casdoor/object/user_enforcer.go

package object

import (
	"fmt"

	"github.com/casbin/casbin/v2"
	"github.com/casbin/casbin/v2/errors"
	"github.com/casdoor/casdoor/util"
)

type UserGroupEnforcer struct {
	// use rbac model implement use group, the enforcer can also implement user role
	enforcer *casbin.Enforcer
}

func NewUserGroupEnforcer(enforcer *casbin.Enforcer) *UserGroupEnforcer {
	return &UserGroupEnforcer{
		enforcer: enforcer,
	}
}

func (e *UserGroupEnforcer) checkModel() error {
	if _, ok := e.enforcer.GetModel()["g"]; !ok {
		return fmt.Errorf("The Casbin model used by enforcer doesn't support RBAC (\"[role_definition]\" section not found), please use a RBAC enabled Casbin model for the enforcer")
	}
	return nil
}

func (e *UserGroupEnforcer) AddGroupForUser(user string, group string) (bool, error) {
	err := e.checkModel()
	if err != nil {
		return false, err
	}

	return e.enforcer.AddRoleForUser(user, GetGroupWithPrefix(group))
}

func (e *UserGroupEnforcer) AddGroupsForUser(user string, groups []string) (bool, error) {
	err := e.checkModel()
	if err != nil {
		return false, err
	}

	g := make([]string, len(groups))
	for i, group := range groups {
		g[i] = GetGroupWithPrefix(group)
	}
	return e.enforcer.AddRolesForUser(user, g)
}

func (e *UserGroupEnforcer) DeleteGroupForUser(user string, group string) (bool, error) {
	err := e.checkModel()
	if err != nil {
		return false, err
	}

	return e.enforcer.DeleteRoleForUser(user, GetGroupWithPrefix(group))
}

func (e *UserGroupEnforcer) DeleteGroupsForUser(user string) (bool, error) {
	err := e.checkModel()
	if err != nil {
		return false, err
	}

	return e.enforcer.DeleteRolesForUser(user)
}

func (e *UserGroupEnforcer) GetGroupsForUser(user string) ([]string, error) {
	err := e.checkModel()
	if err != nil {
		return nil, err
	}

	groups, err := e.enforcer.GetRolesForUser(user)
	for i, group := range groups {
		groups[i] = GetGroupWithoutPrefix(group)
	}
	return groups, err
}

func (e *UserGroupEnforcer) GetAllUsersByGroup(group string) ([]string, error) {
	err := e.checkModel()
	if err != nil {
		return nil, err
	}

	users, err := e.enforcer.GetUsersForRole(GetGroupWithPrefix(group))
	if err != nil {
		if err == errors.ErrNameNotFound {
			return []string{}, nil
		}
		return nil, err
	}
	return users, nil
}

func GetGroupWithPrefix(group string) string {
	return "group:" + group
}

func GetGroupWithoutPrefix(group string) string {
	return group[len("group:"):]
}

func (e *UserGroupEnforcer) GetUserNamesByGroupName(groupName string) ([]string, error) {
	err := e.checkModel()
	if err != nil {
		return nil, err
	}

	userIds, err := e.GetAllUsersByGroup(groupName)
	if err != nil {
		return nil, err
	}

	names := []string{}
	for _, userId := range userIds {
		_, name := util.GetOwnerAndNameFromIdNoCheck(userId)
		names = append(names, name)
	}

	return names, nil
}

func (e *UserGroupEnforcer) UpdateGroupsForUser(user string, groups []string) (bool, error) {
	err := e.checkModel()
	if err != nil {
		return false, err
	}

	_, err = e.DeleteGroupsForUser(user)
	if err != nil {
		return false, err
	}

	affected, err := e.AddGroupsForUser(user, groups)
	if err != nil {
		return false, err
	}

	return affected, nil
}
feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00			`package object`

			`import (`
Add checkModel() for UserGroupEnforcer 2023-08-24 18:16:23 +08:00			`"fmt"`

feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00			`"github.com/casbin/casbin/v2"`
			`"github.com/casbin/casbin/v2/errors"`
			`"github.com/casdoor/casdoor/util"`
			`)`

			`type UserGroupEnforcer struct {`
			`// use rbac model implement use group, the enforcer can also implement user role`
			`enforcer *casbin.Enforcer`
			`}`

			`func NewUserGroupEnforcer(enforcer casbin.Enforcer) UserGroupEnforcer {`
			`return &UserGroupEnforcer{`
			`enforcer: enforcer,`
			`}`
			`}`

