module ABAC { function initABAC(req) { Global.owner = req; Global.acTable = RocksDBUtil.loadDB("./acTable", "false"); } @Description("{\"!user\":\"string\",\"!permission\":\"string\"}") @ArgSchema({ "!user":"string", "!permission":"string" }) @Access({ "ACFunction":"accept" }) export function addPermission(arg) { var arr = getPermissionInternal(arg.user); if (arr.indexOf(arg.permission)==-1){ arr.push(arg.permission); flushPermission(arg.user, arr); } return arr; } @Access("verified") @Description("use signed request") export function isOwner(arg) { return Global.owner==requester; } @Description("两个参数, {\"user\":\"xxxx\", \"permission\":\"\"}") @ArgSchema({ "!user":"string", "!permission":"string" }) @Access({ "ACFunction":"accept" }) export function removePermission(arg) { var arr = getPermissionInternal(arg.user); var index = arr.indexOf(arg.permission); if (index!=-1){ arr.splice(index, 1); flushPermission(arg.user, arr); } return arr; } @Access("verified") export function clearPermission(arg) { Global.acTable.put(requester, "[]"); return []; } function flushPermission(user, data) { Global.acTable.put(user, JSON.stringify(data)); } @Description(" use signed request, no other arguments is required") @Access("verified") export function getMyPermission(arg) { return getPermissionInternal(requester); } function getPermissionInternal(req) { var ret = Global.acTable.get(req); if (ret==undefined) return []; return JSON.parse(ret); } //requester,action,arg function accept(arg) { if (arg.requester == Global.owner) return true; var arr = getPermissionInternal(arg.requester); if (arr.indexOf(arg.action)==-1) YancloudUtil.exceptionReturn({ "code":401, "msg":"no permission: "+ arg.action }); } }