grim/hgkeeper
Clone
Summary
Browse
Changes
Graph
Add `go 1.11` to the bottom of go.mod and run `go mod tidy`
2019-09-10, Gary Kramlich
21e7408ca1a0
Add `go 1.11` to the bottom of go.mod and run `go mod tidy`
# This is a https://casbin.org model for implementing role based access control.
#
# This model is nearly identical to the `RBAC with deny-override` define on
# https://casbin.org/en/editor, but has the addition of falling back to a
# "public" user/subject in the matcher if the requested role does not match
# other polcies.
#
# In theory you should be able to swap this model out with another one that fits
# your needs (remembering to update your policy.csv as well), but this has not
# been tested.
[
request_definition
]
r
=
sub
,
obj
,
act
[
policy_definition
]
p
=
sub
,
obj
,
act
,
eft
[
role_definition
]
g
=
_
,
_
[
policy_effect
]
e
=
some
(
where
(
p
.
eft
==
allow
)) && !
some
(
where
(
p
.
eft
==
deny
))
[
matchers
]
m = (g(r.sub, p.sub) || p.sub =
=
"public"
) &&
keyMatch
(
r
.
obj
,
p
.
obj
) &&
access
(
r
.
act
,
p
.
act
)
