¶ 管理资源与权限
更新时间: 2025-02-18 09:00:47
Authing 基于 ABAC(Attribute Base Access Control,基于属性的权限控制)构建权限模型,
可以和 RBAC (Role Based Access Control,基于角色的访问控制)结合,实现非常灵活、精细化的权限控制。
此模块将此模型抽象成了两个方法: Allow, IsAllowed。
你可以通过以下方式使用此模块:
client := NewClient(userPoolId, secret) client.Allow() # 允许某个用户对某个资源进行某个操作 client.IsAllowed() # 判断某个用户是否对某个资源有某个操作权限
复制成功
¶ 创建权限分组
创建权限分组
// CreateNamespace // 创建权限分组 func (c *Client) CreateNamespace(request *model.EditNamespaceRequest) (*model.Namespace, error)
复制成功
¶ 参数
request
<EditNamespaceRequest>EditNamespaceRequest.Code
<string> 权限分组唯一标识符EditNamespaceRequest.Name
<string> 权限分组名EditNamespaceRequest.Description
<string> 可选,权限分组描述
¶ 示例
client := NewClient(userPoolId, secret) log.Println("==========创建权限分组==========") code := "qCode" name := "qName" req := &model.EditNamespaceRequest{ Code: &code, Name: &name, } resp, err := client.CreateNamespace(req)
复制成功
¶ 示例数据
{ "appId": null, "appName": null, "name": "Test Namcepace", "code": "testNamesapce", "description": "This is a Test Namespace", "status": 1, "id": 38 }
复制成功
¶ 获取权限分组列表
获取权限分组列表
// ListNamespace // 权限分组列表 func (c *Client) ListNamespace(page, limit int) (*struct { List []model.Namespace `json:"list"` Total int64 `json:"total"` }, error)
复制成功
¶ 参数
page
<int> 页码,默认为 1limit
<int> 每页个数,默认为 10
¶ 示例
resp, err := client.ListNamespace(1, 10)
复制成功
¶ 示例数据
{ "list": [ { "appId": null, "appName": null, "name": "Test Namcepace", "code": "testNamesapce", "description": "This is a Test Namespace", "status": 1, "id": 38 } ], "totalCount": 1 }
复制成功
¶ 更新权限分组
更新权限分组
// UpdateNamespace // 修改权限分组 func (c *Client) UpdateNamespace(id string, request *model.EditNamespaceRequest) (*model.Namespace, error)
复制成功
¶ 参数
id
<string> 权限分组 coderequest
<EditNamespaceRequest>EditNamespaceRequest.Code
<string> 可选,权限分组新的 codeEditNamespaceRequest.Name
<string> 可选,权限分组名称EditNamespaceRequest.Description
<string> 可选,权限分组描述
¶ 示例
client := NewClient(userPoolId, secret) log.Println("==========修改权限分组==========") code := "qCodeww" name := "qNameww" req := &model.EditNamespaceRequest{ Code: &code, Name: &name, } resp, err := client.UpdateNamespace("54156", req)
复制成功
¶ 示例数据
{ "id": 38, "appId": null, "appName": null, "name": "Test Namcepace", "code": "testNamesapce", "description": "A New Name", "status": 1 }
复制成功
¶ 删除权限分组
删除权限分组
// DeleteNamespace // 删除权限分组 func (c *Client) DeleteNamespace(id string) (*string, error)
复制成功
¶ 参数
id
<string> 权限分组标识
¶ 示例
resp, err := client.DeleteNamespace("54156")
复制成功
¶ 获取资源列表
根据筛选条件,查询用户池下的资源列表
// ListNamespaceResources // 获取资源列表 func (c *Client) ListNamespaceResources(req model.ListResourceRequest) (*model.ListNamespaceResourceResponse, error)
复制成功
¶ 参数
req
<ListResourceRequest>ListResourceRequest.Namespace
<string> 权限分组命名空间ListResourceRequest.Type
<EnumResourceType> 资源类型,可选值为DATA
、API
、MENU
、UI
、BUTTON
ListResourceRequest.Page
<int> 分页,获取第几页,默认从 1 开始ListResourceRequest.Limit
<int> 每页条目数量,默认为 10
¶ 示例
req := model.ListResourceRequest{ ResourceType: model.EnumResourceTypeAPI, Namespace: "default", Page: 1, Limit: 10, } resp, _ := client.ListNamespaceResources(req)
复制成功
¶ 返回数据
