diff --git a/CHANGELOG.md b/CHANGELOG.md index f1de31c..9e31068 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,3 +2,4 @@ - First version. - Support delegatee. - Support abstract resource. +- Fix bugs. diff --git a/const.go b/const.go index 8991fd8..e5e04b6 100644 --- a/const.go +++ b/const.go @@ -91,7 +91,7 @@ func AddRelation(context any, relation Relation, privilege Privilege) { func getPrivilege(context any, relation Relation) Privilege { var cname = getName(context) - if cmap, ok := relationMap[cname]; ok || cname == "" { + if cmap, ok := relationMap[cname]; ok || cname == "nil" { relation = Relation(strings.ToLower(string(relation))) if priv, ok := cmap[relation]; ok { return priv diff --git a/priv.go b/priv.go index 053d377..e93bc8c 100644 --- a/priv.go +++ b/priv.go @@ -148,23 +148,27 @@ func (c *Checker) On(resource Resource) error { // getName returns the name of object. func getName(a any) string { - if a == nil { - return "" - } + var name = func() string { + if a == nil { + return "nil" + } - if s, ok := a.(fmt.Stringer); ok { - return s.String() - } + if s, ok := a.(fmt.Stringer); ok { + return s.String() + } - var atype = reflect.TypeOf(a) - switch atype.Kind() { - case reflect.String: - return a.(string) - case reflect.Struct: - return atype.Name() - case reflect.Pointer: - return atype.Elem().Name() - default: - panic(XyprivError.New("expected a string, struct, or pointer of struct to get its name")) - } + var atype = reflect.TypeOf(a) + switch atype.Kind() { + case reflect.String: + return a.(string) + case reflect.Struct: + return atype.Name() + case reflect.Pointer: + return atype.Elem().Name() + default: + panic(XyprivError.New("expected a string, struct, or pointer of struct to get its name")) + } + }() + + return strings.ReplaceAll(name, ".", "_") } diff --git a/token.go b/token.go index 65fc74a..daca88f 100644 --- a/token.go +++ b/token.go @@ -127,8 +127,9 @@ func (t LeastPrivilegeToken) Delegate(relation Relation, resource Resource, acti // setRule adds the condition tuple of relation, scope, and action into token // rules. The scope could be context or resource. Use the empty relation to -// apply all relations in the condition. Use the nil scope to apply all scopes -// in the condition. Use no action to apply all actions in the condition. +// apply all relations in the condition. Use the empty string as scope to apply +// all scopes in the condition. Use no action to apply all actions in the +// condition. func (t *LeastPrivilegeToken) setRule(relation Relation, scope any, action []string, result bool) { var relName = string(relation) var scopeName = getName(scope) diff --git a/tutorials/8.token/token_test.go b/tutorials/8.token/token_test.go index 0ffa657..53c0e01 100644 --- a/tutorials/8.token/token_test.go +++ b/tutorials/8.token/token_test.go @@ -148,7 +148,8 @@ func Example() { var tokenGroup = xypriv.NewToken() tokenGroup.AllowScope(Group{}) - var tokenNoPriv = xypriv.NewToken() + var tokenNormalContext = xypriv.NewToken() + tokenNormalContext.AllowScope(nil) var group = Group{member: []User{user}} var post = GroupPost{user: user, group: group} @@ -165,8 +166,8 @@ func Example() { fmt.Println("tokenGroup can update the group post") } - if xypriv.Check(user).Delegate(tokenNoPriv).Perform("update").On(post) != nil { - fmt.Println("tokenNoPriv can't update the group post") + if xypriv.Check(user).Delegate(tokenNormalContext).Perform("update").On(post) != nil { + fmt.Println("tokenNormalContext can't update the group post") } if xypriv.Check(user).Perform("read").On(post) == nil { @@ -181,17 +182,17 @@ func Example() { fmt.Println("tokenGroup can read the group post") } - if xypriv.Check(user).Delegate(tokenNoPriv).Perform("read").On(post) != nil { - fmt.Println("tokenNoPriv can't read the group post") + if xypriv.Check(user).Delegate(tokenNormalContext).Perform("read").On(post) != nil { + fmt.Println("tokenNormalContext can't read the group post") } // Output: // user can update the group post // tokenReadPost can't update the group post // tokenGroup can update the group post - // tokenNoPriv can't update the group post + // tokenNormalContext can't update the group post // user can read the group post // tokenReadPost can read the group post // tokenGroup can read the group post - // tokenNoPriv can't read the group post + // tokenNormalContext can't read the group post }