一,安装casbin
1,casbin项目代码的地址
2,为go安装casbin
liuhongdi@ku:~$ go get -u github.com/casbin/casbin/v2gorm-adapter代码地址:
安装gorm-adapter
liuhongdi@ku:~$ go get -u github.com/casbin/gorm-adapter/v34,为兼容gorm-adapter,我们更换了gorm的版本,
安装命令:
liuhongdi@ku:~$ go get -u gorm.io/gorm说明:csv存储只适合于不需要对规则进行管理的权限设计,
所以我们在这里使用数据库来存储规则
说明:刘宏缔的go森林是一个专注golang的博客,
地址:https://blog.csdn.net/weixin_43881017
二,演示项目的相关信息
1,项目地址
2,项目功能说明:
/admin/* :只有role为 superAdmin时可访问
/article/* : role为superAdmin/user时均可访问
/home/*: role为任何用户时均可访问
3,项目结构:如图:
三,配置文件说明:
1,config/rbac_model.conf
# Request definition 自定义请求的格式
[request_definition]
r = sub, obj, act
# Policy definition 策略定义
[policy_definition]
p = sub, obj, act
# Policy effect
[policy_effect]
e = some(where (p.eft == allow))
# Matchers
[matchers]
#m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
m = (r.sub == p.sub || p.sub == "*") && keyMatch(r.obj,p.obj) && (r.act == p.act || p.act == "*")2,mysql数据表:
说明:此数据表由casbin的gorm-adapter自动创建,我们只需要插入数据即可:
sql:
INSERT INTO `casbin_rule` (`id`, `p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES
(3, 'p', '*', '/home/*', '*', NULL, NULL, NULL),
(2, 'p', 'superAdmin', '/admin/*', '*', NULL, NULL, NULL),
(1, 'p', 'superAdmin', '/article/*', '*', NULL, NULL, NULL),
(4, 'p', 'user', '/article/*', '*', NULL, NULL, NULL);
四,go代码说明
1,homeController.go
package controller
import (
"github.com/gin-gonic/gin"
"github.com/liuhongdi/digv12/pkg/result"
)
type HomeController struct{}
func NewHomeController() HomeController {
return HomeController{}
}
//首页,任何人可访问,不登录也可访问
func (a *HomeController) Home(c *gin.Context) {
resultRes := result.NewResult(c)
resultRes.Success("this is home page");
return
}
2,adminController.go
package controller
import (
"github.com/gin-gonic/gin"
"github.com/liuhongdi/digv12/pkg/result"
)
type HomeController struct{}
func NewHomeController() HomeController {
return HomeController{}
}
//首页,任何人可访问,不登录也可访问
func (a *HomeController) Home(c *gin.Context) {
resultRes := result.NewResult(c)
resultRes.Success("this is home page");
return
}3,ArticleController.go
package controller
import (
"fmt"
"github.com/gin-gonic/gin"
"github.com/liuhongdi/digv12/pkg/page"
"github.com/liuhongdi/digv12/pkg/result"
"github.com/liuhongdi/digv12/pkg/validCheck"
"github.com/liuhongdi/digv12/request"
"github.com/liuhongdi/digv12/service"
)
type ArticleController struct{}
func NewArticleController() ArticleController {
return ArticleController{}
}
//得到一篇文章的详情
func (a *ArticleController) GetOne(c *gin.Context) {
result := result.NewResult(c)
param := request.ArticleRequest{ID: validCheck.StrTo(c.Param("id")).MustUInt64()}
valid, errs := validCheck.BindAndValid(c, ¶m)
if !valid {
result.Error(400,errs.Error())
return
}
if (param.ID == 100) {
var z int = 0
var i int = 100 / z
fmt.Println("i:%i",i)
}
articleOne,err := service.GetOneArticle(param.ID);
if err != nil {
result.Error(404,"数据查询错误")
} else {
result.Success(&articleOne);
}
return
}
4,global/casbin.go
package global
import (
"fmt"
"github.com/casbin/casbin/v2"
gormadapter "github.com/casbin/gorm-adapter/v3"
"log"
"os"
)
var (
Enforcer *casbin.Enforcer
)
//创建casbin的enforcer
func SetupCasbinEnforcer() (error) {
a, err := gormadapter.NewAdapterByDB(DBLink)
if (err != nil) {
log.Fatalf("gormadapter.NewAdapterByDB err: %v", err)
}
dir, _ := os.Getwd()
modelPath := dir + "/config/rbac_model.conf"
//csvPath := dir + "/config/rbac2.csv"
fmt.Println("modelPath:"+modelPath);
//fmt.Println("csvPath:"+csvPath);
var errC error
Enforcer, errC = casbin.NewEnforcer(modelPath, a)