{ "list": [ { "id": "60646ed1c7a558f935c6d49c", "createdAt": "2021-03-31T12:45:05.175Z", "updatedAt": "2021-03-31T12:45:05.175Z", "userPoolId": "600a8f29cead8fc0127f9da6", "code": "pihh4j7j4ehh", "actions": [ { "name": "book:write", "description": "图书写入操作" } ], "type": "DATA", "description": "chair", "namespaceId": 22997, "apiIdentifier": null, "namespace": "600a8f4e37708b363024a3ca" } ], "totalCount": 1 }
复制成功
¶ 创建资源
创建一个资源
// CreateResource // 创建资源 func (c *Client) CreateResource(req *model.CreateResourceRequest) (*model.ResourceResponse, error)
复制成功
¶ 参数
req
<CreateResourceRequest>CreateResourceRequest.Code
<string> 资源标识符CreateResourceRequest.Namespace
<string> 权限分组命名空间CreateResourceRequest.Type
<string> 资源类型,可选值为DATA
、API
、MENU
、UI
、BUTTON
CreateResourceRequest.Actions
<[]ActionsModel> 资源操作对象数组。其中 name 为操作名称,填写一个动词,description 为操作描述,填写描述信息CreateResourceRequest.Description
<string> 资源描述信息
¶ 示例
req := &model.CreateResourceRequest{ Code: "nmw", Namespace: "default", Actions: []model.ActionsModel{{ Name: "qqw", Description: "qwe", }}, } resp, _ := client.CreateResource(req)
复制成功
¶ 返回数据
{ "userPoolId": "600a8f29cead8fc0127f9da6", "code": "book", "actions": [ { "name": "book:write", "description": "图书写入操作" } ], "type": "DATA", "description": "book", "namespaceId": 22997, "createdAt": "2021-04-06T11:49:07.656Z", "updatedAt": "2021-04-06T11:49:07.656Z", "id": "606c4ab3d7fb66a8e1517132", "apiIdentifier": null }
复制成功
¶ 更新资源
更新一个资源
// UpdateResource // 更新资源 func (c *Client) UpdateResource(code string, req *model.UpdateResourceRequest) (*model.ResourceResponse, error)
复制成功
¶ 参数
code
<string> 资源标识符req
<UpdateResourceRequest>UpdateResourceRequest.Namespace
<string> 资源所在的权限分组标识UpdateResourceRequest.Type
<string> 资源类型,可选值为DATA
、API
、MENU
、UI
、BUTTON
UpdateResourceRequest.Actions
<[]ActionsModel> 资源操作对象数组。其中 name 为操作名称,填写一个动词,description 为操作描述,填写描述信息UpdateResourceRequest.Description
<string> 资源描述信息
¶ 示例
req := &model.UpdateResourceRequest{ Namespace: "default", Actions: []model.ActionsModel{{ Name: "qqwcc", Description: "qwe", }}, } resp, _ := client.UpdateResource("nmw", req)
复制成功
¶ 返回数据
{ "id": "606c4ab3d7fb66a8e1517132", "createdAt": "2021-04-06T11:49:07.656Z", "updatedAt": "2021-04-06T11:59:26.879Z", "userPoolId": "600a8f29cead8fc0127f9da6", "code": "book", "actions": [ { "name": "book:write", "description": "图书写入操作2" }, { "name": "book:read", "description": "图书读取操作2" } ], "type": "DATA", "description": "新的描述", "namespaceId": 22997, "apiIdentifier": null }
复制成功
¶ 删除资源
删除资源
// DeleteResource // 删除资源 func (c *Client) DeleteResource(code, namespace string) (*string, error)
复制成功
¶ 参数
code
<string> 资源标识符namespace
<string> 资源所在的权限分组标识
¶ 示例
resp, _ := client.DeleteResource("nmw", "default")
复制成功
¶ 返回数据
bool
复制成功
¶ 授权资源
将一个(类)资源授权给用户、角色、分组、组织机构,且可以分别指定不同的操作权限。
//AuthorizeResource //将一个(类)资源授权给用户、角色、分组、组织机构,且可以分别指定不同的操作权限。 func (c *Client) AuthorizeResource(request model.AuthorizeResourceRequest) (bool, error)
复制成功
¶ 参数
request
<AuthorizeResourceRequest>AuthorizeResourceRequest.Namespace
<string> 权限分组 codeAuthorizeResourceRequest.Resource
<string> 资源,如一类资源可以表示为order
,某一个资源可以表示为order:123
AuthorizeResourceRequest.ResourceType
<EnumResourceType> 资源类型AuthorizeResourceRequest.Opts
<[]AuthorizeResourceOpt> 资源操作类型数组
¶ 示例
