2022-02-13 23:39:27 +08:00
|
|
|
// Copyright 2021 The Casdoor Authors. All Rights Reserved.
|
2022-01-01 16:28:06 +08:00
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
|
|
package object
|
|
|
|
|
|
|
|
|
|
import (
|
2022-01-20 14:11:46 +08:00
|
|
|
"github.com/casdoor/casdoor/util"
|
2023-02-12 09:33:24 +08:00
|
|
|
"github.com/xorm-io/core"
|
2022-01-01 16:28:06 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type Permission struct {
|
|
|
|
|
Owner string `xorm:"varchar(100) notnull pk" json:"owner"`
|
|
|
|
|
Name string `xorm:"varchar(100) notnull pk" json:"name"`
|
|
|
|
|
CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
|
|
|
|
|
DisplayName string `xorm:"varchar(100)" json:"displayName"`
|
|
|
|
|
|
2022-08-15 10:24:26 +08:00
|
|
|
Users []string `xorm:"mediumtext" json:"users"`
|
|
|
|
|
Roles []string `xorm:"mediumtext" json:"roles"`
|
|
|
|
|
Domains []string `xorm:"mediumtext" json:"domains"`
|
2022-01-01 16:28:06 +08:00
|
|
|
|
2022-05-24 18:27:47 +08:00
|
|
|
Model string `xorm:"varchar(100)" json:"model"`
|
2022-08-18 11:49:32 +08:00
|
|
|
Adapter string `xorm:"varchar(100)" json:"adapter"`
|
2022-01-01 16:28:06 +08:00
|
|
|
ResourceType string `xorm:"varchar(100)" json:"resourceType"`
|
|
|
|
|
Resources []string `xorm:"mediumtext" json:"resources"`
|
|
|
|
|
Actions []string `xorm:"mediumtext" json:"actions"`
|
|
|
|
|
Effect string `xorm:"varchar(100)" json:"effect"`
|
2022-08-15 14:09:12 +08:00
|
|
|
IsEnabled bool `json:"isEnabled"`
|
2022-01-01 16:28:06 +08:00
|
|
|
|
2022-08-15 14:09:12 +08:00
|
|
|
Submitter string `xorm:"varchar(100)" json:"submitter"`
|
|
|
|
|
Approver string `xorm:"varchar(100)" json:"approver"`
|
|
|
|
|
ApproveTime string `xorm:"varchar(100)" json:"approveTime"`
|
|
|
|
|
State string `xorm:"varchar(100)" json:"state"`
|
2022-01-01 16:28:06 +08:00
|
|
|
}
|
|
|
|
|
|
2022-07-13 00:34:35 +08:00
|
|
|
type PermissionRule struct {
|
2022-08-07 23:42:45 +08:00
|
|
|
Ptype string `xorm:"varchar(100) index not null default ''" json:"ptype"`
|
|
|
|
|
V0 string `xorm:"varchar(100) index not null default ''" json:"v0"`
|
|
|
|
|
V1 string `xorm:"varchar(100) index not null default ''" json:"v1"`
|
|
|
|
|
V2 string `xorm:"varchar(100) index not null default ''" json:"v2"`
|
|
|
|
|
V3 string `xorm:"varchar(100) index not null default ''" json:"v3"`
|
|
|
|
|
V4 string `xorm:"varchar(100) index not null default ''" json:"v4"`
|
|
|
|
|
V5 string `xorm:"varchar(100) index not null default ''" json:"v5"`
|
2022-08-18 11:49:32 +08:00
|
|
|
Id string `xorm:"varchar(100) index not null default ''" json:"id"`
|
2022-07-13 00:34:35 +08:00
|
|
|
}
|
|
|
|
|
|
2023-01-15 12:06:10 +08:00
|
|
|
const (
|
|
|
|
|
builtInAvailableField = 5 // Casdoor built-in adapter, use V5 to filter permission, so has 5 available field
|
|
|
|
|
builtInAdapter = "permission_rule"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func (p *Permission) GetId() string {
|
|
|
|
|
return util.GetId(p.Owner, p.Name)
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-01 16:28:06 +08:00
|
|
|
func GetPermissionCount(owner, field, value string) int {
|
2022-01-26 19:36:36 +08:00
|
|
|
session := GetSession(owner, -1, -1, field, value, "", "")
|
2022-01-01 16:28:06 +08:00
|
|
|
count, err := session.Count(&Permission{})
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return int(count)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func GetPermissions(owner string) []*Permission {
|
|
|
|
|
permissions := []*Permission{}
|
|
|
|
|
err := adapter.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner})
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return permissions
