Go REST Api中的角色和权限

huangapple go评论82阅读模式
英文:

Roles and permissions in Go REST Api

问题

我正在使用Go语言开发一个REST API,它正在实现JWT,遵循这个模式:Go REST Api中的角色和权限

我有一个中间件来验证令牌,但我的问题是我想要另一个中间件在我的API中的某些路径上添加角色和权限。

你们能给一些建议吗?你可以在我的GitHub项目中看到所有的代码:repository

谢谢

英文:

I'm developing an REST API in go, it's implementing jwt following this schema : Go REST Api中的角色和权限

I've a middleware that verify tokens and my problem is that I want another one to add roles and permissions on some path in my API

Could you guys give some tips pls ? My project is on github as you can see all the code : repository

Thanks

答案1

得分: 8

如果我没错的话,你正在询问的是访问控制列表(ACL)https://en.wikipedia.org/wiki/Access_control_list

你需要为每种权限类型分别设置控制器,并拥有一个模块,在用户登录时检查会话变量的设置,以确定该特定控制器允许的权限类型。

完成登录检查后,你可以进行授权检查,确定用户是否可以访问资源和操作,控制器可以与单个资源绑定(但此行为可以被覆盖),控制器操作可以映射到资源操作。

对于Go语言,你可以找到很多ACL示例:

1 https://github.com/hectane/go-acl

2 https://github.com/mikespook/gorbac

英文:

If I am not wrong, what you are asking is for access control list (ACL) https://en.wikipedia.org/wiki/Access_control_list

You will need to separate controllers for each type of permission and have a module that checks the session variable set when the user logs in with the type of permission allowed for that particular controller.

After the login check is completed, you can carry out an authorization check whether the user can access the resource and action, the controller can be tied to a single resource (but this behavior can be overridden) and the controller action can be mapped to a resource action.

For Go, you can get a lot of ACL samples:

1 https://github.com/hectane/go-acl

2 https://github.com/mikespook/gorbac

huangapple
  • 本文由 发表于 2017年1月30日 21:18:20
  • 转载请务必保留本文链接:https://go.coder-hub.com/41936919.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定