beego-authz is an authorization middleware for Beego. It provides authorization like ACL, RBAC, ABAC based on Casbin: https://github.com/casbin/casbin

With beego-authz, you can control who can access what resource via which method for your Beego app.

Modify the Casbin model: authz_model.conf and policy: authz_policy.csv as you want. You may need to learn Casbin's basics to know how to edit these files. The policy means that the user alice can access /dataset1/* via GET and /dataset1/resource1 via POST. The similar way applies to user bob. cathy has the role dataset1_admin, which is permitted to access any resources under /dataset1/ with any action. For more advanced usage of Casbin (like database support, policy language grammar, etc), please refer to Casbin: https://github.com/casbin/casbin

Insert the Casbin authorizer as a Beego filter.

beego.InsertFilter("*", beego.BeforeRouter, authz.NewAuthorizer(casbin.NewEnforcer("authz_model.conf", "authz_policy.csv")))

Make sure you already have an authentication mechanism, so you know who is accessing, like a username. Modify the GetUserName() method to let Casbin know the current authenticated username.

• Casbin

This project is under Apache 2.0 License. See the LICENSE file for the full license text.