// compareValues 比较值
func compareValues(left, right interface{}) int {
// 简化实现,实际应用中需要更完善的类型处理
switch left := left.(type) {
case int:
if right, ok := right.(int); ok {
if left > right {
return 1
} else if left < right {
return -1
}
return 0
}
case float64:
if right, ok := right.(float64); ok {
if left > right {
return 1
} else if left < right {
return -1
}
return 0
}
case string:
if right, ok := right.(string); ok {
return strings.Compare(left, right)
}
}
return 0
}
// inValues 检查值是否在数组中
func inValues(value, array interface{}) bool {
if arr, ok := array.([]interface{}); ok {
for _, item := range arr {
if item == value {
return true
}
}
}
return false
}
// containsValue 检查数组是否包含值
func containsValue(array, value interface{}) bool {
if arr, ok := array.([]interface{}); ok {
for _, item := range arr {
if item == value {
return true
}
}
}
return false
}
// GenerateCacheKey 生成缓存键
func (hac *HybridAccessControl) GenerateCacheKey(request *AccessRequest) string {
// 简化实现,实际应用中需要更复杂的键生成策略
return fmt.Sprintf(“%s:%s:%s”,
request.Subject.ID,
request.Resource.ID,
request.Action.Name)
}
// CheckAccess 检查访问权限
func (hac *HybridAccessControl) CheckAccess(request *AccessRequest) (*AccessDecision, error) {
// 生成缓存键
cacheKey := hac.GenerateCacheKey(request)
// 检查缓存 if decision, exists := hac.cache.Get(cacheKey); exists { return decision, nil } // 通过策略引擎评估 decision, err := hac.policyEngine.Evaluate(request) if err != nil { return nil, fmt.Errorf("policy engine evaluation failed: %w", err) } // 如果策略引擎没有给出决策,则使用RBAC+ABAC混合评估 if decision.DecisionType == DecisionTypeDefault { decision, err = hac.evaluateHybrid(request) if err != nil { return nil, fmt.Errorf("hybrid evaluation failed: %w", err) } } // 缓存决策 hac.cache.Set(cacheKey, decision) return decision, nil}
// evaluateHybrid 混合评估
func (hac *HybridAccessControl) evaluateHybrid(request *AccessRequest) (*AccessDecision, error) {
// 根据配置决定优先级
if hac.config.RBACPriority {
// RBAC优先
return hac.evaluateRBACFirst(request)
} else {
// A