var actions []string actions = append(actions, "*") opt := model.AuthorizeResourceOpt{ TargetType: model.EnumPolicyAssignmentTargetTypeUSER, TargetIdentifier: "xx", Actions: actions, } var opts []model.AuthorizeResourceOpt opts = append(opts, opt) req := model.AuthorizeResourceRequest{ Namespace: "xx", Resource: "7629:read", ResourceType: model.EnumResourceTypeBUTTON, Opts: opts, } resp, _ := client.AuthorizeResource(req)
复制成功
¶ 授权资源(快捷操作)
允许某个用户对某个资源进行某个操作
//Allow //允许某个用户对某个资源进行某个操作 func (c *Client) Allow(request model.AllowRequest) (bool, error)
复制成功
¶ 参数
request
<AllowRequest>AllowRequest.UserId
<string> 用户 IDAllowRequest.Action
<string> 操作名称,推荐使用 <resourceType>:<actionName> 的格式,如books:edit
,books:list
AllowRequest.Resource
<string> 资源名称, 必须为 <resourceType>:<resourceId> 格式或者为 _, 如_
,books:123
,books:\*
AllowRequest.Namespace
<string> 权限分组的 code,详情请见使用权限分组管理权限资源;
¶ 示例
req := model.AllowRequest{ Resource: "7629:read", Action: "add", UserId: "xx", Namespace: "xx", } resp, _ := client.Allow(req)
复制成功
¶ 取消授权资源
取消对某个资源的操作权限
//RevokeResource //批量撤销资源的授权 func (c *Client) RevokeResource(request model.RevokeResourceRequest) (bool, error)
复制成功
¶ 参数
request
<RevokeResourceRequest>RevokeResourceRequest.Namespace
<string> 权限分组 codeRevokeResourceRequest.Resource
<string> 资源,如一类资源可以表示为order
,某一个资源可以表示为order:123
RevokeResourceRequest.ResourceType
<EnumResourceType> 资源类型RevokeResourceRequest.Opts
<[]AuthorizeResourceOpt> 资源操作类型数组
opt := model.AuthorizeResourceOpt{ TargetType: model.EnumPolicyAssignmentTargetTypeUser, TargetIdentifier: "61090ca34e01a3968d3e3b76", Actions: actions, } var opts []model.AuthorizeResourceOpt opts = append(opts, opt) req := model.RevokeResourceRequest{ Namespace: "default", Resource: "7629:read", ResourceType: model.EnumResourceTypeBUTTON, Opts: opts, } resp, _ := client.RevokeResource(req)
复制成功
¶ 判断某个用户是否对某个资源有某个操作权限
判断某个用户是否对某个资源有某个操作权限
//IsAllowed //判断某个用户是否对某个资源有某个操作权限 func (c *Client) IsAllowed(request model.IsAllowedRequest) (bool, error)
复制成功
¶ 参数
request
<IsAllowedRequest>IsAllowedRequest.UserId
<string> 用户 IDIsAllowedRequest.Action
<string> 操作名称,推荐使用 <resourceType>:<actionName> 的格式,如books:edit
,books:list
IsAllowedRequest.Resource
<string> 资源名称, 必须为 <resourceType>:<resourceId> 格式或者为 _, 如_
,books:123
,books:\*
IsAllowedRequest.Namespace
<string> 权限分组的 code,详情请见使用权限分组管理权限资源
¶ 示例
req := model.IsAllowedRequest{ Resource: "7629:read", Action: "read", UserId: "611b2ff477d701441c25e29e", Namespace: nil, } resp, _ := client.IsAllowed(req)
复制成功
¶ 获取用户被授权的所有资源列表
获取一个用户被授权的所有资源,用户被授权的所有资源里面包括从角色、分组、组织机构继承的资源
// ListUserAuthorizedResources // 获取用户被授权的所有资源 func (c *Client) ListUserAuthorizedResources(request model.ListUserAuthResourceRequest) (*model.AuthorizedResources, error)
复制成功
¶ 参数
request
<ListUserAuthResourceRequest>ListUserAuthResourceRequest.UserId
<string> 用户 IDListUserAuthResourceRequest.Namespace
<string> 权限分组的 code,详情请见使用权限分组管理权限资源ListUserAuthResourceRequest.ResourceType
<EnumResourceType> 资源类型,可选值包含 DATA、API、MENU、UI、BUTTON
¶ 示例
req := &model.ListUserAuthResourceRequest{ Id: "616d41b7410a33da0cb70e65", Namespace: "default", ResourceType: model.EnumResourceTypeAPI, } resp, err := client.ListUserAuthorizedResources(*req)
复制成功
¶ 示例数据
type
为资源类型,一共有以下几种资源类型DATA
: 数据类型API
: API 类型数据MENU
: 菜单类型数据BUTTON
: 按钮类型数据
code
: 资源描述符,如果是DATA
类型资源,格式为resourceType:resourceId
,如books:*
表示所有书籍,books:1
表示 ID 为 1 的书籍actions
: 用户被授权对该资源的操作
{ "totalCount": 12, "list": [ { "code": "menu_a", "type": "MENU" }, { "code": "menu_b", "type": "MENU" }, { "code": "books:1", "type": "DATA", "actions": ["books:delete", "books:update"] } ] }
复制成功
¶ 获取角色被授权的所有资源列表
获取一个角色被授权的所有资源
// ListRoleAuthorizedResources // 获取角色被授权的所有资源 func (c *Client) ListRoleAuthorizedResources(code, namespace string, resourceType model.EnumResourceType) (*model.AuthorizedResources, error)
复制成功
¶ 参数
code
<string> 角色 codenamespace
<string> 权限分组的 code,详情请见使用权限分组管理权限资源resourceType
<EnumResourceType> 可选,资源类型
¶ 示例
resp, err := client.ListRoleAuthorizedResources("NewCode", "default", model.EnumResourceTypeAPI)
复制成功
¶ 示例数据
type
<string> 资源类型code
<string> 资源描述符,如果是DATA
类型资源,格式为resourceType:resourceId
,如books:*
表示所有书籍,books:1
表示 ID 为 1 的书籍actions
<string> 用户被授权对该资源的操作
{ "totalCount": 12, "list": [ { "code": "menu_a", "type": "MENU" }, { "code": "menu_b", "type": "MENU" }, { "code": "books:1", "type": "DATA", "actions": ["books:delete", "books:update"] } ] }
复制成功
¶ 获取具备某些资源操作权限的主体
传入权限分组、资源标识、资源类型、操作权限项、主体类型,返回具备资源操作权限的主体标识符
// GetAuthorizedTargets // 获取具备某些资源操作权限的主体 func (c *Client) GetAuthorizedTargets(req *model.GetAuthorizedTargetsRequest) (*struct { TotalCount int64 `json:"totalCount"` List []struct { Actions string `json:"actions"` TargetType string `json:"targetType"` TargetIdentifier string `json:"targetIdentifier"` } `json:"list"` }, error)
复制成功
¶ 参数
req
<GetAuthorizedTargetsRequest>GetAuthorizedTargetsRequest.Namespace
<string> 权限分组的 code,详情请见使用权限分组管理权限资源GetAuthorizedTargetsRequest.ResourceType
<EnumResourceType> 资源类型GetAuthorizedTargetsRequest.Resource
<string> 资源 codeGetAuthorizedTargetsRequest.Actions
<struct> 操作GetAuthorizedTargetsRequest.Actions.Op
<struct> 操作类型GetAuthorizedTargetsRequest.Actions.List
<struct> 操作对象GetAuthorizedTargetsRequest.TargetType
<ResourceTargetTypeEnum> 主体类型,可选值为USER
、ROLE
、ORG
、GROUP
,含义为用户、角色、组织机构节点、用户分组
¶ 示例
req := &model.GetAuthorizedTargetsRequest{ TargetType: constant.ROLE, Resource: "cccccc", Namespace: "default", ResourceType: model.EnumResourceTypeAPI, } resp, _ := client.GetAuthorizedTargets(req)
复制成功
¶ 示例数据
targetType
<string> 为主体类型targetIdentifier
<string> 主体标识符,可能是用户 ID、角色 ID、组织结构节点 ID、用户分组 IDactions
<string> 用户被授权对该资源的操作
{ "totalCount": 1, "list": [ { "targetType": "USER", "targetIdentifier": "6063fcd01d0d2e39d4596904", "actions": ["write"] } ] }
复制成功
¶ 编程访问账号列表
编程访问账号列表
// ProgrammaticAccessAccountList // 编程访问账号列表 func (c *Client) ProgrammaticAccessAccountList(appId string, page, limit int) (*struct { TotalCount int64 `json:"totalCount"` List []model.ProgrammaticAccessAccount `json:"list"` }, error)
复制成功
¶ 参数
appId
<string> 角色 codepage
<int> 页码,默认为 1limit
<int> 每页个数,默认为 10
¶ 示例
resp, _ := client.ProgrammaticAccessAccountList("6168f95e81d5e20f9cb72f22", 1, 10)
复制成功
¶ 示例数据
{ "message": "获取编程访问账号列表成功", "code": 200, "data": { "totalCount": 1, "list": [ { "userId": null, "updatedAt": "2021-09-15T07:06:34.151Z", "enabled": true, "secret": "msjjnzks2wwcj58ts632j5hpdxej", "appId": "6139c4d24e78a4d706b7", "remarks": null, "tokenLifetime": 600, "id": "61419b782f9c3925662e", "createdAt": "2021-09-15T07:06:32.603Z" } ] } }
复制成功
¶ 添加编程访问账号
添加编程访问账号
// CreateProgrammaticAccessAccount // 添加编程访问账号 func (c *Client) CreateProgrammaticAccessAccount(appId string, remark *string, tokenLifetime *int) (*model.ProgrammaticAccessAccount, error)