Add checkModel() for UserGroupEnforcer 2023-08-24 18:16:23 +08:00			`func (e *UserGroupEnforcer) checkModel() error {`
			`if _, ok := e.enforcer.GetModel()["g"]; !ok {`
			`return fmt.Errorf("The Casbin model used by enforcer doesn't support RBAC (\"[role_definition]\" section not found), please use a RBAC enabled Casbin model for the enforcer")`
			`}`
			`return nil`
			`}`

feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00			`func (e *UserGroupEnforcer) AddGroupForUser(user string, group string) (bool, error) {`
Add checkModel() for UserGroupEnforcer 2023-08-24 18:16:23 +08:00			`err := e.checkModel()`
			`if err != nil {`
			`return false, err`
			`}`

feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00			`return e.enforcer.AddRoleForUser(user, GetGroupWithPrefix(group))`
			`}`

			`func (e *UserGroupEnforcer) AddGroupsForUser(user string, groups []string) (bool, error) {`
Add checkModel() for UserGroupEnforcer 2023-08-24 18:16:23 +08:00			`err := e.checkModel()`
			`if err != nil {`
			`return false, err`
			`}`

feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00			`g := make([]string, len(groups))`
			`for i, group := range groups {`
			`g[i] = GetGroupWithPrefix(group)`
			`}`
			`return e.enforcer.AddRolesForUser(user, g)`
			`}`

			`func (e *UserGroupEnforcer) DeleteGroupForUser(user string, group string) (bool, error) {`
Add checkModel() for UserGroupEnforcer 2023-08-24 18:16:23 +08:00			`err := e.checkModel()`
			`if err != nil {`
			`return false, err`
			`}`

feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00			`return e.enforcer.DeleteRoleForUser(user, GetGroupWithPrefix(group))`
			`}`

			`func (e *UserGroupEnforcer) DeleteGroupsForUser(user string) (bool, error) {`
Add checkModel() for UserGroupEnforcer 2023-08-24 18:16:23 +08:00			`err := e.checkModel()`
			`if err != nil {`
			`return false, err`
			`}`

feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00			`return e.enforcer.DeleteRolesForUser(user)`
			`}`

			`func (e *UserGroupEnforcer) GetGroupsForUser(user string) ([]string, error) {`
Add checkModel() for UserGroupEnforcer 2023-08-24 18:16:23 +08:00			`err := e.checkModel()`
			`if err != nil {`
			`return nil, err`
			`}`

feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00			`groups, err := e.enforcer.GetRolesForUser(user)`
			`for i, group := range groups {`
			`groups[i] = GetGroupWithoutPrefix(group)`
			`}`
			`return groups, err`
			`}`

			`func (e *UserGroupEnforcer) GetAllUsersByGroup(group string) ([]string, error) {`
Add checkModel() for UserGroupEnforcer 2023-08-24 18:16:23 +08:00			`err := e.checkModel()`
			`if err != nil {`
			`return nil, err`
			`}`

feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00			`users, err := e.enforcer.GetUsersForRole(GetGroupWithPrefix(group))`
			`if err != nil {`
feat: update casbin to 2.77.2 (#2345) * fix: make redirect_uri really optional in logout route * feat: update casbin to 2.77.2 2023-09-20 18:37:55 +03:00			`if err == errors.ErrNameNotFound {`
feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00			`return []string{}, nil`
			`}`
			`return nil, err`
			`}`
			`return users, nil`
			`}`

			`func GetGroupWithPrefix(group string) string {`
			`return "group:" + group`
			`}`

			`func GetGroupWithoutPrefix(group string) string {`
			`return group[len("group:"):]`
			`}`

			`func (e *UserGroupEnforcer) GetUserNamesByGroupName(groupName string) ([]string, error) {`
Add checkModel() for UserGroupEnforcer 2023-08-24 18:16:23 +08:00			`err := e.checkModel()`
			`if err != nil {`
			`return nil, err`
			`}`
feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00
			`userIds, err := e.GetAllUsersByGroup(groupName)`
			`if err != nil {`
			`return nil, err`
			`}`

Add checkModel() for UserGroupEnforcer 2023-08-24 18:16:23 +08:00			`names := []string{}`
feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00			`for _, userId := range userIds {`
			`_, name := util.GetOwnerAndNameFromIdNoCheck(userId)`
			`names = append(names, name)`
			`}`

			`return names, nil`
			`}`

			`func (e *UserGroupEnforcer) UpdateGroupsForUser(user string, groups []string) (bool, error) {`
Add checkModel() for UserGroupEnforcer 2023-08-24 18:16:23 +08:00			`err := e.checkModel()`
			`if err != nil {`
			`return false, err`
			`}`

			`_, err = e.DeleteGroupsForUser(user)`
feat: use the casbin model to store relationships between users and groups (#2178) * fix:reslove conflict * fix: remove interface 2023-08-11 10:59:18 +08:00			`if err != nil {`
			`return false, err`
			`}`

			`affected, err := e.AddGroupsForUser(user, groups)`
			`if err != nil {`
			`return false, err`
			`}`

			`return affected, nil`
			`}`