diff --git a/controllers/enforcer.go b/controllers/casbin_api.go similarity index 100% rename from controllers/enforcer.go rename to controllers/casbin_api.go diff --git a/object/model.go b/object/model.go index 41679530..fd3800d1 100644 --- a/object/model.go +++ b/object/model.go @@ -161,5 +161,8 @@ func modelChangeTrigger(oldName string, newName string) error { } func HasRoleDefinition(m model.Model) bool { + if m == nil { + return false + } return m["g"] != nil } diff --git a/object/permission_enforcer.go b/object/permission_enforcer.go index 5bbcb2c6..741c5f9c 100644 --- a/object/permission_enforcer.go +++ b/object/permission_enforcer.go @@ -26,42 +26,7 @@ import ( xormadapter "github.com/casdoor/xorm-adapter/v3" ) -func getEnforcer(permission *Permission, permissionIDs ...string) *casbin.Enforcer { - tableName := "permission_rule" - if len(permission.Adapter) != 0 { - adapterObj, err := getCasbinAdapter(permission.Owner, permission.Adapter) - if err != nil { - panic(err) - } - - if adapterObj != nil && adapterObj.Table != "" { - tableName = adapterObj.Table - } - } - tableNamePrefix := conf.GetConfigString("tableNamePrefix") - driverName := conf.GetConfigString("driverName") - dataSourceName := conf.GetConfigRealDataSourceName(driverName) - adapter, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, tableName, tableNamePrefix, true) - if err != nil { - panic(err) - } - - permissionModel, err := getModel(permission.Owner, permission.Model) - if err != nil { - panic(err) - } - - m := model.Model{} - if permissionModel != nil { - m, err = GetBuiltInModel(permissionModel.ModelText) - } else { - m, err = GetBuiltInModel("") - } - - if err != nil { - panic(err) - } - +func getEnforcer(p *Permission, permissionIDs ...string) *casbin.Enforcer { // Init an enforcer instance without specifying a model or adapter. // If you specify an adapter, it will load all policies, which is a // heavy process that can slow down the application. @@ -70,14 +35,17 @@ func getEnforcer(permission *Permission, permissionIDs ...string) *casbin.Enforc panic(err) } - err = enforcer.InitWithModelAndAdapter(m, nil) + err = p.setEnforcerModel(enforcer) if err != nil { panic(err) } - enforcer.SetAdapter(adapter) + err = p.setEnforcerAdapter(enforcer) + if err != nil { + panic(err) + } - policyFilterV5 := []string{permission.GetId()} + policyFilterV5 := []string{p.GetId()} if len(permissionIDs) != 0 { policyFilterV5 = permissionIDs } @@ -86,7 +54,7 @@ func getEnforcer(permission *Permission, permissionIDs ...string) *casbin.Enforc V5: policyFilterV5, } - if !HasRoleDefinition(m) { + if !HasRoleDefinition(enforcer.GetModel()) { policyFilter.Ptype = []string{"p"} } @@ -98,6 +66,54 @@ func getEnforcer(permission *Permission, permissionIDs ...string) *casbin.Enforc return enforcer } +func (p *Permission) setEnforcerAdapter(enforcer *casbin.Enforcer) error { + tableName := "permission_rule" + if len(p.Adapter) != 0 { + adapterObj, err := getCasbinAdapter(p.Owner, p.Adapter) + if err != nil { + return err + } + + if adapterObj != nil && adapterObj.Table != "" { + tableName = adapterObj.Table + } + } + tableNamePrefix := conf.GetConfigString("tableNamePrefix") + driverName := conf.GetConfigString("driverName") + dataSourceName := conf.GetConfigRealDataSourceName(driverName) + casbinAdapter, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, tableName, tableNamePrefix, true) + if err != nil { + return err + } + + enforcer.SetAdapter(casbinAdapter) + return nil +} + +func (p *Permission) setEnforcerModel(enforcer *casbin.Enforcer) error { + permissionModel, err := getModel(p.Owner, p.Model) + if err != nil { + return err + } + + // TODO: return error if permissionModel is nil. + m := model.Model{} + if permissionModel != nil { + m, err = GetBuiltInModel(permissionModel.ModelText) + } else { + m, err = GetBuiltInModel("") + } + if err != nil { + return err + } + + err = enforcer.InitWithModelAndAdapter(m, nil) + if err != nil { + return err + } + return nil +} + func getPolicies(permission *Permission) [][]string { var policies [][]string