You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 lines
2.5 KiB
92 lines
2.5 KiB
package casbins
|
|
|
|
import (
|
|
"LAPP_LF_MOM_BACKEND/conf"
|
|
"LAPP_LF_MOM_BACKEND/web/middleware/glog"
|
|
"LAPP_LF_MOM_BACKEND/web/middleware/jwts"
|
|
"LAPP_LF_MOM_BACKEND/web/supports"
|
|
"fmt"
|
|
"github.com/casbin/casbin/v2"
|
|
xormadapter "github.com/casbin/xorm-adapter/v2"
|
|
_ "github.com/denisenkom/go-mssqldb"
|
|
"github.com/kataras/iris/v12"
|
|
"log"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
// 获取Enforcer
|
|
func NewCasbin() (*casbin.Enforcer, error) {
|
|
|
|
driveSource := fmt.Sprintf("server=%s;database=%s;user id=%s;password=%s;port=%d;encrypt=disable",
|
|
conf.DbConfig.Masterdbserver, conf.DbConfig.Masterdbname, conf.DbConfig.Masterdbuser, conf.DbConfig.Masterdbpassword, conf.DbConfig.Masterdbport)
|
|
a, err := xormadapter.NewAdapter(conf.DbConfig.Masterdbdrivername, driveSource, true)
|
|
if err != nil {
|
|
glog.InfoExtln("casbins数据库连接错误", "err:", err)
|
|
return nil, err
|
|
}
|
|
|
|
e, err := casbin.NewEnforcer("conf/rbac_model.conf", a)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if err := e.LoadPolicy(); err == nil {
|
|
return e, err
|
|
} else {
|
|
fmt.Printf("casbin rbac_model or policy init error, message: %v", err)
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
// ServeHTTP is the iris compatible casbins handler which should be passed to specific routes or parties.
|
|
// Usage:
|
|
// [...]
|
|
// app.Get("/dataset1/resource1", casbinMiddleware.ServeHTTP, myHandler)
|
|
// [...]
|
|
func CheckPermissions(ctx iris.Context) bool {
|
|
user, ok := jwts.ParseToken(ctx)
|
|
if !ok {
|
|
return false
|
|
}
|
|
|
|
// 去除空格
|
|
//uid := strings.Replace(user.Userid, " ", "", -1)
|
|
uid := strings.TrimSpace(user.Role)
|
|
e, err := NewCasbin()
|
|
if err != nil {
|
|
supports.Unauthorized(ctx, supports.PermissionsLess, nil)
|
|
ctx.StopExecution()
|
|
return false
|
|
}
|
|
ok, err = e.Enforce(uid, ctx.Path(), ctx.Method())
|
|
log.Println("----------------", uid, ctx.Path(), ctx.Method())
|
|
log.Println(ok)
|
|
if err != nil {
|
|
log.Printf("casbin权限控制错误: %v", err)
|
|
}
|
|
if !ok {
|
|
supports.Unauthorized(ctx, supports.PermissionsLess, nil)
|
|
ctx.StopExecution()
|
|
return false
|
|
}
|
|
|
|
return true
|
|
//ctx.Next()
|
|
}
|
|
|
|
// Wrapper is the router wrapper, prefer this method if you want to use casbins to your entire iris application.
|
|
// Usage:
|
|
// [...]
|
|
// app.WrapRouter(casbinMiddleware.Wrapper())
|
|
// app.Get("/dataset1/resource1", myHandler)
|
|
// [...]
|
|
func Wrapper() func(w http.ResponseWriter, r *http.Request, router http.HandlerFunc) {
|
|
return func(w http.ResponseWriter, r *http.Request, router http.HandlerFunc) {
|
|
//if !c.Check(r) {
|
|
// w.WriteHeader(http.StatusForbidden)
|
|
// w.Write([]byte("403 Forbidden"))
|
|
// return
|
|
//}
|
|
router(w, r)
|
|
}
|
|
}
|