-
Notifications
You must be signed in to change notification settings - Fork 176
/
Copy pathexample_test.go
121 lines (108 loc) · 3.03 KB
/
example_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package gorbac_test
import (
"fmt"
"github.com/mikespook/gorbac/v3"
)
/*
Suppose:
The role-a is inheriting from role-b.
The role-b is inheriting from role-c, role-d.
The role-c is individual.
The role-d is individual.
The role-e is inheriting from role-d.
Every roles have their own permissions.
*/
func ExampleRbacStringID() {
rbac := gorbac.New[string]()
rA := gorbac.NewRole("role-a")
rB := gorbac.NewRole("role-b")
rC := gorbac.NewRole("role-c")
rD := gorbac.NewRole("role-d")
rE := gorbac.NewRole("role-e")
pA := gorbac.NewPermission("permission-a")
pB := gorbac.NewPermission("permission-b")
pC := gorbac.NewPermission("permission-c")
pD := gorbac.NewPermission("permission-d")
pE := gorbac.NewPermission("permission-e")
rA.Assign(pA)
rB.Assign(pB)
rC.Assign(pC)
rD.Assign(pD)
rE.Assign(pE)
rbac.Add(rA)
rbac.Add(rB)
rbac.Add(rC)
rbac.Add(rD)
rbac.Add(rE)
rbac.SetParent("role-a", "role-b")
rbac.SetParents("role-b", []string{"role-c", "role-d"})
rbac.SetParent("role-e", "role-d")
if rbac.IsGranted("role-a", pA, nil) &&
rbac.IsGranted("role-a", pB, nil) &&
rbac.IsGranted("role-a", pC, nil) &&
rbac.IsGranted("role-a", pD, nil) {
fmt.Println("The role-a has been granted permis-a, b, c and d.")
}
if rbac.IsGranted("role-b", pB, nil) &&
rbac.IsGranted("role-b", pC, nil) &&
rbac.IsGranted("role-b", pD, nil) {
fmt.Println("The role-b has been granted permis-b, c and d.")
}
// When a circle inheratance occurred,
rbac.SetParent("role-c", "role-a")
// it could be detected as following code:
if err := gorbac.InherCircle(rbac); err != nil {
fmt.Println("A circle inheratance occurred.")
}
// Output:
// The role-a has been granted permis-a, b, c and d.
// The role-b has been granted permis-b, c and d.
// A circle inheratance occurred.
}
func ExampleRbacNumberID() {
rbac := gorbac.New[int]()
rA := gorbac.NewRole(1)
rB := gorbac.NewRole(2)
rC := gorbac.NewRole(3)
rD := gorbac.NewRole(4)
rE := gorbac.NewRole(5)
pA := gorbac.NewPermission(1)
pB := gorbac.NewPermission(2)
pC := gorbac.NewPermission(3)
pD := gorbac.NewPermission(4)
pE := gorbac.NewPermission(5)
rA.Assign(pA)
rB.Assign(pB)
rC.Assign(pC)
rD.Assign(pD)
rE.Assign(pE)
rbac.Add(rA)
rbac.Add(rB)
rbac.Add(rC)
rbac.Add(rD)
rbac.Add(rE)
rbac.SetParent(1, 2)
rbac.SetParents(2, []int{3, 4})
rbac.SetParent(5, 4)
if rbac.IsGranted(1, pA, nil) &&
rbac.IsGranted(1, pB, nil) &&
rbac.IsGranted(1, pC, nil) &&
rbac.IsGranted(1, pD, nil) {
fmt.Println("The role-a has been granted permis-a, b, c and d.")
}
if rbac.IsGranted(2, pB, nil) &&
rbac.IsGranted(2, pC, nil) &&
rbac.IsGranted(2, pD, nil) {
fmt.Println("The role-b has been granted permis-b, c and d.")
}
// When a circle inheratance occurred,
rbac.SetParent(3, 1)
// it could be detected as following code:
if err := gorbac.InherCircle(rbac); err != nil {
fmt.Println("A circle inheratance occurred.")
}
// Output:
// The role-a has been granted permis-a, b, c and d.
// The role-b has been granted permis-b, c and d.
// A circle inheratance occurred.
}