github.com/SupenBysz/gf-admin-community@v0.7.4/internal/logic/sys_casbin/sys_casbin.go (about) 1 package sys_casbin 2 3 import ( 4 "context" 5 "github.com/SupenBysz/gf-admin-community/sys_consts" 6 "github.com/SupenBysz/gf-admin-community/sys_model" 7 "github.com/SupenBysz/gf-admin-community/sys_model/sys_dao" 8 "github.com/SupenBysz/gf-admin-community/sys_model/sys_enum" 9 "github.com/SupenBysz/gf-admin-community/sys_model/sys_hook" 10 "github.com/SupenBysz/gf-admin-community/sys_service" 11 casbin "github.com/casbin/casbin/v2" 12 casbinModel "github.com/casbin/casbin/v2/model" 13 "github.com/gogf/gf/v2/database/gdb" 14 "github.com/gogf/gf/v2/errors/gerror" 15 "github.com/gogf/gf/v2/frame/g" 16 "github.com/gogf/gf/v2/os/gctx" 17 "github.com/gogf/gf/v2/os/glog" 18 "github.com/yitter/idgenerator-go/idgen" 19 "time" 20 ) 21 22 type hookInfo sys_model.KeyValueT[int64, sys_hook.CasbinHookInfo] 23 24 type sCasbin struct { 25 reqCasbin sys_model.ReqCasbin 26 hookArr []hookInfo 27 conf gdb.CacheOption 28 } 29 30 var ( 31 CE *casbin.Enforcer 32 ) 33 34 func init() { 35 sys_service.RegisterCasbin(New()) 36 } 37 38 // New Casbin 权限控制 39 func New() *sCasbin { 40 return &sCasbin{ 41 conf: gdb.CacheOption{ 42 Duration: time.Hour, 43 Force: false, 44 }, 45 hookArr: make([]hookInfo, 0), 46 } 47 } 48 49 // InstallHook 安装Hook 50 func (s *sCasbin) InstallHook(userType sys_enum.UserType, hookFunc sys_hook.CasbinHookFunc) int64 { 51 item := hookInfo{Key: idgen.NextId(), Value: sys_hook.CasbinHookInfo{Key: userType, Value: hookFunc}} 52 s.hookArr = append(s.hookArr, item) 53 return item.Key 54 } 55 56 // UnInstallHook 卸载Hook 57 func (s *sCasbin) UnInstallHook(savedHookId int64) { 58 newFuncArr := make([]hookInfo, 0) 59 for _, item := range s.hookArr { 60 if item.Key != savedHookId { 61 newFuncArr = append(newFuncArr, item) 62 continue 63 } 64 } 65 s.hookArr = newFuncArr 66 } 67 68 // CleanAllHook 清除所有Hook 69 func (s *sCasbin) CleanAllHook() { 70 s.hookArr = make([]hookInfo, 0) 71 } 72 73 func (s *sCasbin) Check() error { 74 t, err := s.Enforcer().Enforce(s.reqCasbin.UserId, s.reqCasbin.Domain, s.reqCasbin.Interface, s.reqCasbin.Action) 75 if err != nil { 76 return err 77 } 78 if !t { 79 return gerror.New("无此权限") 80 } 81 return nil 82 } 83 84 func (s *sCasbin) Enforcer() *casbin.Enforcer { 85 if CE == nil { 86 Casbin() 87 } 88 return CE 89 } 90 91 // Casbin policy|request_definition --> 实体 域 资源 方法 92 // Casbin role_definition --> 用户 所属角色 所属域 93 func Casbin() *casbin.Enforcer { 94 modelFromString, err := casbinModel.NewModelFromString(` 95 [request_definition] 96 r = sub, dom, obj, act 97 98 [policy_definition] 99 p = sub, dom, obj, act 100 101 [role_definition] 102 g = _, _, _ 103 104 [policy_effect] 105 e = some(where (p.eft == allow)) 106 107 [matchers] 108 m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && (r.act == p.act||p.act == "*")||p.sub ==` + `"` + sys_consts.CasbinSuperAdmin + `"`) 109 if err != nil { 110 glog.Error(gctx.New(), err) 111 return nil 112 } 113 opts, _ := NewAdapterFromOptions(&Adapter{ 114 TableName: sys_dao.SysCasbin.Table(), 115 Db: sys_dao.SysCasbin.DB(), 116 }) 117 g.Try(gctx.New(), func(ctx context.Context) { 118 CE, err = casbin.NewEnforcer(modelFromString, opts) 119 if err != nil { 120 glog.Error(gctx.New(), err) 121 return 122 } 123 }) 124 glog.Printf(gctx.New(), "Cabin 初始化成功") 125 return CE 126 } 127 128 // AddRoleForUserInDomain 添加用户角色关联关系 129 func (s *sCasbin) AddRoleForUserInDomain(userName string, roleName string, domain string) (bool, error) { 130 return s.Enforcer().AddRoleForUserInDomain(userName, roleName, domain) 131 } 132 133 // DeleteRoleForUserInDomain 删除用户角色关联关系 134 func (s *sCasbin) DeleteRoleForUserInDomain(userName, roleName string, domain string) (bool, error) { 135 return s.Enforcer().DeleteRoleForUserInDomain(userName, roleName, domain) 136 } 137 138 // DeleteRolesForUser 清空用户角色关联关系 139 func (s *sCasbin) DeleteRolesForUser(userName string, domain string) (bool, error) { 140 return s.Enforcer().DeleteRolesForUserInDomain(userName, domain) 141 } 142 143 // AddPermissionForUser 添加角色与资源关系 144 func (s *sCasbin) AddPermissionForUser(roleName, path, method string) (bool, error) { 145 return s.Enforcer().AddPermissionForUser(roleName, path, method) 146 } 147 148 // AddPermissionsForUser 添加角色与资源关系 149 func (s *sCasbin) AddPermissionsForUser(roleName string, path []string) (bool, error) { 150 return s.Enforcer().AddPermissionsForUser(roleName, path) 151 } 152 153 // DeletePermissionForUser 删除角色与资源关系 154 func (s *sCasbin) DeletePermissionForUser(roleName, path, method string) (bool, error) { 155 return s.Enforcer().DeletePermissionForUser(roleName, path, method) 156 } 157 158 // DeletePermissionsForUser 清空角色与资源关系 159 func (s *sCasbin) DeletePermissionsForUser(roleName string) (bool, error) { 160 return s.Enforcer().DeletePermissionsForUser(roleName) 161 } 162 163 // EnforceCheck 校验 确认访问权限 164 func (s *sCasbin) EnforceCheck(userName, path, role, method interface{}) (bool, error) { // 用户id 域 资源 方法 165 t, err := s.Enforcer().Enforce(userName, path, role, method) 166 return t, err 167 }