Casbin之多层角色的RBAC
1.model.conf文件
[request_definition]
r = sub,obj,act
[policy_definition]
p = sub,obj,act
[policy_effect]
e = some(where (p.eft == allow))
[role_definition]
g=_,_
[matchers]
m = g(r.sub, p.sub) && r.obj==p.obj && r.act == p.act
2.Policy.csv文件
p, senior, data, write
p, developer, data, read
g, dajun, senior
g, senior, developer
g, lizi, developer
3.main
package main
import (
"fmt"
"github.com/casbin/casbin/v2"
"log"
)
func check(e *casbin.Enforcer, sub, obj, act string) {
ok, _ := e.Enforce(sub, obj, act)
if ok {
fmt.Printf("%s CAN %s %s\n", sub, act, obj)
} else {
fmt.Printf("%s CANNOT %s %s\n", sub, act, obj)
}
}
func main() {
e, err := casbin.NewEnforcer("./casbin/model.conf", "./casbin/Policy.csv")
if err != nil {
log.Fatalf("NewEnforecer failed:%v\n", err)
}
check(e, "dajun", "data", "read")
check(e, "dajun", "data", "write")
check(e, "lizi", "data", "read")
check(e, "lizi", "data", "write")
}
4.输出及结构
5.讲解