/
rbac.go
60 lines (52 loc) · 1.53 KB
/
rbac.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package rbac
import (
"github.com/el-mike/restrict"
"github.com/el-mike/restrict/adapters"
"github.com/pkg/errors"
"go.uber.org/fx"
"github.com/Southclaws/storyden/app/resources/account"
"github.com/Southclaws/storyden/app/resources/thread"
)
func NewPolicy() *restrict.PolicyDefinition {
return &restrict.PolicyDefinition{
Roles: restrict.Roles{
account.Name: {
Grants: restrict.GrantsMap{
// account.Name: {
// &restrict.Permission{Action: "create"},
// &restrict.Permission{Action: "read"},
// &restrict.Permission{Action: "update"},
// &restrict.Permission{Action: "delete"},
// },
thread.Name: {
&restrict.Permission{Action: "create", Conditions: []restrict.Condition{}},
&restrict.Permission{Action: "read"},
&restrict.Permission{Action: "update"}, // TODO: Ownership stuff
&restrict.Permission{Action: "delete"},
},
},
},
},
}
}
func NewAdapter(policy *restrict.PolicyDefinition) restrict.StorageAdapter {
return adapters.NewInMemoryAdapter(policy)
}
func NewPolicyManager(storage restrict.StorageAdapter) (*restrict.PolicyManager, error) {
pm, err := restrict.NewPolicyManager(storage, true)
if err != nil {
return nil, errors.Wrap(err, "failed to create new policy manager")
}
return pm, nil
}
func NewAccessManager(policyMananger *restrict.PolicyManager) *restrict.AccessManager {
return restrict.NewAccessManager(policyMananger)
}
func Build() fx.Option {
return fx.Provide(
NewPolicy,
NewAdapter,
NewPolicyManager,
NewAccessManager,
)
}