Skip to content

Monkey-Mouse/go-abac

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

go-abac

translation: 简体中文|English

codecov gobadge made-with-Go GitHub go.mod Go version of a Go module GoReportCard BCH compliance license

implement attribute based access control in golang

Features

  • implement access rules by self, extensible
  • minimal dependencies
  • chained methods
  • consistent style with same function project
  • handy to use, detail docs

main reference: accessControl

however, to simplify(?) the design, we decide to stick to the definition of abac, without the attribute role
instead focus on the wider range of subject(including role/department/project)

Install

go get github.com/Monkey-Mouse/go-abac

Usage

import

import 	"github.com/Monkey-Mouse/go-abac/abac"

construct rule

type DemoRule struct {
	id string	`json:"id" example:"u2020"`
}

func (r *DemoRule) ProcessContext(ctx abac.ContextType)  {
	// implement ProcessContext() to use params in context
	r.id=ctx.Value("id").(string)
}
func (r *DemoRule)JudgeRule()(bool,error) {
        // you can replace with your own rule here
	if r.id == "u2020"{
		return true,nil
	}else {
		return false,nil
	}
}

config access rule

look up more way to add rule here

var ac AccessControl
grants := abac.GrantsType{
    "role1": {
        "resource1": {
            "create:any": []abac.RuleType{&DemoRule{}},
            "read:own":   abac.RulesType{},
        },
        "resource2": {
            "create:any": []abac.RuleType{},
            "update:own": []abac.RuleType{},
        },
    },
}
ac.Grant(grants)

judge access rule

to implement your own context, refer to docs/model.md

resFail:=ac.CanAnd(abac.IQueryInfo{
    Subject:  "role1",
    Action:   "create:any",
    Resource: "resource1",
    Context:  abac.DefaultContext{"id":"u3030"},
})
// resFail==false

resPass:=ac.CanAnd(abac.IQueryInfo{
    Subject:  "role1",
    Action:   "create:any",
    Resource: "resource1",
    Context:  abac.DemoContext{"id":"u2020"},
})
// resPass==true

Related

##License go-abac is MIT licensed. See the LICENSE file for details.

About

go Attribute Based Access Control (abac)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages