admin/Authorization
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed authorization

Browse Source
This commit is contained in:
F04C
2025-12-09 15:42:35 +08:00
parent ca49e8e24b
commit 5743dbf22d
15 changed files with 1936 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files
models/rbac.go
+88
View File
@@ -0,0 +1,88 @@
package models
import "time"
// Permission represents a system permission
type Permission struct {
ID int `json:"id" db:"id"`
PermissionName string `json:"permission_name" db:"permission_name"`
Description string `json:"description" db:"description"`
Resource string `json:"resource" db:"resource"`
Action string `json:"action" db:"action"`
}
// PolicyAttribute represents an ABAC policy attribute/constraint
type PolicyAttribute struct {
ID int `json:"id" db:"id"`
AttributeName string `json:"attribute_name" db:"attribute_name"`
AttributeType string `json:"attribute_type" db:"attribute_type"` // user, resource, environment
Comparison string `json:"comparison" db:"comparison"` // =, !=, >, <, >=, <=, IN, CONTAINS
AttributeValue string `json:"attribute_value" db:"attribute_value"`
PermissionID int `json:"permission_id" db:"permission_id"`
}
// UserAttribute represents user-specific attributes for ABAC
type UserAttribute struct {
ID int `json:"id" db:"id"`
UserID string `json:"user_id" db:"user_id"`
AttributeName string `json:"attribute_name" db:"attribute_name"`
AttributeValue string `json:"attribute_value" db:"attribute_value"`
}
// User represents a system user
type User struct {
UserID string `json:"user_id" db:"user_id"`
FirstName string `json:"first_name" db:"first_name"`
MiddleName string `json:"middle_name" db:"middle_name"`
LastName string `json:"last_name" db:"last_name"`
Suffix string `json:"suffix" db:"suffix"`
EmailAddress string `json:"email_address" db:"email_address"`
AccountType string `json:"account_type" db:"account_type"`
EmpID string `json:"emp_id" db:"emp_id"`
Reg string `json:"reg" db:"reg"`
Prov string `json:"prov" db:"prov"`
AProv string `json:"aProv" db:"aProv"`
Mun string `json:"mun" db:"mun"`
Bgy string `json:"bgy" db:"bgy"`
IsLoggedIn string `json:"is_logged_in" db:"is_logged_in"`
FirstLoggedIn string `json:"first_logged_in" db:"first_logged_in"`
Address string `json:"address" db:"address"`
ContactNumber string `json:"contact_number" db:"contact_number"`
DeviceID string `json:"device_id" db:"device_id"`
RoleID int `json:"role_id" db:"role_id"`
RoleDPS int `json:"role_dps" db:"role_dps"`
IsDeleted string `json:"is_deleted" db:"is_deleted"`
SecretKey string `json:"secret_key" db:"secret_key"`
IsActivated string `json:"is_activated" db:"is_activated"`
CreatedAt time.Time `json:"created_at" db:"created_at"`
UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
}
// AuthorizationContext holds all context needed for authorization decisions
type AuthorizationContext struct {
UserID string `json:"user_id"`
Resource string `json:"resource"`
Action string `json:"action"`
UserAttributes map[string]string `json:"user_attributes"`
ResourceData map[string]string `json:"resource_data"` // Additional resource context
Environment map[string]string `json:"environment"` // Time, location, etc.
}
// AuthorizationResult contains the result of an authorization check
type AuthorizationResult struct {
Allowed bool `json:"allowed"`
RedirectRoute string `json:"redirect_route,omitempty"` // Optional redirect route
Message string `json:"message,omitempty"` // Optional message
}
// CachedAuthorizationService adds caching layer to authorization
type CachedAuthorizationService struct {
Repo interface{} // repository.PermissionRepository
PermissionCache map[string]*Permission // key: "resource:action"
PolicyCache map[int][]PolicyAttribute
UserAttrCache map[string]map[string]string // key: userID
CacheMutex interface{} // sync.RWMutex
UserAttrMutex interface{} // sync.RWMutex
CacheExpiry time.Duration
LastCacheRefresh time.Time
}