RBAC API
واجهة برمجة تطبيقات أكثر ودية لـ RBAC هذه الواجهة هي مجموعة فرعية من واجهة إدارة API يمكن لمستخدمي RBAC استخدام هذه الواجهة لتبسيط الكود
مرجع
المتغير العالمي e
هو مثيل Enforcer
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e, err := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')
$e = new Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv');
e = casbin.Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
var e = new Enforcer("path/to/model.conf", "path/to/policy.csv");
let mut e = Enforcer::new("examples/rbac_model.conf", "examples/rbac_policy.csv").await?;
Enforcer e = new Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv");
GetRolesForUser()
GetRolesForUser يحصل على الأدوار التي يمتلكها المستخدم
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
res := e.GetRolesForUser("alice")
const res = await e.getRolesForUser('alice')
$res = $e->getRolesForUser("alice");
roles = e.get_roles_for_user("alice")
var res = e.GetRolesForUser("alice");
let roles = e.get_roles_for_user("alice", None); // No domain
List<String> res = e.getRolesForUser("alice");
GetUsersForRole()
GetUsersForRole يحصل على المستخدمين الذين يمتلكون دورًا
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
res := e.GetUsersForRole("data1_admin")
const res = await e.getUsersForRole('data1_admin')
$res = $e->getUsersForRole("data1_admin");
users = e.get_users_for_role("data1_admin")
var res = e.GetUsersForRole("data1_admin");
let users = e.get_users_for_role("data1_admin", None); // No domain
List<String> res = e.getUsersForRole("data1_admin");
HasRoleForUser()
HasRoleForUser يحدد ما إذا كان المستخدم يمتلك دورًا
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
res := e.HasRoleForUser("alice", "data1_admin")
const res = await e.hasRoleForUser('alice', 'data1_admin')
$res = $e->hasRoleForUser("alice", "data1_admin");
has = e.has_role_for_user("alice", "data1_admin")
var res = e.HasRoleForUser("alice", "data1_admin");
let has = e.has_role_for_user("alice", "data1_admin", None); // No domain
boolean res = e.hasRoleForUser("alice", "data1_admin");
AddRoleForUser()
AddRoleForUser يضيف دورًا للمستخدم يعود بالقيمة false إذا كان المستخدم يمتلك الدور بالفعل (أي لا تأثير)
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e.AddRoleForUser("alice", "data2_admin")
await e.addRoleForUser('alice', 'data2_admin')
$e->addRoleForUser("alice", "data2_admin");
e.add_role_for_user("alice", "data2_admin")
var added = e.AddRoleForUser("alice", "data2_admin");
or
var added = await e.AddRoleForUserAsync("alice", "data2_admin");
let added = e.add_role_for_user("alice", "data2_admin", None).await?; // No domain
boolean added = e.addRoleForUser("alice", "data2_admin");
AddRolesForUser()
AddRolesForUser يضيف أدوارًا متعددة للمستخدم يعود بالقيمة false إذا كان المستخدم يمتلك أحد هذه الأدوار بالفعل (أي لا تأثير)
على سبيل المثال:
- Go
- Node.js
- Rust
var roles = []string{"data2_admin", "data1_admin"}
e.AddRolesForUser("alice", roles)
const roles = ["data1_admin", "data2_admin"];
roles.map((role) => e.addRoleForUser("alice", role));
let roles = vec!["data1_admin".to_owned(), "data2_admin".to_owned()];
let all_added = e.add_roles_for_user("alice", roles, None).await?; // No domain
DeleteRoleForUser()
DeleteRoleForUser يحذف دورًا للمستخدم يعود بالقيمة false إذا لم يكن المستخدم يمتلك الدور (أي لا تأثير)
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e.DeleteRoleForUser("alice", "data1_admin")
await e.deleteRoleForUser('alice', 'data1_admin')
$e->deleteRoleForUser("alice", "data1_admin");
e.delete_role_for_user("alice", "data1_admin")
