https://github.com/m19c/acl

a lightweight acl manager for go.
https://github.com/m19c/acl

access-control acl go golang role

Last synced: 8 months ago
JSON representation

a lightweight acl manager for go.

• Host: GitHub
• URL: https://github.com/m19c/acl
• Owner: m19c
• License: mit
• Created: 2018-10-28T11:33:01.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2023-07-18T19:58:32.000Z (almost 3 years ago)
• Last Synced: 2025-08-14T10:37:48.852Z (10 months ago)
• Topics: access-control, acl, go, golang, role
• Language: Go
• Homepage:
• Size: 40 KB
• Stars: 82
• Watchers: 0
• Forks: 2
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

          
# ACL

[![Codacy Badge](https://api.codacy.com/project/badge/Grade/07072bf48e3d43c09213781a56553a5d)](https://app.codacy.com/app/mrboolean/acl?utm_source=github.com&utm_medium=referral&utm_content=MrBoolean/acl&utm_campaign=Badge_Grade_Dashboard)

[![Build Status](https://travis-ci.org/MrBoolean/acl.svg?branch=master)](https://travis-ci.org/MrBoolean/acl)

[![Codacy Badge](https://api.codacy.com/project/badge/Coverage/04065034d8b6496c95acd7b5b056b940)](https://www.codacy.com/app/mrboolean/acl?utm_source=github.com&utm_medium=referral&utm_content=MrBoolean/acl&utm_campaign=Badge_Coverage)

[![Documentation](https://godoc.org/github.com/MrBoolean/acl?status.svg)](http://godoc.org/github.com/MrBoolean/acl)

## TL;DR;

_acl_ is a lightweight acl manager for _go_.

## Features

- Design simple & reusable roles to empower your application.

- Acquire the rights of other roles to build a powerful set of permissions.

- Resolve possible roles by examine them in an unified way.

## Example

```go

type User struct {

    isAdmin bool

}

func main() {

    // first of all: create a new manager instance to register all your roles in one place

    manager := acl.NewManager()

    // now you can use `Ensure` to guarantee that the role with the passed identifier is present

    user := manager.Ensure("user").Grant("profile.edit")

    // use `Grant`, `Revoke` and `AcquireFrom` to extend the right stack

    editor := manager.Ensure("editor").Grant("news.list", "news.create", "news.edit").AcquireFrom(user)

    // you can also use NewRole to create a Role manually

    admin := acl.NewRole("admin").Grant("news.delete").AcquireFrom(editor)

    // note, that you have to register the role by yourself

    manager.Register(admin)

    // to check if a right was granted to a role you can use:

    var hasAccess bool

    hasAccess = admin.Has("some.right")

    // to check if at least one of the expected rights is present:

    hasAccess = admin.HasOneOf("news.list", "news.create")

    // ... and finally, to check that all the expected rights are present, use:

    hasAccess = admin.HasAllOf("news.delete", "news.list")

    // a role can be extended with an examiner to determine whether a role can be added

    // to a `ResultSet`

    admin.SetExaminer(func (payload interface{}) bool {

        user := payload.(User)

        return user.isAdmin

    })

    // to get a result set you can use the managers `Examine` function

    rs := manager.Examine(User{isAdmin: true})

    // a result set contains "Has", "HasOneOf" and "HasAllOf" as described above and...

    // `GetRole` to grab specific roles from the result set

    expectedRole := rs.GetRole("admin")

    // you can also check if a role was added to a result set using:

    if rs.HasRole("admin") {

        // ...

    }

}

```

## Possible enhancements

- Conditional `IsAllowed` (combine AND/OR queries into a _ConditionGroup_).