复制成功
¶ 参数
appId
<string> 应用 IDremark
<string> 备注tokenLifetime
<int> Token 过期时间 默认为 600
¶ 示例
resp, _ := client.CreateProgrammaticAccessAccount("6168f95e81d5e20f9cb72f22", nil, nil)
复制成功
¶ 示例数据
{ "message": "创建编程访问账号成功", "code": 200, "data": { "appId": "6139c4d24e78a4d706b754", "enabled": true, "tokenLifetime": 600, "userId": null, "secret": "8e202f761f11bdc8a6fa36992115", "updatedAt": "2021-09-24T03:38:01.148Z", "remarks": null, "id": "614d4819fc4f70b4b8b6d", "createdAt": "2021-09-24T03:38:01.148Z" } }
复制成功
¶ 禁用编程访问账号
禁用编程访问账号
// DisableProgrammaticAccessAccount // 禁用编程访问账号 func (c *Client) DisableProgrammaticAccessAccount(programmaticAccessAccountId string) (*model.ProgrammaticAccessAccount, error)
复制成功
¶ 参数
programmaticAccessAccountId
<string> 编程账号 ID
¶ 示例
resp, _ := client.DisableProgrammaticAccessAccount("617109c03d185a5092395cab")
复制成功
¶ 示例数据
{ "message": "修改编程访问账号成功", "code": 200 }
复制成功
¶ 删除编程访问账号
删除编程访问账号
// DeleteProgrammaticAccessAccount // 删除编程访问账号 func (c *Client) DeleteProgrammaticAccessAccount(programmaticAccessAccountId string) (*string, error)
复制成功
¶ 参数
programmaticAccessAccountId
<string> 编程账号 ID
¶ 示例
resp, _ := client.DeleteProgrammaticAccessAccount("617109c03d185a5092395cab")
复制成功
¶ 示例数据
{ "message": "删除编程访问账号成功", "code": 200 }
复制成功
¶ 启用编程访问账号
启用编程访问账号
// EnableProgrammaticAccessAccount // 启用编程访问账号 func (c *Client) EnableProgrammaticAccessAccount(programmaticAccessAccountId string) (*model.ProgrammaticAccessAccount, error)
复制成功
¶ 参数
programmaticAccessAccountId
<string> 编程账号 ID
¶ 示例
resp, _ := client.EnableProgrammaticAccessAccount("617109c03d185a5092395cab")
复制成功
¶ 示例数据
{ "message": "修改编程访问账号成功", "code": 200 }
复制成功
¶ 刷新编程访问账号密钥
刷新编程访问账号密钥
// RefreshProgrammaticAccessAccountSecret // 刷新编程访问账号密钥 func (c *Client) RefreshProgrammaticAccessAccountSecret(programmaticAccessAccountId string, secret *string) (*model.ProgrammaticAccessAccount, error)
复制成功
¶ 参数
programmaticAccessAccountId
<string> 编程账号 IDsecret
<string> 秘钥
¶ 示例
resp, _ := client.RefreshProgrammaticAccessAccountSecret("617109c03d185a5092395cab", nil)
复制成功
¶ 示例数据
{ "message": "修改编程访问账号成功", "code": 200, "data": { "userId": null, "updatedAt": "2021-09-24T03:45:05.780Z", "enabled": true, "secret": "xjefjjst8nrdxk5haza248b4atepwj", "appId": "6139c4d24e78a4d706b754", "remarks": null, "tokenLifetime": 600, "id": "614d49c1c1435e85d2a600", "createdAt": "2021-09-24T03:45:05.648Z" } }
复制成功
¶ 根据 ID 获取单个资源
根据 ID 获取单个资源
// GetResourceById // 根据 ID 获取单个资源 func (c *Client) GetResourceById(id string) (*model.ResourceResponse, error)
复制成功
¶ 参数
id
<string> 主键
¶ 示例
resp, _ := client.GetResourceById("616cdf9d1642b20d8c2ec555")
复制成功
¶ 示例数据
{ "message": "", "code": 200, "data": { "code": "eyqcalgaeo", "description": null, "userPoolId": "61384d3e302f1f75e69ce9", "apiIdentifier": null, "actions": [ { "name": "fwstxqxggy", "description": "uzzlxbbuea" } ], "namespaceId": 48070, "updatedAt": "2021-09-15T07:33:16.932Z", "type": "DATA", "id": "6141a1bc2129d0b8341522", "createdAt": "2021-09-15T07:33:16.932Z" } }
复制成功
¶ 根据 Code 获取单个资源
根据 Code 获取单个资源
// GetResourceByCode // 根据 Code 获取单个资源 func (c *Client) GetResourceByCode(code, namespace string) (*model.ResourceResponse, error)
复制成功
¶ 参数
namespace
