goRBAC provides a lightweight role-based access control implementation in Golang.
For the purposes of this package:
* an identity has one or more roles.
* a role requests access to a permission.
* a permission is given to a role.
Thus, RBAC has the following model:
* many to many relationship between identities and roles.
* many to many relationship between roles and permissions.
* roles can have a parent role (inheriting permissions).
Version
Currently, goRBAC has two released versions
Version 1 is the original design which will only be mantained to fix bugs.
Version 2 is the new design which will only be mantained to fix bugs.
and the developing branch is
The master branch will be under development with generic (go 1.18 and higher) and can be changed without notice.
InstallInstall the package:
Usage$ go get github.com/mikespook/gorbac
Although you can adjust the RBAC instance anytime and it's absolutely safe, the library is designed for use with two phases:
-
Preparing
-
Checking
Preparing
Import the library:
import "github.com/mikespook/gorbac"
Get a new instance of RBAC:
rbac := gorbac.New()
Get some new roles:
rA := gorbac.NewRole("role-a")
rB := gorbac.NewRole("role-b")
rC := gorbac.NewRole("role-c")
rD := gorbac.NewRole("role-d")
rE := gorbac.NewRole("role-e")
Get some new permissions:
pA := gorbac.NewPermission("permission-a")
pB := gorbac.NewPermission("permission-b")
pC := gorbac.NewPermission("permission-c")
pD := gorbac.NewPermission("permission-d")
pE := gorbac.NewPermission("permission-e")
Add the permissions to roles:
rA.Assign(pA)
rB.Assign(pB)
rC.Assign(pC)
rD.Assign(pD)
rE.Assign(pE)
gorbac.Rolegorbac.Permission
After initialization, add the roles to the RBAC instance:
rbac.Add(rA)
rbac.Add(rB)
rbac.Add(rC)
rbac.Add(rD)
rbac.Add(rE)
And set the inheritance:
rbac.SetParent("role-a", "role-b")
rbac.SetParents("role-b", []string{"role-c", "role-d"})
rbac.SetParent("role-e", "role-d")
Checking
Checking the permission is easy:
if rbac.IsGranted("role-a", pA, nil) &&
rbac.IsGranted("role-a", pB, nil) &&
rbac.IsGranted("role-a", pC, nil) &&
rbac.IsGranted("role-a", pD, nil) {
fmt.Println("The role-a has been granted permis-a, b, c and d.")
}
And there are some built-in util-functions: InherCircle, AnyGranted, AllGranted. Please open an issue for the new built-in requirement.
E.g.:
rbac.SetParent("role-c", "role-a")
if err := gorbac.InherCircle(rbac); err != nil {
fmt.Println("A circle inheratance occurred.")
}
Persistence
The most asked question is how to persist the goRBAC instance. Please check the post HOW TO PERSIST GORBAC INSTANCE for the details.
Authors Open Source - MIT Software LicenseSee LICENSE.