zhangguanzhang · July 14, 2020 08:35
diff --git a/rbac_casbin.go b/rbac_casbin.go
 package main

 import (
 	"fmt"
 	"log"

 	"github.com/casbin/casbin/v2"
 	gormadapter "github.com/casbin/gorm-adapter/v2"
 	"github.com/gin-gonic/gin"
 	_ "github.com/go-sql-driver/mysql"
 )

 func main() {

 	a, err := gormadapter.NewAdapter("mysql", "root:zhangguanzhang@tcp(10.0.23.29:3306)/rbac_db?charset=utf8", true)
 	if err != nil {
 		log.Printf("连接数据库错误: %v", err)
 		return
 	}
 	// e, err := casbin.NewEnforcer("rbac_models.conf", a)
 	e, err := casbin.NewSyncedEnforcer("rbac_models.conf", a)
 	if err != nil {
 		log.Printf("初始化casbin错误: %v", err)
 		return
 	}
 	//从DB加载策略
 	e.LoadPolicy()

 	//获取router路由对象
 	r := gin.New()
 	//增加policy
 	r.POST("/api/v1/add", func(c *gin.Context) {
 		fmt.Println("增加Policy")

 		if ok, _ := e.AddRoleForUser("admin", "administrator"); !ok {
 			fmt.Println("Policy已经存在")
 		} else {
 			fmt.Println("增加成功")
 		}
 		
 		if ok, _ := e.AddPolicy("administrator", "/api/v1/hello", "GET"); !ok {
 			fmt.Println("Policy已经存在")
 		} else {
 			fmt.Println("增加成功")
 		}

 		if ok, _ := e.AddPolicy("admin", "/api/v1/hello", "GET"); !ok {
 			fmt.Println("Policy已经存在")
 		} else {
 			fmt.Println("增加成功")
 		}
 	})
 	//删除policy
 	r.DELETE("/api/v1/delete", func(c *gin.Context) {
 		fmt.Println("删除Policy")
 		if ok, _ := e.RemovePolicy("admin", "/api/v1/hello", "GET"); !ok {
 			fmt.Println("Policy不存在")
 		} else {
 			fmt.Println("删除成功")
 		}
 	})
 	//获取policy
 	r.GET("/api/v1/get", func(c *gin.Context) {
 		fmt.Println("查看policy")
 		list := e.GetPolicy()
 		for _, vlist := range list {
 			for _, v := range vlist {
 				fmt.Printf("value: %s, ", v)
 			}
 		}
 	})
 	//使用自定义拦截器中间件
 	r.Use(Authorize(e))

 	//创建请求
 	r.GET("/api/v1/hello", func(c *gin.Context) {
 		fmt.Println("Hello 接收到GET请求..")
 	})

 	r.Run(":9000") //参数为空 默认监听8080端口
 }

 //拦截器
 func Authorize(e *casbin.Enforcer) gin.HandlerFunc {

 	return func(c *gin.Context) {

 		//获取请求的URI
 		obj := c.Request.URL.RequestURI()
 		//获取请求方法
 		act := c.Request.Method
 		//获取用户的角色
 		sub := "admin"

 		//判断策略中是否存在

 		if ok, _ := e.Enforce(sub, obj, act); ok {
 			fmt.Println("恭喜您,权限验证通过")
 			c.Next()
 		} else {
 			fmt.Println("很遗憾,权限验证没有通过")
 			c.Abort()
 		}
 	}
 }

diff --git a/rbac_models.conf b/rbac_models.conf

 [request_definition]
 r = sub, obj, act

 [policy_definition]
 p = sub, obj, act

 [role_definition]
 g = _, _

 [policy_effect]
 e = some(where (p.eft == allow))

 [matchers]
 m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
	package main

	import (
	"fmt"
	"log"

	"github.com/casbin/casbin/v2"
	gormadapter "github.com/casbin/gorm-adapter/v2"
	"github.com/gin-gonic/gin"
	_ "github.com/go-sql-driver/mysql"
	)

	func main() {

	a, err := gormadapter.NewAdapter("mysql", "root:zhangguanzhang@tcp(10.0.23.29:3306)/rbac_db?charset=utf8", true)
	if err != nil {
	log.Printf("连接数据库错误: %v", err)
	return
	}
	// e, err := casbin.NewEnforcer("rbac_models.conf", a)
	e, err := casbin.NewSyncedEnforcer("rbac_models.conf", a)
	if err != nil {
	log.Printf("初始化casbin错误: %v", err)
	return
	}
	//从DB加载策略
	e.LoadPolicy()

	//获取router路由对象
	r := gin.New()
	//增加policy
	r.POST("/api/v1/add", func(c *gin.Context) {
	fmt.Println("增加Policy")

	if ok, _ := e.AddRoleForUser("admin", "administrator"); !ok {
	fmt.Println("Policy已经存在")
	} else {
	fmt.Println("增加成功")
	}

	if ok, _ := e.AddPolicy("administrator", "/api/v1/hello", "GET"); !ok {
	fmt.Println("Policy已经存在")
	} else {
	fmt.Println("增加成功")
	}

	if ok, _ := e.AddPolicy("admin", "/api/v1/hello", "GET"); !ok {
	fmt.Println("Policy已经存在")
	} else {
	fmt.Println("增加成功")
	}
	})
	//删除policy
	r.DELETE("/api/v1/delete", func(c *gin.Context) {
	fmt.Println("删除Policy")
	if ok, _ := e.RemovePolicy("admin", "/api/v1/hello", "GET"); !ok {
	fmt.Println("Policy不存在")
	} else {
	fmt.Println("删除成功")
	}
	})
	//获取policy
	r.GET("/api/v1/get", func(c *gin.Context) {
	fmt.Println("查看policy")
	list := e.GetPolicy()
	for _, vlist := range list {
	for _, v := range vlist {
	fmt.Printf("value: %s, ", v)
	}
	}
	})
	//使用自定义拦截器中间件
	r.Use(Authorize(e))

	//创建请求
	r.GET("/api/v1/hello", func(c *gin.Context) {
	fmt.Println("Hello 接收到GET请求..")
	})

	r.Run(":9000") //参数为空默认监听8080端口
	}

	//拦截器
	func Authorize(e *casbin.Enforcer) gin.HandlerFunc {

	return func(c *gin.Context) {

	//获取请求的URI
	obj := c.Request.URL.RequestURI()
	//获取请求方法
	act := c.Request.Method
	//获取用户的角色
	sub := "admin"

	//判断策略中是否存在

	if ok, _ := e.Enforce(sub, obj, act); ok {
	fmt.Println("恭喜您,权限验证通过")
	c.Next()
	} else {
	fmt.Println("很遗憾,权限验证没有通过")
	c.Abort()
	}
	}
	}

	[request_definition]
	r = sub, obj, act

	[policy_definition]
	p = sub, obj, act

	[role_definition]
	g = _, _

	[policy_effect]
	e = some(where (p.eft == allow))

	[matchers]
	m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act