beego利用casbin进行权限管理——第二节 策略存储

上一节讲到修改casbin目录下beego-orm-adapter里的adapter.go，这里要继续修改一下，否则会把数据库冲掉。

接下来进行用户的角色分配。

代码如下，其实就是生成策略——把用户对应角色写入数据库casbin_rule

//添加用户角色func (c *RoleController) UserRole() {//要支持批量分配角色，循环用户iduid := c.GetString("uid") //secofficeidids := c.GetString("ids") //roleidarray := strings.Split(ids, ",")for _, v1 := range array {e.AddGroupingPolicy(uid, v1)}c.Data["json"] = "ok"c.ServeJSON()}

当然，前提是你先定义了角色。

数据库中的样子是这样的：

接下来是给角色赋予对某某目录下（v1/v2/v3/*）资源的各种权限。

conf目录下的rbac_model.conf如下

[request_definition]r = sub, obj, act, suf [policy_definition]p = sub, obj, act, suf[role_definition]g = _, _[policy_effect]e = some(where (p.eft == allow))[matchers]m = g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && regexMatch(r.suf, p.suf) && r.act == p.act

接下来给角色赋予项目目录下资源的请求权限，

代码：

//给角色赋项目目录的权限func (c *RoleController) RolePermission() {roleids := c.GetString("roleids")rolearray := strings.Split(roleids, ",")// beego.Info(rolearray)permissionids := c.GetString("permissionids")permissionarray := strings.Split(permissionids, ",")// beego.Info(permissionarray)sufids := c.GetString("sufids")sufarray := strings.Split(sufids, ",")treeids := c.GetString("treeids") //项目目录idtreearray := strings.Split(treeids, ",")// beego.Info(treearray)treenodeids := c.GetString("treenodeids") //项目目录的nodeid 0.0.0-0.0.1-0.1.0-0.1.0treenodearray := strings.Split(treenodeids, ",")// beego.Info(treenodearray)// treeids := c.GetString("tree")//json字符串解析到结构体，以便进行追加// var tree []Tree// err := json.Unmarshal([]byte(treeids), &tree)// if err != nil {// beego.Error(err)// }var success boolvar nodeidint intvar projurl, action, suf stringvar err error//取出项目目录的顶级var nodesid, nodesids []stringif len(treenodearray) > 1 {nodesids, err = highest(treenodearray, nodesid, 0)if err != nil {beego.Error(err)}}// beego.Info(nodesids)for _, v1 := range rolearray {for _, v2 := range permissionarray {//定义读取、添加、修改、删除switch v2 {case "添加成果":action = "POST"suf = ".*"case "编辑成果":action = "UPDATE"suf = ".*"case "删除成果":action = "DELETE"suf = ".*"case "读取成果":action = "GET"for _, v4 := range sufarray {if v4 == "任意" {suf = ".*"break} else if v4 == "" { //用户没展开则读取不到table4的selectsuf = "(?i:pdf)"} else {suf = "(?i:" + v4 + ")"}}}for _, v3 := range nodesids {nodeidint, err = strconv.Atoi(v3)if err != nil {beego.Error(err)}//id转成64位pidNum, err := strconv.ParseInt(treearray[nodeidint], 10, 64)if err != nil {beego.Error(err)}//根据projid取出路径proj, err := m.GetProj(pidNum)if err != nil {beego.Error(err)}if proj.ParentIdPath == "" {projurl = "/" + strconv.FormatInt(proj.Id, 10) + "/*"} else {projurl = "/" + strings.Replace(proj.ParentIdPath, "-", "/", -1) + "/" + treearray[nodeidint] + "/*"}success = e.AddPolicy(v1, projurl, action, suf)}}}if success == true {c.Data["json"] = "ok"} else {c.Data["json"] = "wrong"}c.ServeJSON()}//迭代查出最高级的树状目录func highest(nodeid []string, nodesid []string, i int) (nodesid1 []string, err error) {if i == 0 {nodesid = append(nodesid, "0")}var i1 intfor i1 = i; i1 < len(nodeid)-1; i1++ {matched, err := regexp.MatchString("(?i:"+nodeid[i]+")", nodeid[i1+1])// fmt.Println(matched)if err != nil {beego.Error(err)}if !matched {i = i1 + 1nodesid = append(nodesid, strconv.Itoa(i1+1))break} else {if i == len(nodeid)-2 {return nodesid, err}}}if i1 < len(nodeid)-1 {nodesid, err = highest(nodeid, nodesid, i)}return nodesid, err}

上面求树状目录最高级的目的是：我们选中某一级目录，其下级自动选中了，这些目录id传递到服务端后，我们只需要往策略里存入最高级的就行了，然后用keymatch匹配路由即可。比如，策略里运行访问v1/v2/*，那么，你访问v1/v2/v3/*也是可以的了。

查出用户的权限：

func (c *RoleController) Get() {id := c.Ctx.Input.Param(":id")c.Data["Id"] = idc.Data["Ip"] = c.Ctx.Input.IP()// if id == "" { //如果id为空，则查询roles, err := m.GetRoles()if err != nil {beego.Error(err)}if id != "" {//pid转成64为// idNum, err := strconv.ParseInt(id, 10, 64)// if err != nil {// beego.Error(err)// }//查出用户的角色，处于勾选状态userroles := e.GetRolesForUser(id)userrole := make([]Userrole, 0)var level stringlevel = "2"for _, v1 := range roles {for _, v2 := range userroles {ridNum, err := strconv.ParseInt(v2, 10, 64)if err != nil {beego.Error(err)}if ridNum == v1.Id {level = "1"}}aa := make([]Userrole, 1)aa[0].Id = v1.Idaa[0].Rolename = v1.Rolenameaa[0].Rolenumber = v1.Rolenumberaa[0].Level = leveluserrole = append(userrole, aa...)aa = make([]Userrole, 0)level = "2"}c.Data["json"] = userrolec.ServeJSON()}c.Data["json"] = rolesc.ServeJSON()}