implement attribute based access control in golang
- implement access rules by self, extensible
- minimal dependencies
- chained methods
- consistent style with same function project
- handy to use, detail docs
main reference: accessControl
however, to simplify(?) the design, we decide to stick to the definition of abac, without the attribute role
instead focus on the wider range of subject(including role/department/project)
go get github.com/Monkey-Mouse/go-abac
import "github.com/Monkey-Mouse/go-abac/abac"type DemoRule struct {
id string `json:"id" example:"u2020"`
}
func (r *DemoRule) ProcessContext(ctx abac.ContextType) {
// implement ProcessContext() to use params in context
r.id=ctx.Value("id").(string)
}
func (r *DemoRule)JudgeRule()(bool,error) {
// you can replace with your own rule here
if r.id == "u2020"{
return true,nil
}else {
return false,nil
}
}look up more way to add rule here
var ac AccessControl
grants := abac.GrantsType{
"role1": {
"resource1": {
"create:any": []abac.RuleType{&DemoRule{}},
"read:own": abac.RulesType{},
},
"resource2": {
"create:any": []abac.RuleType{},
"update:own": []abac.RuleType{},
},
},
}
ac.Grant(grants)to implement your own context, refer to docs/model.md
resFail:=ac.CanAnd(abac.IQueryInfo{
Subject: "role1",
Action: "create:any",
Resource: "resource1",
Context: abac.DefaultContext{"id":"u3030"},
})
// resFail==false
resPass:=ac.CanAnd(abac.IQueryInfo{
Subject: "role1",
Action: "create:any",
Resource: "resource1",
Context: abac.DemoContext{"id":"u2020"},
})
// resPass==true##License go-abac is MIT licensed. See the LICENSE file for details.