var deleted = e.DeleteRoleForUser("alice", "data1_admin");
or
var deleted = await e.DeleteRoleForUser("alice", "data1_admin");
let deleted = e.delete_role_for_user("alice", "data1_admin", None).await?; // No domain
boolean deleted = e.deleteRoleForUser("alice", "data1_admin");
DeleteRolesForUser()
DeleteRolesForUser يحذف جميع الأدوار للمستخدم يعود بالقيمة false إذا لم يكن المستخدم يمتلك أي أدوار (أي لا تأثير)
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e.DeleteRolesForUser("alice")
await e.deleteRolesForUser('alice')
$e->deleteRolesForUser("alice");
e.delete_roles_for_user("alice")
var deletedAtLeastOne = e.DeleteRolesForUser("alice");
or
var deletedAtLeastOne = await e.DeleteRolesForUserAsync("alice");
let deleted_at_least_one = e.delete_roles_for_user("alice", None).await?; // No domain
boolean deletedAtLeastOne = e.deleteRolesForUser("alice");
DeleteUser()
DeleteUser يحذف مستخدمًا يعود بالقيمة false إذا لم يكن المستخدم موجودًا (أي لا تأثير)
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e.DeleteUser("alice")
await e.deleteUser('alice')
$e->deleteUser("alice");
e.delete_user("alice")
var deleted = e.DeleteUser("alice");
or
var deleted = await e.DeleteUserAsync("alice");
let deleted = e.delete_user("alice").await?;
boolean deleted = e.deleteUser("alice");
DeleteRole()
DeleteRole يحذف دورًا
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e.DeleteRole("data2_admin")
await e.deleteRole("data2_admin")
$e->deleteRole("data2_admin");
e.delete_role("data2_admin")
var deleted = e.DeleteRole("data2_admin");
or
var deleted = await e.DeleteRoleAsync("data2_admin");
let deleted = e.delete_role("data2_admin").await?;
e.deleteRole("data2_admin");
DeletePermission()
DeletePermission يحذف إذنًا يعود بالقيمة false إذا لم يكن الإذن موجودًا (أي لا تأثير)
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e.DeletePermission("read")
await e.deletePermission('read')
$e->deletePermission("read");
e.delete_permission("read")
var deleted = e.DeletePermission("read");
or
var deleted = await e.DeletePermissionAsync("read");
let deleted = e.delete_permission(vec!["read".to_owned()]).await?;
boolean deleted = e.deletePermission("read");
AddPermissionForUser()
AddPermissionForUser يضيف إذنًا لمستخدم أو دور يعود بالقيمة false إذا كان المستخدم أو الدور يمتلك الإذن بالفعل (أي لا تأثير)
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e.AddPermissionForUser("bob", "read")
await e.addPermissionForUser('bob', 'read')
$e->addPermissionForUser("bob", "read");
e.add_permission_for_user("bob", "read")
var added = e.AddPermissionForUser("bob", "read");
or
var added = await e.AddPermissionForUserAsync("bob", "read");
let added = e.add_permission_for_user("bob", vec!["read".to_owned()]).await?;
boolean added = e.addPermissionForUser("bob", "read");
AddPermissionsForUser()
AddPermissionsForUser يضيف أذونات متعددة لمستخدم أو دور يعود بالقيمة false إذا كان المستخدم أو الدور يمتلك أحد الأذونات بالفعل (أي لا تأثير)
على سبيل المثال:
- Go
- Node.js
- Rust
var permissions = [][]string{{"data1", "read"},{"data2","write"}}
for i := 0; i < len(permissions); i++ {
e.AddPermissionsForUser("alice", permissions[i])
}
const permissions = [
["data1", "read"],
["data2", "write"],
];
permissions.map((permission) => e.addPermissionForUser("bob", ...permission));
let permissions = vec![
vec!["data1".to_owned(), "read".to_owned()],
vec!["data2".to_owned(), "write".to_owned()],
];
let all_added = e.add_permissions_for_user("bob", permissions).await?;
DeletePermissionForUser()
DeletePermissionForUser يحذف إذنًا لمستخدم أو دور يعود بالقيمة false إذا لم يكن المستخدم أو الدور يمتلك الإذن (أي لا تأثير)
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e.DeletePermissionForUser("bob", "read")
await e.deletePermissionForUser("bob", "read")
$e->deletePermissionForUser("bob", "read");
e.delete_permission_for_user("bob", "read")
var deleted = e.DeletePermissionForUser("bob", "read");
or
var deleted = await e.DeletePermissionForUserAsync("bob", "read");
let deleted = e.delete_permission_for_user("bob", vec!["read".to_owned()]).await?;
boolean deleted = e.deletePermissionForUser("bob", "read");
DeletePermissionsForUser()
DeletePermissionsForUser يحذف الأذونات لمستخدم أو دور يعود بالقيمة false إذا لم يكن المستخدم أو الدور يمتلك أي أذونات (أي لا تأثير)
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e.DeletePermissionsForUser("bob")
await e.deletePermissionsForUser('bob')
$e->deletePermissionsForUser("bob");
e.delete_permissions_for_user("bob")
var deletedAtLeastOne = e.DeletePermissionsForUser("bob");
or
var deletedAtLeastOne = await e.DeletePermissionsForUserAsync("bob");
let deleted_at_least_one = e.delete_permissions_for_user("bob").await?;
boolean deletedAtLeastOne = e.deletePermissionForUser("bob");
GetPermissionsForUser()
GetPermissionsForUser يحصل على الأذونات لمستخدم أو دور
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Java
e.GetPermissionsForUser("bob")
await e.getPermissionsForUser('bob')
$e->getPermissionsForUser("bob");
e.get_permissions_for_user("bob")
var permissions = e.GetPermissionsForUser("bob");
List<List<String>> permissions = e.getPermissionsForUser("bob");
HasPermissionForUser()
HasPermissionForUser يحدد ما إذا كان المستخدم يمتلك إذنًا
على سبيل المثال:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e.HasPermissionForUser("alice", []string{"read"})
await e.hasPermissionForUser('alice', 'read')
$e->hasPermissionForUser("alice", []string{"read"});
has = e.has_permission_for_user("alice", "read")
var has = e.HasPermissionForUser("bob", "read");
let has = e.has_permission_for_user("alice", vec!["data1".to_owned(), "read".to_owned()]);
boolean has = e.hasPermissionForUser("alice", "read");
GetImplicitRolesForUser()
GetImplicitRolesForUser gets implicit roles that a user has. Compared to GetRolesForUser(), this function retrieves indirect roles besides direct roles.
For example:
g, alice, role:admin
g, role:admin, role:user
GetRolesForUser("alice") can only get: ["role:admin"].\ But GetImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e.GetImplicitRolesForUser("alice")
await e.getImplicitRolesForUser("alice")
$e->getImplicitRolesForUser("alice");
e.get_implicit_roles_for_user("alice")
var implicitRoles = e.GetImplicitRolesForUser("alice");
e.get_implicit_roles_for_user("alice", None); // No domain
List<String> implicitRoles = e.getImplicitRolesForUser("alice");
GetImplicitUsersForRole()
GetImplicitUsersForRole gets all users inheriting the role. Compared to GetUsersForRole(), this function retrieves indirect users.
For example:
g, alice, role:admin
g, role:admin, role:user
GetUsersForRole("role:user") can only get: ["role:admin"].\ But GetImplicitUesrsForRole("role:user") will get: ["role:admin", "alice"].
For example:
- Go
- Node.js
- Java
users := e.GetImplicitUsersForRole("role:user")
const users = e.getImplicitUsersForRole("role:user");
List<String> users = e.getImplicitUsersForRole("role:user");
GetImplicitPermissionsForUser()
GetImplicitPermissionsForUser gets implicit permissions for a user or role.\ Compared to GetPermissionsForUser(), this function retrieves permissions for inherited roles.
