go语言web开发系列之十一:gin框架通过casbin实现rbac权限设计(csv存储)

一，安装casbin

1,casbin项目代码的地址

2,为go安装casbin

liuhongdi@ku:~$ go get -u github.com/casbin/casbin/v2

说明：刘宏缔的go森林是一个专注golang的博客，
地址：https://blog.csdn.net/weixin_43881017

二，演示项目的相关信息

1，项目地址

2,项目功能说明：

/admin/* :只有role为 superAdmin时可访问

/article/* : role为superAdmin/user时均可访问

/home/*: role为任何用户时均可访问

3，项目结构：如图:

三，配置文件说明:

1,config/rbac_model.conf

# Request definition 自定义请求的格式
[request_definition]
r = sub, obj, act
# Policy definition 策略定义
[policy_definition]
p = sub, obj, act
# Policy effect
[policy_effect]
e = some(where (p.eft == allow))
# Matchers
[matchers]
#m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
m = (r.sub == p.sub || p.sub == "*") && keyMatch(r.obj,p.obj) && (r.act == p.act || p.act == "*")

2,rbac2.csv

p,superAdmin,/article/*,*
p,superAdmin,/admin/*,*
p,*,/home/*,*
p,user,/article/*,*

说明：csv文件必须用相应的软件生成,如图:

四，go代码说明

1,homeController.go

package controller
import (
"github.com/gin-gonic/gin"
"github.com/liuhongdi/digv11/pkg/result"
)
type HomeController struct{}
func NewHomeController() HomeController {
return HomeController{}
}
//首页，任何人可访问，不登录也可访问
func (a *HomeController) Home(c *gin.Context) {
resultRes := result.NewResult(c)
resultRes.Success("this is home page");
return
}

2,adminController.go

package controller
import (
"github.com/gin-gonic/gin"
"github.com/liuhongdi/digv11/pkg/result"
)
type HomeController struct{}
func NewHomeController() HomeController {
return HomeController{}
}
//首页，任何人可访问，不登录也可访问
func (a *HomeController) Home(c *gin.Context) {
resultRes := result.NewResult(c)
resultRes.Success("this is home page");
return
}

3,ArticleController.go

package controller
import (
"fmt"
"github.com/gin-gonic/gin"
"github.com/liuhongdi/digv11/pkg/page"
"github.com/liuhongdi/digv11/pkg/result"
"github.com/liuhongdi/digv11/pkg/validCheck"
"github.com/liuhongdi/digv11/request"
"github.com/liuhongdi/digv11/service"
)
type ArticleController struct{}
func NewArticleController() ArticleController {
return ArticleController{}
}
//得到一篇文章的详情
func (a *ArticleController) GetOne(c *gin.Context) {
result := result.NewResult(c)
param := request.ArticleRequest{ID: validCheck.StrTo(c.Param("id")).MustUInt64()}
valid, errs := validCheck.BindAndValid(c, &param)
if !valid {
result.Error(400,errs.Error())
return
}
if (param.ID == 100) {
var z int = 0
var i int = 100 / z
fmt.Println("i:%i",i)
}
articleOne,err := service.GetOneArticle(param.ID);
if err != nil {
result.Error(404,"数据查询错误")
} else {
result.Success(&articleOne);
}
return
}

4,global/casbin.go

package global
import (
"fmt"
"github.com/casbin/casbin/v2"
"log"
"os"
)
var (
Enforcer *casbin.Enforcer
)
//创建casbin的enforcer
func SetupCasbinEnforcer() (error) {
dir, _ := os.Getwd()
modelPath := dir + "/config/rbac_model.conf"
csvPath := dir + "/config/rbac2.csv"
fmt.Println("modelPath:"+modelPath);
fmt.Println("csvPath:"+csvPath);
var errC error
Enforcer, errC = casbin.NewEnforcer(modelPath, csvPath)
//fmt.Printf("RBAC test start\n") // output for debug
if (errC != nil) {
//fmt.Println(errC)
log.Fatalf("SetupCasbinEnforcer err: %v", errC)
return errC
} else {
Enforcer.EnableLog(true)
return nil
}
}

5,main.go

package main
import (
"github.com/gin-gonic/gin"
_ "github.com/jinzhu/gorm/dialects/mysql"
"github.com/liuhongdi/digv11/global"
"github.com/liuhongdi/digv11/router"
"log"
)
//init
func init() {
//setting
err := global.SetupSetting()
if err != nil {
log.Fatalf("init.setupSetting err: %v", err)
}
//logger
err = global.SetupLogger()
if err != nil {
log.Fatalf("init.SetupLogger err: %v", err)
}
//access logger
err = global.SetupAccessLogger()
if err != nil {
log.Fatalf("init.SetupAccessLogger err: %v", err)
}
//casbin
err = global.SetupCasbinEnforcer()
if err != nil {
log.Fatalf("init.SetupCasbinEnforcer err: %v", err)
global.Logger.Fatalf("init.SetupCasbinEnforcer err: %v", err)
}
//db
err = global.SetupDBLink()
if err != nil {
log.Fatalf("init.SetupLogger err: %v", err)
global.Logger.Fatalf("init.setupDBEngine err: %v", err)
}
global.Logger.Infof("------应用init结束")
//global.Logger.
}
func main() {
global.Logger.Infof("------应用main函数开始")
//设置运行模式
gin.SetMode(global.ServerSetting.RunMode)
//引入路由
r := router.Router()
//run
r.Run(":"+global.ServerSetting.HttpPort)
}

6,middleware/permission.go

package middleware
import (
"fmt"
"github.com/gin-gonic/gin"
"github.com/liuhongdi/digv11/global"
"github.com/liuhongdi/digv11/pkg/result"
)
func PermissionMiddleWare() gin.HandlerFunc {
return func(c *gin.Context) {
// 请求的path
p := c.Request.URL.Path
// 请求的方法
m := c.Request.Method
role:="superAdmin"
//role:="user"
//role:="guest"
fmt.Println("role:"+role)
fmt.Println("path:"+p)
fmt.Println("method:"+m)
// 检查用户权限
isPass, err := global.Enforcer.Enforce(role, p, m)
if err != nil {
resultRes := result.NewResult(c)
resultRes.Error(2005,err.Error())
return
}
if isPass {
c.Next()
} else {
resultRes := result.NewResult(c)
resultRes.Error(2006,"无访问权限")
return
}
}
}

7,其他相关代码可访问github

五，测试效果

1,middleware/permission.go中，

  role:="guest"

访问:

http://127.0.0.1:8000/home/home

访问:

http://127.0.0.1:8000/article/getone/2

访问:

http://127.0.0.1:8000/admin/admin

2,middleware/permission.go中，

role:="user"

访问:

http://127.0.0.1:8000/home/home

访问:

http://127.0.0.1:8000/article/getone/2

访问:

http://127.0.0.1:8000/admin/admin

3,middleware/permission.go中，

role:="superAdmin"

访问:

http://127.0.0.1:8000/home/home

访问:

http://127.0.0.1:8000/article/getone/2

访问:

http://127.0.0.1:8000/admin/admin