//fmt.Printf("RBAC test start\n") // output for debug
if (errC != nil) {
//fmt.Println(errC)
log.Fatalf("SetupCasbinEnforcer err: %v", errC)
return errC
} else {
Enforcer.LoadPolicy()
Enforcer.EnableLog(true)
return nil
}
}5,main.go
package main
import (
"github.com/gin-gonic/gin"
"github.com/liuhongdi/digv12/global"
"github.com/liuhongdi/digv12/router"
"log"
)
//init
func init() {
//setting
err := global.SetupSetting()
if err != nil {
log.Fatalf("init.setupSetting err: %v", err)
}
//logger
err = global.SetupLogger()
if err != nil {
log.Fatalf("init.SetupLogger err: %v", err)
}
//access logger
err = global.SetupAccessLogger()
if err != nil {
log.Fatalf("init.SetupAccessLogger err: %v", err)
}
//db
err = global.SetupDBLink()
if err != nil {
log.Fatalf("init.SetupLogger err: %v", err)
global.Logger.Fatalf("init.setupDBEngine err: %v", err)
}
//casbin
err = global.SetupCasbinEnforcer()
if err != nil {
log.Fatalf("init.SetupCasbinEnforcer err: %v", err)
global.Logger.Fatalf("init.SetupCasbinEnforcer err: %v", err)
}
global.Logger.Infof("------应用init结束")
//global.Logger.
}
func main() {
global.Logger.Infof("------应用main函数开始")
//设置运行模式
gin.SetMode(global.ServerSetting.RunMode)
//引入路由
r := router.Router()
//run
r.Run(":"+global.ServerSetting.HttpPort)
}说明:注意casbin的初始化要放到mysql之后
6,middleware/permission.go
package middleware
import (
"fmt"
"github.com/gin-gonic/gin"
"github.com/liuhongdi/digv12/global"
"github.com/liuhongdi/digv12/pkg/result"
)
func PermissionMiddleWare() gin.HandlerFunc {
return func(c *gin.Context) {
// 请求的path
p := c.Request.URL.Path
// 请求的方法
m := c.Request.Method
role:="superAdmin"
//role:="user"
//role:="guest"
fmt.Println("role:"+role)
fmt.Println("path:"+p)
fmt.Println("method:"+m)
// 检查用户权限
isPass, err := global.Enforcer.Enforce(role, p, m)
if err != nil {
resultRes := result.NewResult(c)
resultRes.Error(2005,err.Error())
return
}
if isPass {
c.Next()
} else {
resultRes := result.NewResult(c)
resultRes.Error(2006,"无访问权限")
return
}
}
}7,其他相关代码可访问github
五,测试效果
1,middleware/permission.go中,
role:="guest"访问:
http://127.0.0.1:8000/home/home返回:
访问:
http://127.0.0.1:8000/article/getone/2返回:
访问:
http://127.0.0.1:8000/admin/admin返回:
2,middleware/permission.go中,
role:="user"访问:
http://127.0.0.1:8000/home/home返回:
访问:
http://127.0.0.1:8000/article/getone/2返回:
访问:
http://127.0.0.1:8000/admin/admin返回:
3,middleware/permission.go中,
role:="superAdmin"访问:
http://127.0.0.1:8000/home/home返回:
访问:
http://127.0.0.1:8000/article/getone/2返回:
访问:
http://127.0.0.1:8000/admin/admin返回:
六,查看库的版本:
module github.com/liuhongdi/digv12
go 1.15
require (
github.com/casbin/casbin/v2 v2.17.0
github.com/casbin/gorm-adapter/v3 v3.0.4
github.com/gin-gonic/gin v1.6.3
github.com/go-playground/universal-translator v0.17.0
github.com/go-playground/validator/v10 v10.2.0
github.com/lestrrat/go-file-rotatelogs v0.0.0-20180223000712-d3151e2a480f
github.com/lestrrat/go-strftime v0.0.0-20180220042222-ba3bf9c1d042 // indirect
github.com/magiconair/properties v1.8.4 // indirect
github.com/mitchellh/mapstructure v1.3.3 // indirect
github.com/pelletier/go-toml v1.8.1 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/spf13/afero v1.4.1 // indirect
github.com/spf13/cast v1.3.1 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/viper v1.7.1
go.uber.org/multierr v1.6.0 // indirect
go.uber.org/zap v1.16.0
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 // indirect
golang.org/x/text v0.3.4 // indirect
gopkg.in/ini.v1 v1.62.0 // indirect
gopkg.in/yaml.v2 v2.3.0 // indirect
gorm.io/driver/mysql v1.0.1
gorm.io/gorm v1.20.7
)