Rbac is a rbac middleware for Tango, it's based on https://github.com/mikespook/gorbac.
go get github.com/tango-contrib/rbac
package main
import (
"github.com/lunny/tango"
"github.com/mikespook/gorbac"
"github.com/tango-contrib/rbac"
"github.com/tango-contrib/session"
)
type LoginAction struct {
session.Session
rbac.Manager
}
func (l *LoginAction) Post() {
l.SetRBACRole("writer")
}
type RBACPermAction struct {
rbac.Perm `write`
}
func (a *RBACPermAction) Get() string {
return "You have write permission"
}
func main() {
t := tango.Classic()
// init session middleware to store roles
sessions := session.New()
t.Use(sessions)
// init rbac middleware
goRBAC := gorbac.New()
rA := gorbac.NewStdRole("writer")
pA := gorbac.NewStdPermission("write")
rA.Assign(pA)
goRBAC.Add(rA)
t.Use(rbac.RBAC(goRBAC, sessions))
// define the routers
t.Post("/login", new(LoginAction))
t.Any("/perm_write", new(RBACPermAction))
t.Run()
}
- If you want to give difference perm for GET and POST, then you can give a tag
type Action struct {
Perm `GET:"read" POST:"write"`
}
type Action struct {
Role `GET:"reader" POST:"writer"`
}
- If you want to dynamic perm, you can use
rbac.PermTager
andrbac.RolesTager
interfaces.
type Action struct {
}
func (a *Action) PermTag() string {
return `GET:"read" POST:"write"`
}
type Action struct {
}
func (a *Action) RolesTag() string {
return `GET:"reader" POST:"writer"`
}
This project is under BSD License. See the LICENSE file for the full license text.