<string> 命名空间code
<string> 资源 Code
¶ 示例
resp, _ := client.GetResourceByCode("ddddd", "default")
复制成功
¶ 示例数据
{ "message": "", "code": 200, "data": { "code": "eyqcalgaeo", "description": null, "userPoolId": "61384d3e302f1f75e69ce9", "apiIdentifier": null, "actions": [ { "name": "fwstxqxggy", "description": "uzzlxbbuea" } ], "namespaceId": 48070, "updatedAt": "2021-09-15T07:33:16.932Z", "type": "DATA", "id": "6141a1bc2129d0b8341522", "createdAt": "2021-09-15T07:33:16.932Z" } }
复制成功
¶ 启用应用访问控制策略
启用应用访问控制策略
// EnableApplicationAccessPolicies // 启用应用访问控制策略 func (c *Client) EnableApplicationAccessPolicies(appId string, req *model.ApplicationAccessPoliciesRequest) (*string, error)
复制成功
¶ 参数
appId
<string> 应用 IDreq
<ApplicationAccessPoliciesRequest>ApplicationAccessPoliciesRequest.TargetType
<ResourceTargetTypeEnum> 对象类型ApplicationAccessPoliciesRequest.TargetIdentifiers
<[]string> 对象 ID 集合ApplicationAccessPoliciesRequest.Namespace
<string> 命名空间ApplicationAccessPoliciesRequest.InheritByChildren
<bool> 是否内联子类
¶ 示例
req := &model.ApplicationAccessPoliciesRequest{ TargetType: constant.USER, InheritByChildren: true, TargetIdentifiers: []string{"616e905ebc18f0f106973a29"}, Namespace: "default", } resp, _ := client.EnableApplicationAccessPolicies("6168f95e81d5e20f9cb72f22", req)
复制成功
¶ 停用应用访问控制策略
停用应用访问控制策略
// DisableApplicationAccessPolicies // 停用应用访问控制策略 func (c *Client) DisableApplicationAccessPolicies(appId string, req *model.ApplicationAccessPoliciesRequest) (*string, error)
复制成功
¶ 参数
appId
<string> 应用 IDreq
<ApplicationAccessPoliciesRequest>ApplicationAccessPoliciesRequest.TargetType
<ResourceTargetTypeEnum> 对象类型ApplicationAccessPoliciesRequest.TargetIdentifiers
<[]string> 对象 ID 集合ApplicationAccessPoliciesRequest.Namespace
<string> 命名空间ApplicationAccessPoliciesRequest.InheritByChildren
<bool> 是否内联子类
¶ 示例
req := &model.ApplicationAccessPoliciesRequest{ TargetType: constant.USER, InheritByChildren: true, TargetIdentifiers: []string{"616e905ebc18f0f106973a29"}, Namespace: "default", } resp, _ := client.DisableApplicationAccessPolicies("6168f95e81d5e20f9cb72f22", req)
复制成功
¶ 删除应用访问控制策略
删除应用访问控制策略
// DeleteApplicationAccessPolicies // 删除应用访问控制策略 func (c *Client) DeleteApplicationAccessPolicies(appId string, req *model.ApplicationAccessPoliciesRequest) (*string, error)
复制成功
¶ 参数
appId
<string> 应用 IDreq
<ApplicationAccessPoliciesRequest>ApplicationAccessPoliciesRequest.TargetType
<ResourceTargetTypeEnum> 对象类型ApplicationAccessPoliciesRequest.TargetIdentifiers
<[]string> 对象 ID 集合ApplicationAccessPoliciesRequest.Namespace
<string> 命名空间ApplicationAccessPoliciesRequest.InheritByChildren
<bool> 是否内联子类
¶ 示例
req := &model.ApplicationAccessPoliciesRequest{ TargetType: constant.USER, InheritByChildren: true, TargetIdentifiers: []string{"616e905ebc18f0f106973a29"}, Namespace: "default", } resp, _ := client.DeleteApplicationAccessPolicies("6168f95e81d5e20f9cb72f22", req)
复制成功
¶ 配置「允许主体(用户、角色、分组、组织机构节点)访问应用」的控制策略
配置「允许主体(用户、角色、分组、组织机构节点)访问应用」的控制策略
// AllowApplicationAccessPolicies // 配置「允许主体(用户、角色、分组、组织机构节点)访问应用」的控制策略 func (c *Client) AllowApplicationAccessPolicies(appId string, req *model.ApplicationAccessPoliciesRequest) (*string, error)
复制成功
¶ 参数
appId
<string> 应用 IDreq
<ApplicationAccessPoliciesRequest>ApplicationAccessPoliciesRequest.TargetType
