33 lines
1.1 KiB
Plaintext
33 lines
1.1 KiB
Plaintext
|
# 表示請求參數
|
|||
|
|
# role: 角色
|
|||
|
|
# path: api path
|
|||
|
|
# method: http method
|
|||
|
|
[request_definition]
|
|||
|
|
r = role, path, method
|
|||
|
|
|
|||
|
|
# 策略的基本參數
|
|||
|
|
# role: 角色
|
|||
|
|
# path: api path
|
|||
|
|
# method: http method,可以多個
|
|||
|
|
# name: 名稱
|
|||
|
|
[policy_definition]
|
|||
|
|
p = role, path, methods, name
|
|||
|
|
|
|||
|
|
# 策略配對結果後的應對,只要配對到一個即可成功
|
|||
|
|
[policy_effect]
|
|||
|
|
e = some(where (p.eft == allow))
|
|||
|
|
|
|||
|
|
# 規範角色對應是"用戶"與"角色"
|
|||
|
|
# g=A用戶,管理員
|
|||
|
|
[role_definition]
|
|||
|
|
g = _, _
|
|||
|
|
|
|||
|
|
# 策略配對規則
|
|||
|
|
# 三個條件必須完全匹配
|
|||
|
|
# g(r.role, p.role),只要判斷用戶角色(r.role)是否屬於策略角色(p.role),為什麼不寫r.role == p.role,因為role可以有繼承關係所以不能這樣寫
|
|||
|
|
# keyMatch(r.path, p.path),使用正則表達式分析api path,參考 https://casbin.org/docs/function
|
|||
|
|
# regexMatch(r.method, p.methods),使用正則表達式分析http method,參考 https://casbin.org/docs/function
|
|||
|
|
# 或達到一個條件
|
|||
|
|
# r.role == admin,用戶 UID 是 GodDog 全開放
|
|||
|
|
[matchers]
|
|||
|
|
m = g(r.role, p.role) && keyMatch2(r.path, p.path) && regexMatch(r.method, p.methods) || r.role == "GodDog"
|