-
Notifications
You must be signed in to change notification settings - Fork 0
/
authApplication.go
128 lines (115 loc) · 4.06 KB
/
authApplication.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
package authApplication
import (
"github.com/dkzhang/RmsGo/myUtils/logMap"
"github.com/dkzhang/RmsGo/webapi/model/application"
"github.com/dkzhang/RmsGo/webapi/model/user"
"github.com/sirupsen/logrus"
)
type applicationAuthority struct {
RelationShipBetween func(user.UserInfo, application.Application) bool
Operation int
Permission bool
Description string
}
const (
OPS_CREATE = 1 << iota
OPS_RETRIEVE
OPS_UPDATE
OPS_DELETE
)
var theApplicationAuthorityTable []applicationAuthority
func init() {
theApplicationAuthorityTable = make([]applicationAuthority, 0)
theApplicationAuthorityTable = append(theApplicationAuthorityTable, applicationAuthority{
RelationShipBetween: func(userLoginInfo user.UserInfo, applicationAccessed application.Application) bool {
if userLoginInfo.Role == user.RoleProjectChief {
return true
} else {
return false
}
},
Operation: OPS_CREATE,
Permission: true,
Description: "Allow RoleProjectChief CREATE Application",
})
theApplicationAuthorityTable = append(theApplicationAuthorityTable, applicationAuthority{
RelationShipBetween: func(userLoginInfo user.UserInfo, applicationAccessed application.Application) bool {
if userLoginInfo.Role == user.RoleProjectChief && applicationAccessed.ApplicantUserID == userLoginInfo.UserID {
return true
} else {
return false
}
},
Operation: OPS_RETRIEVE | OPS_UPDATE,
Permission: true,
Description: "Allow RoleProjectChief RETRIEVE and UPDATE Application owned by himself",
})
theApplicationAuthorityTable = append(theApplicationAuthorityTable, applicationAuthority{
RelationShipBetween: func(userLoginInfo user.UserInfo, applicationAccessed application.Application) bool {
if userLoginInfo.Role == user.RoleApprover && applicationAccessed.DepartmentCode == userLoginInfo.DepartmentCode {
return true
} else {
return false
}
},
Operation: OPS_RETRIEVE | OPS_UPDATE,
Permission: true,
Description: "Allow RoleApprover RETRIEVE and UPDATE Application from his department",
})
theApplicationAuthorityTable = append(theApplicationAuthorityTable, applicationAuthority{
RelationShipBetween: func(userLoginInfo user.UserInfo, applicationAccessed application.Application) bool {
if userLoginInfo.Role == user.RoleApprover2 {
return true
} else {
return false
}
},
Operation: OPS_RETRIEVE | OPS_UPDATE,
Permission: true,
Description: "Allow RoleApprover RETRIEVE and UPDATE Application (ALL)",
})
theApplicationAuthorityTable = append(theApplicationAuthorityTable, applicationAuthority{
RelationShipBetween: func(userLoginInfo user.UserInfo, applicationAccessed application.Application) bool {
if userLoginInfo.Role == user.RoleController {
return true
} else {
return false
}
},
Operation: OPS_RETRIEVE | OPS_UPDATE,
Permission: true,
Description: "Allow RoleProjectChief RETRIEVE and UPDATE Application (ALL)",
})
}
func AuthorityCheck(theLogMap logMap.LogMap,
userLoginInfo user.UserInfo,
app application.Application,
ops int) (permission bool) {
for _, rule := range theApplicationAuthorityTable {
if (ops&rule.Operation != 0) && rule.RelationShipBetween(userLoginInfo, app) == true {
// There are two priority options: allow priority, do not allow priority
if rule.Permission == true {
theLogMap.Log(logMap.NORMAL).WithFields(logrus.Fields{
"UserLoginInfo": userLoginInfo,
"Application": app,
"Description": rule.Description,
}).Info("UserAuthorityCheck match permission allow.")
return true
} else {
theLogMap.Log(logMap.NORMAL).WithFields(logrus.Fields{
"UserLoginInfo": userLoginInfo,
"Application": app,
"Description": rule.Description,
}).Info("UserAuthorityCheck match permission not allowed.")
return false
}
}
}
// There are two default options here: default allowed, default not allowed
// We choose default not allowed
theLogMap.Log(logMap.NORMAL).WithFields(logrus.Fields{
"UserLoginInfo": userLoginInfo,
"Application": app,
}).Info("no permission allow matched")
return false
}