feat: use Casdoor to manage Casbin DB table (#1100)

* feat: use Casdoor to manage Casbin DB table Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> * fix: remove trivial codes Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> * chore: go fmt Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> * feat: support role definition Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> * fix: i18n Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> * fix: i18n Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com>
2025-07-04 13:20:19 +08:00 · 2022-09-14 22:14:13 +08:00
parent 729c20393c
commit 604033aa02
15 changed files with 1128 additions and 0 deletions
--- a/object/adapter.go
+++ b/object/adapter.go
@ -145,6 +145,11 @@ func (a *Adapter) createTable() {
 		panic(err)
 	}

+	err = a.Engine.Sync2(new(CasbinAdapter))
+	if err != nil {
+		panic(err)
+	}
+
 	err = a.Engine.Sync2(new(Provider))
 	if err != nil {
 		panic(err)
--- a/object/casbin_adapter.go
+++ b/object/casbin_adapter.go
@ -0,0 +1,217 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/casbin/casbin/v2"
+	"github.com/casbin/casbin/v2/model"
+	xormadapter "github.com/casbin/xorm-adapter/v2"
+	"github.com/casdoor/casdoor/util"
+
+	"xorm.io/core"
+)
+
+type CasbinAdapter struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+
+	Organization string `xorm:"varchar(100)" json:"organization"`
+	Type         string `xorm:"varchar(100)" json:"type"`
+	Model        string `xorm:"varchar(100)" json:"model"`
+
+	Host         string `xorm:"varchar(100)" json:"host"`
+	Port         int    `json:"port"`
+	User         string `xorm:"varchar(100)" json:"user"`
+	Password     string `xorm:"varchar(100)" json:"password"`
+	DatabaseType string `xorm:"varchar(100)" json:"databaseType"`
+	Database     string `xorm:"varchar(100)" json:"database"`
+	Table        string `xorm:"varchar(100)" json:"table"`
+	IsEnabled    bool   `json:"isEnabled"`
+
+	Adapter *xormadapter.Adapter `xorm:"-" json:"-"`
+}
+
+func GetCasbinAdapterCount(owner, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&CasbinAdapter{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetCasbinAdapters(owner string) []*CasbinAdapter {
+	adapters := []*CasbinAdapter{}
+	err := adapter.Engine.Where("owner = ?", owner).Find(&adapters)
+	if err != nil {
+		panic(err)
+	}
+
+	return adapters
+}
+
+func GetPaginationCasbinAdapters(owner string, page, limit int, field, value, sort, order string) []*CasbinAdapter {
+	session := GetSession(owner, page, limit, field, value, sort, order)
+	adapters := []*CasbinAdapter{}
+	err := session.Find(&adapters)
+	if err != nil {
+		panic(err)
+	}
+
+	return adapters
+}
+
+func getCasbinAdapter(owner, name string) *CasbinAdapter {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	casbinAdapter := CasbinAdapter{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&casbinAdapter)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &casbinAdapter
+	} else {
+		return nil
+	}
+}
+
+func GetCasbinAdapter(id string) *CasbinAdapter {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getCasbinAdapter(owner, name)
+}
+
+func UpdateCasbinAdapter(id string, casbinAdapter *CasbinAdapter) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getCasbinAdapter(owner, name) == nil {
+		return false
+	}
+
+	session := adapter.Engine.ID(core.PK{owner, name}).AllCols()
+	if casbinAdapter.Password == "***" {
+		session.Omit("password")
+	}
+	affected, err := session.Update(casbinAdapter)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddCasbinAdapter(casbinAdapter *CasbinAdapter) bool {
+	affected, err := adapter.Engine.Insert(casbinAdapter)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func DeleteCasbinAdapter(casbinAdapter *CasbinAdapter) bool {
+	affected, err := adapter.Engine.ID(core.PK{casbinAdapter.Owner, casbinAdapter.Name}).Delete(&CasbinAdapter{})
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func (casbinAdapter *CasbinAdapter) GetId() string {
+	return fmt.Sprintf("%s/%s", casbinAdapter.Owner, casbinAdapter.Name)
+}
+
+func (casbinAdapter *CasbinAdapter) getTable() string {
+	if casbinAdapter.DatabaseType == "mssql" {
+		return fmt.Sprintf("[%s]", casbinAdapter.Table)
+	} else {
+		return casbinAdapter.Table
+	}
+}
+
+func safeReturn(policy []string, i int) string {
+	if len(policy) > i {
+		return policy[i]
+	} else {
+		return ""
+	}
+}
+
+func matrixToCasbinRules(pType string, policies [][]string) []*xormadapter.CasbinRule {
+	res := []*xormadapter.CasbinRule{}
+
+	for _, policy := range policies {
+		line := xormadapter.CasbinRule{
+			PType: pType,
+			V0:    safeReturn(policy, 0),
+			V1:    safeReturn(policy, 1),
+			V2:    safeReturn(policy, 2),
+			V3:    safeReturn(policy, 3),
+			V4:    safeReturn(policy, 4),
+			V5:    safeReturn(policy, 5),
+		}
+		res = append(res, &line)
+	}
+
+	return res
+}
+
+func SyncPolicies(casbinAdapter *CasbinAdapter) []*xormadapter.CasbinRule {
+	// init Adapter
+	if casbinAdapter.Adapter == nil {
+		var dataSourceName string
+		if casbinAdapter.DatabaseType == "mssql" {
+			dataSourceName = fmt.Sprintf("sqlserver://%s:%s@%s:%d?database=%s", casbinAdapter.User, casbinAdapter.Password, casbinAdapter.Host, casbinAdapter.Port, casbinAdapter.Database)
+		} else if casbinAdapter.DatabaseType == "postgres" {
+			dataSourceName = fmt.Sprintf("user=%s password=%s host=%s port=%d sslmode=disable dbname=%s", casbinAdapter.User, casbinAdapter.Password, casbinAdapter.Host, casbinAdapter.Port, casbinAdapter.Database)
+		} else {
+			dataSourceName = fmt.Sprintf("%s:%s@tcp(%s:%d)/", casbinAdapter.User, casbinAdapter.Password, casbinAdapter.Host, casbinAdapter.Port)
+		}
+
+		if !isCloudIntranet {
+			dataSourceName = strings.ReplaceAll(dataSourceName, "dbi.", "db.")
+		}
+
+		casbinAdapter.Adapter, _ = xormadapter.NewAdapterByEngineWithTableName(NewAdapter(casbinAdapter.DatabaseType, dataSourceName, casbinAdapter.Database).Engine, casbinAdapter.getTable(), "")
+	}
+
+	// init Model
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
+	m, err := model.NewModelFromString(modelObj.ModelText)
+	if err != nil {
+		panic(err)
+	}
+
+	// init Enforcer
+	enforcer, err := casbin.NewEnforcer(m, casbinAdapter.Adapter)
+	if err != nil {
+		panic(err)
+	}
+
+	policies := matrixToCasbinRules("p", enforcer.GetPolicy())
+	if strings.Contains(modelObj.ModelText, "[role_definition]") {
+		policies = append(policies, matrixToCasbinRules("g", enforcer.GetGroupingPolicy())...)
+	}
+
+	return policies
+}