移除gorm，使用beegorm adapter实现casbin

470eb774 · 徐超越 · 55fdb22a · 470eb774 · 470eb774 · 470eb774
Showing with 112 addition and 48 deletion

go.mod go.mod +3 -4

go.sum go.sum +74 -15

internal/dao/role.go internal/dao/role.go +10 -3

internal/middleware/casbin/mycasbin.go internal/middleware/casbin/mycasbin.go +25 -26

未找到文件。
--- a/go.mod
+++ b/go.mod
@@ -31,9 +31,10 @@ replace (
 )

 require (
-	github.com/astaxie/beego v1.12.0
+	github.com/astaxie/beego v1.12.1
+	github.com/casbin/beego-orm-adapter/v2 v2.0.2 // indirect
+	github.com/casbin/beego-orm-adapter/v3 v3.0.2
 	github.com/casbin/casbin/v2 v2.37.4
-	github.com/casbin/gorm-adapter/v3 v3.4.6
 	github.com/colynn/go-ldap-client/v3 v3.0.0-20201016034829-4c1455a490de
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/drone/go-scm v1.18.0
@@ -60,8 +61,6 @@ require (
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
-	gorm.io/driver/mysql v1.1.2
-	gorm.io/gorm v1.22.3
 	k8s.io/api v0.18.0
 	k8s.io/apimachinery v0.21.1
 	k8s.io/client-go v0.18.0

--- a/go.sum
+++ b/go.sum
--- a/internal/dao/role.go
+++ b/internal/dao/role.go
@@ -18,7 +18,6 @@ package dao

 import (
 	"fmt"
-
 	mycasbin "github.com/go-atomci/atomci/internal/middleware/casbin"
 	"github.com/go-atomci/atomci/internal/middleware/log"
 	"github.com/go-atomci/atomci/internal/models"
@@ -229,11 +228,19 @@ func GenerateCasbinrules(role string, operations []int64) error {
 			return err
 		}
 		log.Log.Debug("role: %s, casbin rules length: %v", role, len(casbinRules))
-		addFlag, err := e.AddPolicies(casbinRules)
+
+		// it seems beegormadapter doesn't implement batch adapter, replaced AddPolicies by AddPolicy
+		for _, value := range casbinRules {
+			_, err = e.AddPolicy(value)
+			if err != nil {
+				log.Log.Error("add policys error: %s", err.Error())
+			}
+		}
+		//addFlag, err := e.AddPolicies(casbinRules)
 		if err != nil {
 			log.Log.Error("add policys error: %s", err.Error())
 		}
-		log.Log.Info("add policy to casbin rule, flag: %v", addFlag)
+		//log.Log.Info("add policy to casbin rule, flag: %v", addFlag)
 		if err := e.SavePolicy(); err != nil {
 			log.Log.Error("save casbin policy error: %s", err.Error())
 			return err

--- a/internal/middleware/casbin/mycasbin.go
+++ b/internal/middleware/casbin/mycasbin.go
@@ -18,27 +18,23 @@ package mycasbin

 import (
 	"github.com/astaxie/beego"
-	"gorm.io/driver/mysql"
-	"gorm.io/gorm"
+	"github.com/go-atomci/atomci/internal/middleware/log"
 	glog "log"

+	beegoormadapter "github.com/casbin/beego-orm-adapter/v3"
 	"github.com/casbin/casbin/v2"
 	"github.com/casbin/casbin/v2/model"
-	gormadapter "github.com/casbin/gorm-adapter/v3"
-	"github.com/go-atomci/atomci/internal/middleware/log"
 	_ "github.com/go-sql-driver/mysql"
 )

+var casbinObj *casbin.Enforcer
+
 // NewCasbin ..
 func NewCasbin() (*casbin.Enforcer, error) {
-	// TODO: changet to csv tmp, later add mysql apter
-	// databaseURL := beego.AppConfig.String("DB::url")
-	// Apter, err := gormadapter.NewAdapter("mysql", databaseURL, true)
-	// if err != nil {
-	// 	return nil, err
-	// }
-
-	rbacModel, err := model.NewModelFromString(`
+
+	if casbinObj == nil {
+
+		rbacModel, err := model.NewModelFromString(`
 [request_definition]
 r = sub, obj, act

@@ -56,22 +52,25 @@ e = some(where (p.eft == allow))
 # m = g(r.sub, p.sub) && r.obj == p.obj && (r.act == p.act || p.act == "*") || r.sub == "admin"
 m = g(r.sub, p.sub) && keyMatch2(r.obj,p.obj) && (r.act == p.act || p.act == "*") || r.sub == "admin"
 `)
-	if err != nil {
-		glog.Fatalf("error: model: %s", err)
-	}
+		if err != nil {
+			glog.Fatalf("error: model: %s", err)
+		}

-	dsn := beego.AppConfig.String("DB::url")
-	db, _ := gorm.Open(mysql.Open(dsn), &gorm.Config{})
-	rbacPolicy, _ := gormadapter.NewAdapterByDBWithCustomTable(db, &CasbinRule{})
+		dsn := beego.AppConfig.String("DB::url")
+		rbacPolicy, _ := beegoormadapter.NewAdapter("casbin", "mysql", dsn)

-	e, err := casbin.NewEnforcer(rbacModel, rbacPolicy)
-	if err != nil {
-		log.Log.Error("casbin new enforcer error: %s", err.Error())
+		e, err := casbin.NewEnforcer(rbacModel, rbacPolicy)
+		if err != nil {
+			log.Log.Error("casbin new enforcer error: %s", err.Error())
+			return nil, err
+		}
+		if err := e.LoadPolicy(); err == nil {
+			casbinObj = e
+			return e, err
+		}
+		log.Log.Error("casbin rbac_model or policy init error, message: %v", err)
 		return nil, err
 	}
-	if err := e.LoadPolicy(); err == nil {
-		return e, err
-	}
-	log.Log.Error("casbin rbac_model or policy init error, message: %v", err)
-	return nil, err
+
+	return casbinObj, nil
 }