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func GetPaginationPermissions(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Permission {
|
|
|
|
|
permissions := []*Permission{}
|
|
|
|
|
session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
|
|
|
|
|
err := session.Find(&permissions)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return permissions
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getPermission(owner string, name string) *Permission {
|
|
|
|
|
if owner == "" || name == "" {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
permission := Permission{Owner: owner, Name: name}
|
|
|
|
|
existed, err := adapter.Engine.Get(&permission)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if existed {
|
|
|
|
|
return &permission
|
|
|
|
|
} else {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func GetPermission(id string) *Permission {
|
|
|
|
|
owner, name := util.GetOwnerAndNameFromId(id)
|
|
|
|
|
return getPermission(owner, name)
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-05 16:08:17 +08:00
|
|
|
// checkPermissionValid verifies if the permission is valid
|
|
|
|
|
func checkPermissionValid(permission *Permission) {
|
|
|
|
|
enforcer := getEnforcer(permission)
|
|
|
|
|
enforcer.EnableAutoSave(false)
|
|
|
|
|
|
2023-01-17 09:27:02 +07:00
|
|
|
policies := getPolicies(permission)
|
|
|
|
|
_, err := enforcer.AddPolicies(policies)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !HasRoleDefinition(enforcer.GetModel()) {
|
|
|
|
|
permission.Roles = []string{}
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
groupingPolicies := getGroupingPolicies(permission)
|
2022-12-05 16:08:17 +08:00
|
|
|
if len(groupingPolicies) > 0 {
|
|
|
|
|
_, err := enforcer.AddGroupingPolicies(groupingPolicies)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-01 16:28:06 +08:00
|
|
|
func UpdatePermission(id string, permission *Permission) bool {
|
2022-12-05 16:08:17 +08:00
|
|
|
checkPermissionValid(permission)
|
2022-01-01 16:28:06 +08:00
|
|
|
owner, name := util.GetOwnerAndNameFromId(id)
|
2022-07-13 00:34:35 +08:00
|
|
|
oldPermission := getPermission(owner, name)
|
|
|
|
|
if oldPermission == nil {
|
2022-01-01 16:28:06 +08:00
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(permission)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-13 00:34:35 +08:00
|
|
|
if affected != 0 {
|
2023-01-17 09:27:02 +07:00
|
|
|
removeGroupingPolicies(oldPermission)
|
2022-08-19 11:59:35 +08:00
|
|
|
removePolicies(oldPermission)
|
|
|
|
|
if oldPermission.Adapter != "" && oldPermission.Adapter != permission.Adapter {
|
|
|
|
|
isEmpty, _ := adapter.Engine.IsTableEmpty(oldPermission.Adapter)
|
|
|
|
|
if isEmpty {
|
|
|
|
|
err = adapter.Engine.DropTables(oldPermission.Adapter)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
2022-08-18 11:49:32 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-01-17 09:27:02 +07:00
|
|
|
addGroupingPolicies(permission)
|
2022-07-13 00:34:35 +08:00
|
|
|
addPolicies(permission)
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-01 16:28:06 +08:00
|
|
|
return affected != 0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func AddPermission(permission *Permission) bool {
|
|
|
|
|
affected, err := adapter.Engine.Insert(permission)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-19 11:59:35 +08:00
|
|
|
if affected != 0 {
|
2023-01-17 09:27:02 +07:00
|
|
|
addGroupingPolicies(permission)
|
2022-08-19 11:59:35 +08:00
|
|
|
addPolicies(permission)
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-01 16:28:06 +08:00
|
|
|
return affected != 0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func DeletePermission(permission *Permission) bool {
