Skip to content

mikespook/gorbac

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

101 Commits

examples

examples

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

example_test.go

example_test.go

 
 

go.mod

go.mod

 
 

helper.go

helper.go

 
 

helper_test.go

helper_test.go

 
 

permission.go

permission.go

 
 

permission_layer.go

permission_layer.go

 
 

permission_layer_test.go

permission_layer_test.go

 
 

permission_test.go

permission_test.go

 
 

rbac.go

rbac.go

 
 

rbac_test.go

rbac_test.go

 
 

role.go

role.go

 
 

role_test.go

role_test.go

 
 

Repository files navigation

goRBAC

Build Status GoDoc Coverage Status

goRBAC provides a lightweight role-based access control implementation in Golang.

For the purposes of this package:

* an identity has one or more roles.
* a role requests access to a permission.
* a permission is given to a role.

Thus, RBAC has the following model:

* many to many relationship between identities and roles.
* many to many relationship between roles and permissions.
* roles can have a parent role (inheriting permissions).

Version

Currently, goRBAC has two released versions

Version 1 is the original design which will only be mantained to fix bugs.

Version 2 is the new design which will only be mantained to fix bugs.

and the developing branch is

The master branch will be under development with generic (go 1.18 and higher) and can be changed without notice.

Install

Install the package:

$ go get github.com/mikespook/gorbac

Usage

Although you can adjust the RBAC instance anytime and it's absolutely safe, the library is designed for use with two phases:

  1. Preparing

  2. Checking

Preparing

Import the library:

import "github.com/mikespook/gorbac"

Get a new instance of RBAC:

rbac := gorbac.New()

Get some new roles:

rA := gorbac.NewRole("role-a")
rB := gorbac.NewRole("role-b")
rC := gorbac.NewRole("role-c")
rD := gorbac.NewRole("role-d")
rE := gorbac.NewRole("role-e")

Get some new permissions:

pA := gorbac.NewPermission("permission-a")
pB := gorbac.NewPermission("permission-b")
pC := gorbac.NewPermission("permission-c")
pD := gorbac.NewPermission("permission-d")
pE := gorbac.NewPermission("permission-e")

Add the permissions to roles:

rA.Assign(pA)
rB.Assign(pB)
rC.Assign(pC)
rD.Assign(pD)
rE.Assign(pE)

Also, you can implement gorbac.Role and gorbac.Permission for your own data structure.

After initialization, add the roles to the RBAC instance:

rbac.Add(rA)
rbac.Add(rB)
rbac.Add(rC)
rbac.Add(rD)
rbac.Add(rE)

And set the inheritance:

rbac.SetParent("role-a", "role-b")
rbac.SetParents("role-b", []string{"role-c", "role-d"})
rbac.SetParent("role-e", "role-d")

Checking

Checking the permission is easy:

if rbac.IsGranted("role-a", pA, nil) &&
	rbac.IsGranted("role-a", pB, nil) &&
	rbac.IsGranted("role-a", pC, nil) &&
	rbac.IsGranted("role-a", pD, nil) {
	fmt.Println("The role-a has been granted permis-a, b, c and d.")
}

And there are some built-in util-functions: InherCircle, AnyGranted, AllGranted. Please open an issue for the new built-in requirement.

E.g.:

rbac.SetParent("role-c", "role-a")
if err := gorbac.InherCircle(rbac); err != nil {
	fmt.Println("A circle inheratance occurred.")
}

Persistence

The most asked question is how to persist the goRBAC instance. Please check the post HOW TO PERSIST GORBAC INSTANCE for the details.

Authors

Open Source - MIT Software License

See LICENSE.

About

goRBAC provides a lightweight role-based access control (RBAC) implementation in Golang.

Topics

go rbac

Resources

Readme

License

MIT license
Activity

Stars

1.6k stars

Watchers

69 watching

Forks

176 forks
Report repository

Releases 1

API changes in the helper methods Latest
Jan 9, 2019

Packages

No packages published

Contributors 7

Languages