Skip to content

Instantly share code, notes, and snippets.

@hadihammurabi

hadihammurabi/casbin.md

Last active February 3, 2021 10:13
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save hadihammurabi/76837b25483bbe6a70e73f48b9ab1ed8 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save hadihammurabi/76837b25483bbe6a70e73f48b9ab1ed8 to your computer and use it in GitHub Desktop.
Download ZIP
Casbin With Golang
Raw
casbin.md

Casbin

Model

  • request_definition pola parameter pengecekan otorisasi.
  • policy_definition pola otorisasi yang terdaftar.
  • role_definition pola role atau group yang terdaftar.
  • policy_effect kondisi untuk menentukan diizinkan atau tidak.
  • matchers kondisi yang digunakan untuk memenuhi kondisi pada policy effect.
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

Policy

  • p untuk mendaftarkan permission sesuai pola policy pada model.
  • g untuk mendaftarkan role atau group sesuai pola role pada model.

Policy bisa digunakan untuk memberi permission pada role, kemudian user dapat dimasukkan pada role tersebut.

Permission pada role tertentu dapat diberikan ke role lainnya, melalui g, penerima, pemberi.

p, admin, users, write
p, user, users, read

g, admin, user
g, alice, admin
g, bob, user
Raw
example-casbin.go
package main
import (
"log"
"github.com/casbin/casbin/v2"
gormadapter "github.com/casbin/gorm-adapter/v3"
"gorm.io/driver/postgres"
"gorm.io/gorm"
)
func main() {
dsn := "host=localhost user=hammurabi password=hammurabi dbname=belajar_casbin port=5432 sslmode=disable TimeZone=Asia/Jakarta"
db, _ := gorm.Open(postgres.Open(dsn), &gorm.Config{})
// You can also use an already existing gorm instance with gormadapter.NewAdapterByDB(gormInstance)
adapter, _ := gormadapter.NewAdapterByDB(db)
enforcer, _ := casbin.NewEnforcer("rbac_model.conf", adapter)
enforcer.LoadPolicy()
log.Println(enforcer.Enforce("hadi", "users", "read"))
// Modify the policy.
enforcer.AddPolicy("student", "users", "read")
enforcer.AddPolicy("school", "users", "create")
enforcer.AddPolicy("admin", "users", "update")
enforcer.AddPolicy("admin", "users", "delete")
enforcer.AddRoleForUser("admin", "school")
enforcer.AddRoleForUser("school", "student")
enforcer.AddRoleForUser("raja", "admin")
enforcer.AddRoleForUser("hadi", "student")
// Save the policy back to DB.
enforcer.SavePolicy()
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment