ControlProxy/access-control-template/actemplate/ABAC.yjs
2023-11-17 21:37:42 +08:00

74 lines
2.1 KiB
Plaintext

module ABAC {
function initABAC(req) {
Global.owner = req;
Global.acTable = RocksDBUtil.loadDB("./acTable", "false");
}
@Description("{\"!user\":\"string\",\"!permission\":\"string\"}")
@ArgSchema({
"!user":"string", "!permission":"string"
})
@Access({
"ACFunction":"accept"
})
export function addPermission(arg) {
var arr = getPermissionInternal(arg.user);
if (arr.indexOf(arg.permission)==-1){
arr.push(arg.permission);
flushPermission(arg.user, arr);
}
return arr;
}
@Access("verified")
@Description("use signed request")
export function isOwner(arg) {
return Global.owner==requester;
}
@Description("两个参数, {\"user\":\"xxxx\", \"permission\":\"\"}")
@ArgSchema({
"!user":"string", "!permission":"string"
})
@Access({
"ACFunction":"accept"
})
export function removePermission(arg) {
var arr = getPermissionInternal(arg.user);
var index = arr.indexOf(arg.permission);
if (index!=-1){
arr.splice(index, 1);
flushPermission(arg.user, arr);
}
return arr;
}
@Access("verified")
export function clearPermission(arg) {
Global.acTable.put(requester, "[]");
return [];
}
function flushPermission(user, data) {
Global.acTable.put(user, JSON.stringify(data));
}
@Description(" use signed request, no other arguments is required")
@Access("verified")
export function getMyPermission(arg) {
return getPermissionInternal(requester);
}
function getPermissionInternal(req) {
var ret = Global.acTable.get(req);
if (ret==undefined) return [];
return JSON.parse(ret);
}
//requester,action,arg
function accept(arg) {
if (arg.requester == Global.owner) return true;
var arr = getPermissionInternal(arg.requester);
if (arr.indexOf(arg.action)==-1)
YancloudUtil.exceptionReturn({
"code":401, "msg":"no permission: "+ arg.action
});
}
}