
Update casbin
Browse files Browse the repository at this point in the history
  • Loading branch information
slhmy committed Jul 3, 2024
1 parent 50d672a commit e598756
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 18 deletions.
28 changes: 15 additions & 13 deletions modules/auth/casbin.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,25 +14,23 @@ import (
"github.com/oj-lab/oj-lab-platform/modules/log"
)

const ABACModelString = `
const RBACModelString = `
[request_definition]
r = sub, obj, act
r = sub, info, dom, obj, act
[policy_definition]
p = sub_rule, obj, act, eft
p = sub, info_rule, dom, obj, act, eft
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
e = some(where (p.eft == allow))
[matchers]
m = eval(p.sub_rule) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
m = g(r.sub, p.sub) && eval(p.info_rule) && r.dom == p.dom && r.obj == p.obj && regexMatch(r.act, p.act)
`

type CasbinSubject struct {
Age int
Role string
}

var casbinEnforcer *casbin.SyncedCachedEnforcer

func GetDefaultCasbinEnforcer() *casbin.SyncedCachedEnforcer {
Expand All @@ -56,7 +54,7 @@ func GetDefaultCasbinEnforcer() *casbin.SyncedCachedEnforcer {
if err != nil && adapter == nil {
panic(err)
}
model, err := model.NewModelFromString(ABACModelString)
model, err := model.NewModelFromString(RBACModelString)
if err != nil {
panic(err)
}
Expand All @@ -83,11 +81,11 @@ func GetDefaultCasbinEnforcer() *casbin.SyncedCachedEnforcer {

func LoadDefaultCasbinPolicies() error {
enforcer := GetDefaultCasbinEnforcer()
_, err := enforcer.AddPolicy(`r.sub.Age > 18 && r.sub.Age < 60`, `testData`, http.MethodGet, "allow")
_, err := enforcer.AddPolicy(`admin`, `true`, `system`, `testData`, http.MethodGet, "allow")
if err != nil {
return err
}
_, err = enforcer.AddPolicy(`r.sub.Role == 'admin'`, `adminRequired`,
_, err = enforcer.AddPolicy(`admin`, `true`, `system`, `adminRequired`,
strings.Join([]string{
http.MethodGet,
http.MethodPost,
Expand All @@ -97,6 +95,10 @@ func LoadDefaultCasbinPolicies() error {
if err != nil {
return err
}
_, err = enforcer.AddGroupingPolicy(`test_user`, `admin`)
if err != nil {
return err
}
err = enforcer.SavePolicy()
if err != nil {
return err
Expand Down
8 changes: 3 additions & 5 deletions tests/core/casbin_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,23 +15,21 @@ func TestCasbin(t *testing.T) {
t.Error(err)
}

policies, err := enforcer.GetFilteredPolicy(1, `testData`)
policies, err := enforcer.GetFilteredPolicy(3, `testData`)
if err != nil {
t.Error(err)
}
t.Logf("Policies: %v", policies)

subject := auth.CasbinSubject{Age: 30}
allow, err := enforcer.Enforce(subject, `testData`, http.MethodGet)
allow, err := enforcer.Enforce("admin", "_", `system`, `testData`, http.MethodGet)
if err != nil {
t.Error(err)
}
if !allow {
t.Error("Expected to allow")
}

subject = auth.CasbinSubject{Age: 30, Role: "admin"}
allow, err = enforcer.Enforce(subject, `adminRequired`, http.MethodDelete)
allow, err = enforcer.Enforce("test_user", "_", `system`, `adminRequired`, http.MethodDelete)
if err != nil {
t.Error(err)
}
Expand Down

0 comments on commit e598756

Please sign in to comment.