-
Notifications
You must be signed in to change notification settings - Fork 0
/
rbac.go
46 lines (37 loc) · 1.48 KB
/
rbac.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package handler
import (
"github.com/l3njo/yap/model"
"github.com/mikespook/gorbac"
)
// RBAC is an instance of the Role-Based Access Control
var (
RBAC *gorbac.RBAC
permissionPostOps gorbac.Permission
permissionUserOps gorbac.Permission
permissionDraftOps gorbac.Permission
permissionReactionOps gorbac.Permission
)
// InitRBAC initializes the Role-Based Access Control
// HACK Ignored error handling
func InitRBAC() error {
var err error
rbac := gorbac.New()
roleReader := gorbac.NewStdRole(string(model.UserReader))
roleEditor := gorbac.NewStdRole(string(model.UserEditor))
roleKeeper := gorbac.NewStdRole(string(model.UserKeeper))
permissionPostOps = gorbac.NewStdPermission("postOps") // Publish, Retract, Delete, Edit released posts | Delete reactions
permissionUserOps = gorbac.NewStdPermission("userOps") // Delete, Assign user
permissionDraftOps = gorbac.NewStdPermission("draftOps") // Create, Delete draft, Edit draft
permissionReactionOps = gorbac.NewStdPermission("reactionOps") // Create, Delete reaction
_ = roleKeeper.Assign(permissionPostOps)
_ = roleKeeper.Assign(permissionUserOps)
_ = roleEditor.Assign(permissionDraftOps)
_ = roleReader.Assign(permissionReactionOps)
_ = rbac.Add(roleReader)
_ = rbac.Add(roleEditor)
_ = rbac.Add(roleKeeper)
_ = rbac.SetParent(string(model.UserEditor), string(model.UserReader))
_ = rbac.SetParent(string(model.UserKeeper), string(model.UserEditor))
RBAC = rbac
return err
}