codescalers · SalmaElsoly · Oct 8, 2025 · Oct 7, 2025 · Oct 7, 2025 · Oct 7, 2025
diff --git a/example/main.go b/example/main.go
@@ -0,0 +1,171 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	rbac "github.com/codescalers/rbac/pkg"
+	"github.com/codescalers/rbac/pkg/store"
+	"gorm.io/driver/sqlite"
+	"gorm.io/gorm"
+)
+
+// Blog represents a blog post resource
+type Blog struct {
+	ID      string
+	Title   string
+	Content string
+	OwnerID string
+}
+
+// Name implements the rbac.Resource interface
+func (b Blog) Name() string {
+	return "blog"
+}
+
+// BlogOwnershipRule ensures users can only access their own blogs
+type BlogOwnershipRule struct{}
+
+func (r BlogOwnershipRule) Name() string {
+	return "blog_ownership"
+}
+
+func (r BlogOwnershipRule) Evaluate(ctx context.Context, subjectID string, resource rbac.Resource) (bool, error) {
+	blog, ok := resource.(Blog)
+	if !ok {
+		return false, fmt.Errorf("expected Blog resource, got %T", resource)
+	}
+
+	// Allow access if the user is the owner
+	return blog.OwnerID == subjectID, nil
+}
+
+func main() {
+	ctx := context.Background()
+
+	// Initialize SQLite database
+	db, err := gorm.Open(sqlite.Open("rbac.db"), &gorm.Config{})
+	if err != nil {
+		log.Fatal("Failed to connect to database:", err)
+	}
+
+	// Create GORM store
+	gormStore, err := store.NewGormStore(db)
+	if err != nil {
+		log.Fatal("Failed to create store:", err)
+	}
+
+	// Initialize RBAC
+	r, err := rbac.NewRBAC(ctx, gormStore)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Register business rule for blog ownership
+	bizRole := rbac.BizRule(BlogOwnershipRule{})
+	if err := r.RegisterBizRule(bizRole); err != nil {
+		log.Fatal(err)
+	}
+
+	// Create permissions
+	readPerm, err := r.CreatePermission(ctx, "blog", "read")
+	if err != nil {
+		log.Fatal(err)
+	}
+	updateOwnPerm, err := r.CreatePermission(ctx, "blog", "update", bizRole.Name())
+	if err != nil {
+		log.Fatal(err)
+	}
+	deleteOwnPerm, err := r.CreatePermission(ctx, "blog", "delete", bizRole.Name())
+	if err != nil {
+		log.Fatal(err)
+	}
+	createPerm, err := r.CreatePermission(ctx, "blog", "create")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	updateAll, err := r.CreatePermission(ctx, "blog", "update")
+	if err != nil {
+		log.Fatal(err)
+	}
+	deleteAll, err := r.CreatePermission(ctx, "blog", "delete")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Create roles
+	userRole, err := r.CreateRole(ctx, "user", "Regular user with blog access")
+	if err != nil {
+		log.Fatal(err)
+	}
+	adminRole, err := r.CreateRole(ctx, "admin", "Administrator with full access", userRole.ID)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("Created roles: user=%s, admin=%s\n", userRole.ID, adminRole.ID)
+
+	//Add user permissions
+	if err := r.AddPermissionToRole(ctx, "user", readPerm.ID); err != nil {
+		log.Fatal(err)
+	}
+	if err := r.AddPermissionToRole(ctx, "user", createPerm.ID); err != nil {
+		log.Fatal(err)
+	}
+	if err := r.AddPermissionToRole(ctx, "user", updateOwnPerm.ID); err != nil {
+		log.Fatal(err)
+	}
+	if err := r.AddPermissionToRole(ctx, "user", deleteOwnPerm.ID); err != nil {
+		log.Fatal(err)
+	}
+
+	//Add admin permissions
+	if err := r.AddPermissionToRole(ctx, "admin", updateAll.ID); err != nil {
+		log.Fatal(err)
+	}
+	if err := r.AddPermissionToRole(ctx, "admin", deleteAll.ID); err != nil {
+		log.Fatal(err)
+	}
+
+	// Create test users
+	adminUserID := "admin-user-123"
+	regularUserID := "regular-user-456"
+
+	// Create subjects with roles using role names
+	if err := r.CreateSubjectWithRole(ctx, adminUserID, "admin"); err != nil {
+		log.Fatal(err)
+	}
+	if err := r.CreateSubjectWithRole(ctx, regularUserID, "user"); err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Println("Created subjects with roles")
+
+	// Test blogs
+	blog1 := Blog{ID: "blog-1", Title: "Admin's Blog", OwnerID: adminUserID}
+	blog2 := Blog{ID: "blog-2", Title: "User's Blog", OwnerID: regularUserID}
+
+	hasPerm, err := r.Can(ctx, regularUserID, "update", blog2)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("User has permission to update blog2: %v\n", hasPerm)
+	hasPerm, err = r.Can(ctx, regularUserID, "update", blog1)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("User has permission to update blog1: %v\n", hasPerm)
+
+	hasPerm, err = r.Can(ctx, adminUserID, "update", blog1)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("Admin has permission to update blog1: %v\n", hasPerm)
+	hasPerm, err = r.Can(ctx, adminUserID, "update", blog2)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("Admin has permission to update blog2: %v\n", hasPerm)
+}
diff --git a/go.mod b/go.mod
@@ -2,4 +2,23 @@ module github.com/codescalers/rbac
 
 go 1.24.6
 
-require github.com/google/uuid v1.6.0
+require (
+	github.com/google/uuid v1.6.0
+	go.uber.org/mock v0.6.0
+	gorm.io/gorm v1.31.0
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/mattn/go-sqlite3 v1.14.22 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/testify v1.11.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
+
+require (
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jinzhu/now v1.1.5 // indirect
+	golang.org/x/text v0.20.0 // indirect
+	gorm.io/driver/sqlite v1.6.0
+)
diff --git a/go.sum b/go.sum
@@ -1,2 +1,25 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
+github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
+github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
+github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
+go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gorm.io/driver/sqlite v1.6.0 h1:WHRRrIiulaPiPFmDcod6prc4l2VGVWHz80KspNsxSfQ=
+gorm.io/driver/sqlite v1.6.0/go.mod h1:AO9V1qIQddBESngQUKWL9yoH93HIeA1X6V633rBwyT8=
+gorm.io/gorm v1.31.0 h1:0VlycGreVhK7RF/Bwt51Fk8v0xLiiiFdbGDPIZQ7mJY=
+gorm.io/gorm v1.31.0/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=