|
|
|
|
|
affected, err := adapter.Engine.ID(core.PK{permission.Owner, permission.Name}).Delete(&Permission{})
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-19 11:59:35 +08:00
|
|
|
if affected != 0 {
|
2023-01-17 09:27:02 +07:00
|
|
|
removeGroupingPolicies(permission)
|
2022-07-13 00:34:35 +08:00
|
|
|
removePolicies(permission)
|
2022-08-19 11:59:35 +08:00
|
|
|
if permission.Adapter != "" && permission.Adapter != "permission_rule" {
|
2022-08-18 11:49:32 +08:00
|
|
|
isEmpty, _ := adapter.Engine.IsTableEmpty(permission.Adapter)
|
|
|
|
|
if isEmpty {
|
|
|
|
|
err = adapter.Engine.DropTables(permission.Adapter)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-07-13 00:34:35 +08:00
|
|
|
}
|
|
|
|
|
|
2022-01-01 16:28:06 +08:00
|
|
|
return affected != 0
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-30 17:31:56 +08:00
|
|
|
func GetPermissionsByUser(userId string) []*Permission {
|
|
|
|
|
permissions := []*Permission{}
|
2023-04-26 17:21:13 +07:00
|
|
|
err := adapter.Engine.Where("users like ?", "%"+userId+"\"%").Find(&permissions)
|
2022-07-30 17:31:56 +08:00
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 18:18:41 +08:00
|
|
|
for i := range permissions {
|
|
|
|
|
permissions[i].Users = nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-30 17:31:56 +08:00
|
|
|
return permissions
|
|
|
|
|
}
|
2022-08-15 14:09:12 +08:00
|
|
|
|
2022-08-18 11:49:32 +08:00
|
|
|
func GetPermissionsByRole(roleId string) []*Permission {
|
|
|
|
|
permissions := []*Permission{}
|
2023-04-26 17:21:13 +07:00
|
|
|
err := adapter.Engine.Where("roles like ?", "%"+roleId+"\"%").Find(&permissions)
|
2022-08-18 11:49:32 +08:00
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return permissions
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-18 15:36:03 +07:00
|
|
|
func GetPermissionsByResource(resourceId string) []*Permission {
|
|
|
|
|
permissions := []*Permission{}
|
|
|
|
|
err := adapter.Engine.Where("resources like ?", "%"+resourceId+"\"%").Find(&permissions)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return permissions
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-15 14:09:12 +08:00
|
|
|
func GetPermissionsBySubmitter(owner string, submitter string) []*Permission {
|
|
|
|
|
permissions := []*Permission{}
|
|
|
|
|
err := adapter.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner, Submitter: submitter})
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return permissions
|
|
|
|
|
}
|
2022-09-02 12:03:13 +08:00
|
|
|
|
2023-05-12 21:32:48 +08:00
|
|
|
func GetPermissionsByModel(owner string, model string) []*Permission {
|
|
|
|
|
permissions := []*Permission{}
|
|
|
|
|
err := adapter.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner, Model: model})
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return permissions
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-02 12:03:13 +08:00
|
|
|
func ContainsAsterisk(userId string, users []string) bool {
|
|
|
|
|
containsAsterisk := false
|
|
|
|
|
group, _ := util.GetOwnerAndNameFromId(userId)
|
|
|
|
|
for _, user := range users {
|
|
|
|
|
permissionGroup, permissionUserName := util.GetOwnerAndNameFromId(user)
|
|
|
|
|
if permissionGroup == group && permissionUserName == "*" {
|
|
|
|
|
containsAsterisk = true
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return containsAsterisk
|
|
|
|
|
}
|
2023-01-05 23:02:52 +07:00
|
|
|
|
|
|
|
|
func GetMaskedPermissions(permissions []*Permission) []*Permission {
|
|
|
|
|
for _, permission := range permissions {
|
|
|
|
|
permission.Users = nil
|
|
|
|
|
permission.Submitter = ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return permissions
|
|
|
|
|
}
|
