/
casbin.go
46 lines (40 loc) · 1.16 KB
/
casbin.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package middleware
import (
"github.com/LyricTian/gin-admin/v10/pkg/errors"
"github.com/LyricTian/gin-admin/v10/pkg/util"
"github.com/casbin/casbin/v2"
"github.com/gin-gonic/gin"
)
var ErrCasbinDenied = errors.Unauthorized("com.casbin.denied", "Permission denied")
type CasbinConfig struct {
AllowedPathPrefixes []string
SkippedPathPrefixes []string
Skipper func(c *gin.Context) bool
GetEnforcer func(c *gin.Context) *casbin.Enforcer
GetSubjects func(c *gin.Context) []string
}
func CasbinWithConfig(config CasbinConfig) gin.HandlerFunc {
return func(c *gin.Context) {
if !AllowedPathPrefixes(c, config.AllowedPathPrefixes...) ||
SkippedPathPrefixes(c, config.SkippedPathPrefixes...) ||
(config.Skipper != nil && config.Skipper(c)) {
c.Next()
return
}
enforcer := config.GetEnforcer(c)
if enforcer == nil {
util.ResError(c, ErrCasbinDenied)
return
}
for _, sub := range config.GetSubjects(c) {
if b, err := enforcer.Enforce(sub, c.Request.URL.Path, c.Request.Method); err != nil {
util.ResError(c, err)
return
} else if b {
c.Next()
return
}
}
util.ResError(c, ErrCasbinDenied)
}
}