From 565080ace3f9fea073b1e7d7ca60e095a55f02a1 Mon Sep 17 00:00:00 2001 From: ouerqiang Date: Fri, 8 Nov 2019 14:18:35 +0800 Subject: [PATCH] add demo and update doc --- .idea/vcs.xml | 6 ---- README.md | 75 ++++++++++++++++++++++++++++++++++++++++ demo/v1/v1_demo.go | 75 ++++++++++++++++++++++++++++++++++++++++ demo/{ => v2}/v2_demo.go | 16 ++++++--- 4 files changed, 161 insertions(+), 11 deletions(-) delete mode 100644 .idea/vcs.xml create mode 100644 demo/v1/v1_demo.go rename demo/{ => v2}/v2_demo.go (87%) diff --git a/.idea/vcs.xml b/.idea/vcs.xml deleted file mode 100644 index 94a25f7..0000000 --- a/.idea/vcs.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/README.md b/README.md index c971977..0cd88d6 100644 --- a/README.md +++ b/README.md @@ -99,5 +99,80 @@ g, alice, data_group_admin ## casbin v2 ```go +package main + +import ( + "fmt" + + scas "github.com/qiangmzsx/string-adapter/v2" + + "github.com/casbin/casbin/v2" + "github.com/casbin/casbin/v2/model" +) + +func main() { + + modelText := ` +[request_definition] +r = sub, obj, act + +[policy_definition] +p = sub, obj, act + +[role_definition] +g = _, _ +g2 = _, _ + +[policy_effect] +e = some(where (p.eft == allow)) + +[matchers] +m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act` + + m := model.Model{} + + m.LoadModelFromText(modelText) + + line := ` +p, alice, data1, read +p, bob, data2, write +p, data_group_admin, data_group, write + +g, alice, data_group_admin +g2, data1, data_group +g2, data2, data_group +` + sa := scas.NewAdapter(line) + + // Initialize a Gorm adapter and use it in a Casbin enforcer: + // The adapter will use the MySQL database named "casbin". + // If it doesn't exist, the adapter will create it automatically. + // You can also use an already existing gorm instance with gormadapter.NewAdapterByDB(gormInstance) + //a, _ := gormadapter.NewAdapter("mysql", "mysql_username:mysql_password@tcp(127.0.0.1:3306)/") // Your driver and data source. + // e, _ := casbin.NewEnforcer("examples/rbac_model.conf", a) + e, _ := casbin.NewEnforcer(m, sa) + + // Or you can use an existing DB "abc" like this: + // The adapter will use the table named "casbin_rule". + // If it doesn't exist, the adapter will create it automatically. + // a := gormadapter.NewAdapter("mysql", "mysql_username:mysql_password@tcp(127.0.0.1:3306)/abc", true) + + // Load the policy from DB. + e.LoadPolicy() + + // Check the permission. + if res, _ := e.Enforce("alice", "data1", "read"); res { + fmt.Println("permitted") + } else { + fmt.Println("rejected") + } + + // Modify the policy. + // e.AddPolicy(...) + // e.RemovePolicy(...) + + // Save the policy back to DB. + e.SavePolicy() +} ``` diff --git a/demo/v1/v1_demo.go b/demo/v1/v1_demo.go new file mode 100644 index 0000000..6b5d697 --- /dev/null +++ b/demo/v1/v1_demo.go @@ -0,0 +1,75 @@ +package main + +import ( + "fmt" + + scas "github.com/qiangmzsx/string-adapter" + + "github.com/casbin/casbin" + "github.com/casbin/casbin/model" +) + +func main() { + + modelText := ` +[request_definition] +r = sub, obj, act + +[policy_definition] +p = sub, obj, act + +[role_definition] +g = _, _ +g2 = _, _ + +[policy_effect] +e = some(where (p.eft == allow)) + +[matchers] +m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act` + + m := model.Model{} + + m.LoadModelFromText(modelText) + + line := ` +p, alice, data1, read +p, bob, data2, write +p, data_group_admin, data_group, write + +g, alice, data_group_admin +g2, data1, data_group +g2, data2, data_group +` + sa := scas.NewAdapter(line) + + // Initialize a Gorm adapter and use it in a Casbin enforcer: + // The adapter will use the MySQL database named "casbin". + // If it doesn't exist, the adapter will create it automatically. + // You can also use an already existing gorm instance with gormadapter.NewAdapterByDB(gormInstance) + //a, _ := gormadapter.NewAdapter("mysql", "mysql_username:mysql_password@tcp(127.0.0.1:3306)/") // Your driver and data source. + // e, _ := casbin.NewEnforcer("examples/rbac_model.conf", a) + e := casbin.NewEnforcer(m, sa) + + // Or you can use an existing DB "abc" like this: + // The adapter will use the table named "casbin_rule". + // If it doesn't exist, the adapter will create it automatically. + // a := gormadapter.NewAdapter("mysql", "mysql_username:mysql_password@tcp(127.0.0.1:3306)/abc", true) + + // Load the policy from DB. + e.LoadPolicy() + + // Check the permission. + if res := e.Enforce("alice", "data1", "read"); res { + fmt.Println("permitted") + } else { + fmt.Println("rejected") + } + + // Modify the policy. + // e.AddPolicy(...) + // e.RemovePolicy(...) + + // Save the policy back to DB. + e.SavePolicy() +} diff --git a/demo/v2_demo.go b/demo/v2/v2_demo.go similarity index 87% rename from demo/v2_demo.go rename to demo/v2/v2_demo.go index 49c9bcd..2d02980 100644 --- a/demo/v2_demo.go +++ b/demo/v2/v2_demo.go @@ -18,22 +18,28 @@ r = sub, obj, act [policy_definition] p = sub, obj, act +[role_definition] +g = _, _ +g2 = _, _ + [policy_effect] e = some(where (p.eft == allow)) [matchers] -m = r.sub == r.obj.Owner` +m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act` m := model.Model{} m.LoadModelFromText(modelText) line := ` -p, alice, /alice_data/*, (GET)|(POST) -p, alice, /alice_data/resource1, POST -p, data_group_admin, /admin/*, POST -p, data_group_admin, /bob_data/*, POST +p, alice, data1, read +p, bob, data2, write +p, data_group_admin, data_group, write + g, alice, data_group_admin +g2, data1, data_group +g2, data2, data_group ` sa := scas.NewAdapter(line)