For example:
p, admin, data1, read
p, alice, data2, read
g, alice, admin
GetPermissionsForUser("alice") can only get: [["alice", "data2", "read"]].\ But GetImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e.GetImplicitPermissionsForUser("alice")
await e.getImplicitPermissionsForUser("alice")
$e->getImplicitPermissionsForUser("alice");
e.get_implicit_permissions_for_user("alice")
var implicitPermissions = e.GetImplicitPermissionsForUser("alice");
e.get_implicit_permissions_for_user("alice", None); // No domain
List<List<String>> implicitPermissions = e.getImplicitPermissionsForUser("alice");
GetNamedImplicitPermissionsForUser()
GetNamedImplicitPermissionsForUser gets implicit permissions for a user or role by named policy Compared to GetImplicitPermissionsForUser(), this function allow you to specify the policy name.
For example:
p, admin, data1, read
p2, admin, create
g, alice, admin
GetImplicitPermissionsForUser("alice") only get: [["admin", "data1", "read"]], whose policy is default "p"
But you can specify the policy as "p2" to get: [["admin", "create"]] by GetNamedImplicitPermissionsForUser("p2","alice")
For example:
- Go
- Python
e.GetNamedImplicitPermissionsForUser("p2","alice")
e.get_named_implicit_permissions_for_user("p2", "alice")
GetDomainsForUser()
GetDomainsForUser gets all domains which a user has.
For example:
p, admin, domain1, data1, read
p, admin, domain2, data2, read
p, admin, domain2, data2, write
g, alice, admin, domain1
g, alice, admin, domain2
GetDomainsForUser("alice") could get ["domain1", "domain2"]
For example:
- Go
result, err := e.GetDomainsForUser("alice")
GetImplicitResourcesForUser()
GetImplicitResourcesForUser returns all policies that should be true for user.
For example:
p, alice, data1, read
p, bob, data2, write
p, data2_admin, data2, read
p, data2_admin, data2, write
g, alice, data2_admin
GetImplicitResourcesForUser("alice") will return
[[alice data1 read] [alice data2 read] [alice data2 write]]
- Go
resources, err := e.GetImplicitResourcesForUser("alice")
GetImplicitUsersForPermission()
GetImplicitUsersForPermission gets implicit users for a permission.
For example:
p, admin, data1, read
p, bob, data1, read
g, alice, admin
GetImplicitUsersForPermission("data1", "read") will return: ["alice", "bob"]
.
Note: only users will be returned, roles (2nd arg in "g") will be excluded.
- Go
users, err := e.GetImplicitUsersForPermission("data1", "read")
GetAllowedObjectConditions()
GetAllowedObjectConditions returns a string array of object conditions that the user can access.
For example:
p, alice, r.obj.price < 25, read
p, admin, r.obj.category_id = 2, read
p, bob, r.obj.author = bob, write
g, alice, admin
e.GetAllowedObjectConditions("alice", "read", "r.obj.") will return ["price < 25", "category_id = 2"], nil
Note:
prefix: You can customize the prefix of the object conditions, and "r.obj." is commonly used as a prefix. After removing the prefix, the remaining part is the condition of the object. If there is an obj policy that does not meet the prefix requirement, an
errors.ERR_OBJ_CONDITION
will be returned.If the 'objectConditions' array is empty, return
errors.ERR_EMPTY_CONDITION
This error is returned because some data adapters' ORM return full table data by default when they receive an empty condition, which tends to behave contrary to expectations.(e.g. GORM) If you are using an adapter that does not behave like this, you can choose to ignore this error.
- Go
conditions, err := e.GetAllowedObjectConditions("alice", "read", "r.obj.")
GetImplicitUsersForResource()
GetImplicitUsersForResource return implicit user based on resource.
For example:
p, alice, data1, read
p, bob, data2, write
p, data2_admin, data2, read
p, data2_admin, data2, write
g, alice, data2_admin
GetImplicitUsersForResource("data2") will return [["bob", "data2", "write"], ["alice", "data2", "read"] ["alice", "data2", "write"]], nil
.
GetImplicitUsersForResource("data1") will return [["alice", "data1", "read"]], nil
.
- Go
ImplicitUsers, err := e.GetImplicitUsersForResource("data2")
Only users will be returned, roles (2nd arg in "g") will be excluded.