/
perm.go
55 lines (50 loc) · 1.6 KB
/
perm.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package admin
import (
"net/http"
"github.com/ory/ladon"
"github.com/qor5/admin/v3/activity"
"github.com/qor5/admin/v3/example/models"
"github.com/qor5/admin/v3/presets"
"github.com/qor5/x/v3/perm"
"gorm.io/gorm"
)
func initPermission(b *presets.Builder, db *gorm.DB) {
perm.Verbose = true
b.Permission(
perm.New().Policies(
perm.PolicyFor(perm.Anybody).WhoAre(perm.Allowed).ToDo(perm.Anything).On(perm.Anything),
perm.PolicyFor(perm.Anybody).WhoAre(perm.Denied).ToDo(presets.PermCreate).On("*:orders:*"),
perm.PolicyFor(
models.RoleViewer,
models.RoleEditor,
models.RoleManager,
).WhoAre(perm.Denied).ToDo(presets.PermCreate, presets.PermUpdate, presets.PermDelete).On("*:roles:*", "*:users:*"),
perm.PolicyFor(models.RoleViewer).WhoAre(perm.Denied).ToDo(presets.PermCreate, presets.PermUpdate, presets.PermDelete).On(perm.Anything),
perm.PolicyFor(models.RoleManager).WhoAre(perm.Denied).ToDo(perm.Anything).
On("*:activity_logs").On("*:activity_logs:*").
Given(perm.Conditions{
"is_authorized": &ladon.BooleanCondition{},
}),
).SubjectsFunc(func(r *http.Request) []string {
u := getCurrentUser(r)
if u == nil {
return nil
}
return u.GetRoles()
}).ContextFunc(func(r *http.Request, objs []interface{}) perm.Context {
c := make(perm.Context)
for _, obj := range objs {
switch v := obj.(type) {
case *activity.ActivityLog:
u := getCurrentUser(r)
if u.GetID() == v.GetUserID() {
c["is_authorized"] = true
} else {
c["is_authorized"] = false
}
}
}
return c
}).DBPolicy(perm.NewDBPolicy(db)),
)
}