feat: make hard-coded authz adapter editable, rename adapter to ormer (#2149)

* refactor: rename casbinAdapter to casdoorAdapter * feat: add initEnforcer * fix: router * refactor: make hard-coded code configurable * fix: data type * feat: support sqlite3 * feat: disable delete and edit name for built in resources * feat: optimize code * fix: init * fix: e2e * fix: remove datasourcename * fix: revert rename * refactor: change all ORM's Adatper to Ormer * refactor: name
2025-07-02 11:20:18 +08:00 · 2023-07-29 15:07:04 +08:00
parent 74b058aa3f
commit ea10f8e615
56 changed files with 1314 additions and 1031 deletions
--- a/object/init.go
+++ b/object/init.go
@ -27,7 +27,6 @@ import (
 func InitDb() {
 	existed := initBuiltInOrganization()
 	if !existed {
-		initBuiltInModel()
 		initBuiltInPermission()
 		initBuiltInProvider()
 		initBuiltInUser()
@ -36,6 +35,15 @@ func InitDb() {
 		initBuiltInLdap()
 	}

+	existed = initBuiltInApiModel()
+	if !existed {
+		initBuildInApiAdapter()
+		initBuiltInApiEnforcer()
+		initBuiltInPermissionModel()
+		initBuildInPermissionAdapter()
+		initBuiltInPermissionEnforcer()
+	}
+
 	initWebAuthn()
 }

@ -295,8 +303,8 @@ func initWebAuthn() {
 	gob.Register(webauthn.SessionData{})
 }

-func initBuiltInModel() {
-	model, err := GetModel("built-in/model-built-in")
+func initBuiltInPermissionModel() {
+	model, err := GetModel("built-in/permission-model-built-in")
 	if err != nil {
 		panic(err)
 	}
@ -307,7 +315,7 @@ func initBuiltInModel() {

 	model = &Model{
 		Owner:       "built-in",
-		Name:        "model-built-in",
+		Name:        "permission-model-built-in",
 		CreatedTime: util.GetCurrentTime(),
 		DisplayName: "Built-in Model",
 		IsEnabled:   true,
@ -329,6 +337,54 @@ m = r.sub == p.sub && r.obj == p.obj && r.act == p.act`,
 	}
 }

+func initBuiltInApiModel() bool {
+	model, err := GetModel("built-in/api-model-built-in")
+	if err != nil {
+		panic(err)
+	}
+
+	if model != nil {
+		return true
+	}
+
+	modelText := `
+[request_definition]
+r = subOwner, subName, method, urlPath, objOwner, objName
+
+[policy_definition]
+p = subOwner, subName, method, urlPath, objOwner, objName
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = (r.subOwner == p.subOwner || p.subOwner == "*") && \
+    (r.subName == p.subName || p.subName == "*" || r.subName != "anonymous" && p.subName == "!anonymous") && \
+    (r.method == p.method || p.method == "*") && \
+    (r.urlPath == p.urlPath || p.urlPath == "*") && \
+    (r.objOwner == p.objOwner || p.objOwner == "*") && \
+    (r.objName == p.objName || p.objName == "*") || \
+    (r.subOwner == r.objOwner && r.subName == r.objName)
+`
+
+	model = &Model{
+		Owner:       "built-in",
+		Name:        "api-model-built-in",
+		CreatedTime: util.GetCurrentTime(),
+		DisplayName: "API Model",
+		IsEnabled:   true,
+		ModelText:   modelText,
+	}
+	_, err = AddModel(model)
+	if err != nil {
+		panic(err)
+	}
+	return false
+}
+
 func initBuiltInPermission() {
 	permission, err := GetPermission("built-in/permission-built-in")
 	if err != nil {
@ -358,3 +414,109 @@ func initBuiltInPermission() {
 		panic(err)
 	}
 }
+
+func initBuildInPermissionAdapter() {
+	permissionAdapter, err := GetAdapter("built-in/permission-adapter-built-in")
+	if err != nil {
+		panic(err)
+	}
+
+	if permissionAdapter != nil {
+		return
+	}
+
+	permissionAdapter = &Adapter{
+		Owner:           "built-in",
+		Name:            "permission-adapter-built-in",
+		CreatedTime:     util.GetCurrentTime(),
+		Type:            "Database",
+		DatabaseType:    conf.GetConfigString("driverName"),
+		TableNamePrefix: conf.GetConfigString("tableNamePrefix"),
+		Database:        conf.GetConfigString("dbName"),
+		Table:           "casbin_user_rule",
+		IsEnabled:       true,
+	}
+	_, err = AddAdapter(permissionAdapter)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func initBuildInApiAdapter() {
+	apiAdapter, err := GetAdapter("built-in/api-adapter-built-in")
+	if err != nil {
+		panic(err)
+	}
+
+	if apiAdapter != nil {
+		return
+	}
+
+	apiAdapter = &Adapter{
+		Owner:           "built-in",
+		Name:            "api-adapter-built-in",
+		CreatedTime:     util.GetCurrentTime(),
+		Type:            "Database",
+		DatabaseType:    conf.GetConfigString("driverName"),
+		TableNamePrefix: conf.GetConfigString("tableNamePrefix"),
+		Database:        conf.GetConfigString("dbName"),
+		Table:           "casbin_api_rule",
+		IsEnabled:       true,
+	}
+	_, err = AddAdapter(apiAdapter)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func initBuiltInPermissionEnforcer() {
+	permissionEnforcer, err := GetEnforcer("built-in/permission-enforcer-built-in")
+	if err != nil {
+		panic(err)
+	}
+
+	if permissionEnforcer != nil {
+		return
+	}
+
+	permissionEnforcer = &Enforcer{
+		Owner:       "built-in",
+		Name:        "permission-enforcer-built-in",
+		CreatedTime: util.GetCurrentTime(),
+		DisplayName: "Permission Enforcer",
+		Model:       "built-in/permission-model-built-in",
+		Adapter:     "built-in/permission-adapter-built-in",
+		IsEnabled:   true,
+	}
+
+	_, err = AddEnforcer(permissionEnforcer)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func initBuiltInApiEnforcer() {
+	apiEnforcer, err := GetEnforcer("built-in/api-enforcer-built-in")
+	if err != nil {
+		panic(err)
+	}
+
+	if apiEnforcer != nil {
+		return
+	}
+
+	apiEnforcer = &Enforcer{
+		Owner:       "built-in",
+		Name:        "api-enforcer-built-in",
+		CreatedTime: util.GetCurrentTime(),
+		DisplayName: "API Enforcer",
+		Model:       "built-in/api-model-built-in",
+		Adapter:     "built-in/api-adapter-built-in",
+		IsEnabled:   true,
+	}
+
+	_, err = AddEnforcer(apiEnforcer)
+	if err != nil {
+		panic(err)
+	}
+}