buchanae/example-ladon.go

## example-ladon.go
package main

import (
  "fmt"
  "github.com/ory/ladon"
  manager "github.com/ory/ladon/manager/memory"
)


func main() {
  var err error

  warden := ladon.Ladon{
    Manager: manager.NewMemoryManager(),
  }

  err = warden.Manager.Create(pol)

  err = warden.IsAllowed(&ladon.Request{
    Resource: "book/1",
    Action: "create",
    Subject: "bob",
    Context: ladon.Context{
      "roles": []string{"book-users", "comment-users"},
    },
  })
  if err != nil {
    fmt.Println(err)
  } else {
    fmt.Println("Access granted")
  }
}

type HasRole string
func (h HasRole) GetName() string {
  return "HasRole"
}
func (h HasRole) Fulfills(i interface{}, r *ladon.Request) bool {
  if roles, ok := i.([]string); ok {
    for _, role := range roles {
      if role == string(h) {
        return true
      }
    }
  }
  return false
}


var pol = &ladon.DefaultPolicy{
	// A required unique identifier. Used primarily for database retrieval.
	ID: "68819e5a-738b-41ec-b03c-b58a1b19d043",

	Description: `Full access to Book APIs for users with the "book-users" role.`,

	// A subject can be an user or a service. It is the "who" in "who is allowed to do what on something".
	Subjects: []string{"<.*>"},

	// Which resources this policy affects.
	Resources: []string{"book/<.*>"},

	// Which actions this policy affects. Supports RegExp
	Actions: []string{"create", "list", "get", "delete"},

	// Should access be allowed or denied?
	// Note: If multiple policies match an access request, ladon.DenyAccess will always override ladon.AllowAccess
	// and thus deny access.
	Effect: ladon.AllowAccess,

	// Under which conditions this policy is "active".
	Conditions: ladon.Conditions{
    "roles": HasRole("book-users"),
  },
}
	package main

	import (
	"fmt"
	"github.com/ory/ladon"
	manager "github.com/ory/ladon/manager/memory"
	)


	func main() {
	var err error

	warden := ladon.Ladon{
	Manager: manager.NewMemoryManager(),
	}

	err = warden.Manager.Create(pol)

	err = warden.IsAllowed(&ladon.Request{
	Resource: "book/1",
	Action: "create",
	Subject: "bob",
	Context: ladon.Context{
	"roles": []string{"book-users", "comment-users"},
	},
	})
	if err != nil {
	fmt.Println(err)
	} else {
	fmt.Println("Access granted")
	}
	}

	type HasRole string
	func (h HasRole) GetName() string {
	return "HasRole"
	}
	func (h HasRole) Fulfills(i interface{}, r *ladon.Request) bool {
	if roles, ok := i.([]string); ok {
	for _, role := range roles {
	if role == string(h) {
	return true
	}
	}
	}
	return false
	}


	var pol = &ladon.DefaultPolicy{
	// A required unique identifier. Used primarily for database retrieval.
	ID: "68819e5a-738b-41ec-b03c-b58a1b19d043",

	Description: `Full access to Book APIs for users with the "book-users" role.`,

	// A subject can be an user or a service. It is the "who" in "who is allowed to do what on something".
	Subjects: []string{"<.*>"},

	// Which resources this policy affects.
	Resources: []string{"book/<.*>"},

	// Which actions this policy affects. Supports RegExp
	Actions: []string{"create", "list", "get", "delete"},

	// Should access be allowed or denied?
	// Note: If multiple policies match an access request, ladon.DenyAccess will always override ladon.AllowAccess
	// and thus deny access.
	Effect: ladon.AllowAccess,

	// Under which conditions this policy is "active".
	Conditions: ladon.Conditions{
	"roles": HasRole("book-users"),
	},
	}