<ResourceTargetTypeEnum> 对象类型ApplicationAccessPoliciesRequest.TargetIdentifiers
<[]string> 对象 ID 集合ApplicationAccessPoliciesRequest.Namespace
<string> 命名空间ApplicationAccessPoliciesRequest.InheritByChildren
<bool> 是否内联子类
¶ 示例
req := &model.ApplicationAccessPoliciesRequest{ TargetType: constant.USER, InheritByChildren: true, TargetIdentifiers: []string{"616e905ebc18f0f106973a29"}, Namespace: "default", } resp, _ := client.AllowApplicationAccessPolicies("6168f95e81d5e20f9cb72f22", req)
复制成功
¶ 示例数据
{ "message": "允许访问成功", "code": 200 }
复制成功
¶ 配置「拒绝主体(用户、角色、分组、组织机构节点)访问应用」的控制策略
配置「拒绝主体(用户、角色、分组、组织机构节点)访问应用」的控制策略
// DenyApplicationAccessPolicies // 配置「拒绝主体(用户、角色、分组、组织机构节点)访问应用」的控制策略 func (c *Client) DenyApplicationAccessPolicies(appId string, req *model.ApplicationAccessPoliciesRequest) (*string, error)
复制成功
¶ 参数
appId
<string> 应用 IDreq
<ApplicationAccessPoliciesRequest>ApplicationAccessPoliciesRequest.TargetType
<ResourceTargetTypeEnum> 对象类型ApplicationAccessPoliciesRequest.TargetIdentifiers
<[]string> 对象 ID 集合ApplicationAccessPoliciesRequest.Namespace
<string> 命名空间ApplicationAccessPoliciesRequest.InheritByChildren
<bool> 是否内联子类
¶ 示例
req := &model.ApplicationAccessPoliciesRequest{ TargetType: constant.USER, InheritByChildren: true, TargetIdentifiers: []string{"616e905ebc18f0f106973a29"}, Namespace: "default", } resp, _ := client.DenyApplicationAccessPolicies("6168f95e81d5e20f9cb72f22", req)
复制成功
¶ 示例数据
{ "message": "拒绝访问成功", "code": 200 }
复制成功
¶ 更改默认应用访问策略(默认拒绝所有用户访问应用、默认允许所有用户访问应用)
更改默认应用访问策略(默认拒绝所有用户访问应用、默认允许所有用户访问应用)
// UpdateDefaultApplicationAccessPolicy // 更改默认应用访问策略(默认拒绝所有用户访问应用、默认允许所有用户访问应用) func (c *Client) UpdateDefaultApplicationAccessPolicy(appId string, strategy constant.ApplicationDefaultAccessPolicies) (*model.Application, error)
复制成功
¶ 参数
appId
<string> 应用 IDstrategy
<ApplicationDefaultAccessPolicies> 默认策略 取值范围 ALLOW_ALL,DENY_ALL
¶ 示例
resp, _ := client.UpdateDefaultApplicationAccessPolicy("6168f95e81d5e20f9cb72f22", constant.AllowAll)
复制成功
¶ 示例数据
{ "message": "更新应用成功!", "code": 200, "data": { "oidcJWEConfig": null, "isOfficial": false, "protocol": "oidc", "adConnections": [], "casConfig": null, "isDemo": false, "updatedAt": "2021-09-23T07:13:21.225Z", "logo": "https://files.authing.co/authing-console/default-app-logo.png", "enableDeviceMutualExclusion": false, "id": "6139c4d24e78a4d706b75b", "isDeleted": false, "registerTabs": ["email", "phone"], "disabledCasConnections": [], "ssoPageCustomizationSettings": null, "isIntegrate": false, "oauthProviderEnabled": false, "userPoolId": "61384d3e302f1f75e69ce", "jwks": { "keys": [ { "use": "sig", "e": "AQAB", "d": "DSyYiMZcqFQ_plqFTJ1CXcJ0Vs2x3nMPpt9gShVdh6HgnLTfRbBALIPlyEC0PYL_JnpgZW92qff1q-9YB39zbvUes4ZdrhCPpONyhTj5UVWCb2xvguebzLgdQmMM1GIWP8y7kAL9mk01bNr7yj3Qt0EjIEaXiiwvclg-YvGjyvCHRfCPV5181Ia3Rw_zYvFNXNYqvAKEKrKuk-5fZbz0Mw3CzdMkc4vqCvMk7eGnTaO-uaRZZe3ZKBkStf27N4KOwHT1mBd8XCAK0aWfyG2-zU6hLJRTPVEpOxkWyq7RRwB4_oGUUpqEzxY_ll8yaqHLh3nWY0i9Kny1u6eZjxTh-Q", "alg": "RS256", "n": "xczXb-UbE9FQjzqvxujGLIDqMqyVNbfATdP277vx-6AQzsOIReF-qqu9YmG8rzJM6nLEdf4DBDNa1xB6Y8n7GPU_UcJ9alf0lwZbpeLxLhZj38tjfM-KBM3auqMdHW_DHcrTw5_pUfq0pAE1-Dw6tgkr5KdBFfoc4tVn0Y1TuaXTBlabmQAJgcqc0CUlKfbUnbBbsPGbA2w3yUnOBB74XBoXSRYr-zRQBJ8aZ0IOsqovrkAFoSBMzmGxwR2IKlyBxYyWZU8_x8Q_l3BUsQRCPXuOkUn_G2aVeV3biT9u6FGKH-tLxfgeC_LFVsbNUjgIT5mHBrPu2lQwu2BHCeAbKw", "q": "xf779mhxY66ed2CMxILWQOOdN3uraBML-3kxBB2oNM27sBawyaMylLEvvYx5gyefZbAf0jbYeM4iB_-uOlR5O5vKy6srzekJmfU-aqtgOM8fJrUpywZsU5xr_jWrgxn3DUp3vHgzVTfaGXe81gyzt8AtP6plpd3MXOnfRql0j78", "p": "_78q8phf8AOkgQ7A4JI1QxPGkmXhBS5CQAfJTQgMfyv1jFh2QjkE3TuN3fAn5X4T-bWw00YyiKQZQnjcYLTDw7p1ms70NNcFx1_leFvDooAMJYQuwkQ5gbdGFwzA6B8vf6ZwwTPqAIJHUN8NNDea04GPecp_o_7TPHv5oOpzz5U", "kty": "RSA", "qi": "ONZxbv_aFoh7WIBbYthhbg8KkTg6FMmgkNbXPCcSdWwbetVBXH7Xky-rwg2-ZJbc7lalFnTaTeSi64un4G-YMi7css5zstORCGT0K-MWi39WazE2c783oCwtCH5eZs1PnGWty6adpLFx2b2ESymB9h3nPxWF3NHKqCuTqxLUnPg", "kid": "JjhmE834pqVVPHQOYxIu244hrNITJw9SmKVddwxSvN8", "dp": "juU3j_kHkcnXPq0Jo_DNhb8k8mOuSQDBz5kKJtpacSwUtOgwm2vUhfBioiEviZDahGm6dTIBxks6OePh7r7Rqykh0O_VjzidZ_ry8j8DnmZBYyzqG22XXB0VMofTuV7DYWWUFr90_ffM9SjL7eMrxQXdLsWwb-dQC7mRjxGwx8k", "dq": "r3bkFh_C9QMH_mU6-t-0Pjc42bWoVogio05oiOw7Z-g2_7tsGpWdOra3xzRZb0jK8tQdry7Zsl2DPTFyVtELyy6qjsn3_PgbgSwcj22mzVGImsYL7peXopVKAzPO9lUpYsbuy8B-RXREvTMmz07caehOcVBx2odwF5tPOpDr8oM" } ] }, "oauthConfig": { "introspection_endpoint_auth_method": "client_secret_post", "redirect_uris": ["https://www.authing.cn"], "access_token_lifetime": 1209600, "refresh_token_lifetime": 2592000, "grants": ["authorization_code"], "revocation_endpoint_auth_method": "client_secret_post", "id": "6139c4d24e78a4d706b7545b" }, "extendsFields": [], "skipMfa": false, "oidcProviderEnabled": true, "createdAt": "2021-09-09T08:24:50.150Z", "template": null, "isDefault": false, "extendsFieldsEnabled": false, "ssoEnabled": false, "samlConfig": null, "description": null, "disabledSocialConnections": null, "samlProviderEnabled": false, "enableSubAccount": true, "disabledOauth2Connections": [], "loginRequireEmailVerified": false, "disabledSamlConnections": [], "oidcConfig": { "token_endpoint_auth_method": "client_secret_post", "post_logout_redirect_uris": [], "refresh_token_expire": 2592000, "cas_expire": 1209600, "access_token_expire": 1209600, "skip_consent": true, "grant_types": ["authorization_code", "password", "refresh_token"], "authorization_code_expire": 600, "id_token_signed_response_alg": "HS256", "redirect_uris": ["https://www.authing.cn"], "response_types": ["code"], "client_id": "6139c4d24e78a4d706b7545b", "id_token_expire": 1209600 }, "defaultLoginTab": "password", "redirectUris": ["https://www.authing.cn"], "showAuthorizationPage": false, "casProviderEnabled": false, "passwordTabConfig": { "enabledLoginMethods": [ "username-password", "email-password", "phone-password" ] }, "name": "go sdk unittest xtgf", "qrcodeScanning": { "redirect": false, "interval": 1500 }, "disabledAzureAdConnections": [], "agreementEnabled": false, "ext": null, "registerDisabled": false, "css": "/* \n Edit login page css\n eg:\n .authing-guard-layout {\n background: black !important;\n }\n Change the background color\n*/", "disabledOidcConnections": [], "ldapConnections": null, "identifier": "go-sdk-unittest-tlhs", "permissionStrategy": { "denyPolicyId": "6141af53fd36e046da0e2b", "defaultStrategy": "ALLOW_ALL", "enabled": true, "allowPolicyId": "6141af531fad402eac9f79" }, "logoutRedirectUris": [], "loginTabs": ["phone-code", "password"], "defaultRegisterTab": "email" } }
复制成功
评价此篇文档
有帮助
无帮助