-
Notifications
You must be signed in to change notification settings - Fork 38
/
casbin.go
95 lines (85 loc) · 2.53 KB
/
casbin.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
package middleware
import (
"fmt"
"strings"
"sync"
"github.com/valyala/fasthttp"
"github.com/casbin/casbin/v2"
xd "github.com/casbin/xorm-adapter"
"github.com/xiusin/pine"
"github.com/xiusin/pine/di"
"github.com/xiusin/pinecms/src/application/controllers"
"github.com/xiusin/pinecms/src/application/models/tables"
"github.com/xiusin/pinecms/src/common/helper"
"xorm.io/xorm"
)
func Casbin(engine *xorm.Engine, conf string) pine.Handler {
var _locker = &sync.Mutex{}
adapter, err := xd.NewAdapterByEngine(engine)
helper.PanicErr(err)
enforcer, err := casbin.NewEnforcer(helper.GetRootPath(conf), adapter)
helper.PanicErr(err)
di.Set(controllers.ServiceCasbinEnforcer, func(builder di.AbstractBuilder) (interface{}, error) {
return enforcer, nil
}, true)
di.Set(controllers.ServiceCasbinClearPolicy, func(builder di.AbstractBuilder) (interface{}, error) {
return clearPolicy(enforcer, _locker), nil
}, true)
addPolicyHandler := addPolicy(engine, enforcer, _locker)
addPolicyHandler()
di.Instance(controllers.ServiceCasbinAddPolicy, addPolicyHandler)
return func(ctx *pine.Context) {
adminId := ctx.Value("adminid")
if adminId != nil {
var admin = &tables.Admin{}
exist, _ := engine.Where("id = ?", adminId).Get(admin)
pathString := strings.Split(strings.Trim(ctx.Path(), "/"), "/")
if exist && len(pathString) >= 3 && pathString[0] == "v2" {
roles := admin.RoleIdList
var passable bool
for _, role := range roles {
passable, _ = enforcer.Enforce(fmt.Sprintf("%d", role), pathString[1], pathString[2])
if passable {
ctx.Next()
return
}
}
}
if ctx.IsAjax() {
helper.Ajax("无节点操作权限", 1, ctx)
} else {
ctx.Abort(fasthttp.StatusForbidden)
}
return
}
ctx.Next()
}
}
func clearPolicy(enforcer *casbin.Enforcer, _locker *sync.Mutex) func() {
return func() {
_locker.Lock()
defer _locker.Unlock()
enforcer.ClearPolicy()
}
}
// 根据角色注入权限
func addPolicy(engine *xorm.Engine, enforcer *casbin.Enforcer, _locker *sync.Mutex) func() {
return func() {
_locker.Lock()
defer _locker.Unlock()
if count, _ := engine.Table(&xd.CasbinRule{}).Count(); count == 0 {
var roles []tables.AdminRole
engine.Find(&roles)
for _, role := range roles {
var privs []tables.AdminRolePriv
engine.Where("roleid = ?", role.Id).Find(&privs)
for _, priv := range privs {
enforcer.AddPolicy(fmt.Sprintf("%d", role.Id), fmt.Sprintf("%d", priv.MenuId))
}
}
enforcer.SavePolicy()
} else {
_ = enforcer.LoadPolicy()
}
}
}