Role Manager API

The RoleManager interface defines how role hierarchy and user–role links are stored and queried. You can attach matching functions so that wildcards (e.g. *) in role or domain names are supported. Below, e is an Enforcer and rm is a RoleManager.

RoleManager API

AddNamedMatchingFunc

Registers a matching function for a policy type (e.g. g). Used when evaluating role links so that patterns like * match multiple names.

    e.AddNamedMatchingFunc("g", "", util.KeyMatch)
    _, _ = e.AddGroupingPolicies([][]string{{"*", "admin", "domain1"}})
    _, _ = e.GetRoleManager().HasLink("bob", "admin", "domain1") // -> true, nil

    await e.addNamedMatchingFunc('g', Util.keyMatchFunc);
    await e.addGroupingPolicies([['*', 'admin', 'domain1']]);
    await e.getRoleManager().hasLink('bob', 'admin', 'domain1');

AddNamedDomainMatchingFunc

Registers a matching function for the domain field in role links (e.g. in g with three arguments). Enables wildcards in domain names.

Example:

    e, _ := casbin.NewEnforcer("path/to/model", "path/to/policy")
    e.AddNamedDomainMatchingFunc("g", "", util.MatchKey)

    const e = await newEnforcer('path/to/model', 'path/to/policy');
    await e.addNamedDomainMatchingFunc('g', Util.keyMatchFunc);

GetRoleManager

Returns the role manager used for the default grouping policy type (e.g. g).

    rm := e.GetRoleManager()

    const rm = await e.getRoleManager();

    rm = e.get_role_manager()

GetNamedRoleManager

Returns the role manager for a specific policy type (e.g. g2).

    rm := e.GetNamedRoleManager("g2")

    const rm = await e.getNamedRoleManager("g2");

    rm = e.get_named_role_manager("g2")

SetRoleManager

Sets the role manager for the default grouping policy type.

    e.SetRoleManager(rm)

    e.setRoleManager(rm);

    rm = e.set_role_manager(rm)

SetNamedRoleManager

Sets the role manager for a specific policy type (e.g. g2).

    rm := e.SetNamedRoleManager("g2", rm)

    rm = e.set_role_manager("g2", rm)

Clear

Clears all role/link data in the role manager.

    rm.Clear()

    await rm.clear();

    rm.clear()

AddLink

Adds a link so that name1 has role name2 in the given domain (or with the domain as a prefix, depending on the model).

    rm.AddLink("u1", "g1", "domain1")

    await rm.addLink('u1', 'g1', 'domain1');

    rm.add_link("u1", "g1", "domain1")

DeleteLink

Removes the link between name1 and name2 in the given domain.

    rm.DeleteLink("u1", "g1", "domain1")

    await rm.deleteLink('u1', 'g1', 'domain1');

    rm.delete_link("u1", "g1", "domain1")

HasLink

Returns whether name1 has role name2 (directly or by inheritance) in the given domain.

    rm.HasLink("u1", "g1", "domain1")

    await rm.hasLink('u1', 'g1', 'domain1');

    rm.has_link("u1", "g1", "domain1")

GetRoles

Returns all roles the user has in the given domain (including inherited).

    rm.GetRoles("u1", "domain1")

    await rm.getRoles('u1', 'domain1');

    rm.get_roles("u1", "domain")

GetUsers

Returns all users that have the given role (in the default domain, if applicable).

    rm.GetUsers("g1")

    await rm.getUsers('g1');

    rm.get_users("g1")

PrintRoles

Prints all roles to the role manager’s logger (for debugging).

    rm.PrintRoles()

    await rm.printRoles();

    rm.print_roles()

SetLogger

Sets the logger used by the role manager (e.g. for PrintRoles).

    logger := log.DefaultLogger{}
    logger.EnableLog(true)
    rm.SetLogger(&logger)
    _ = rm.PrintRoles()

GetDomains

Returns the domains in which the user has at least one role. (Go only; signature may vary.)

    result, err := rm.GetDomains(name)

RoleManager API​

AddNamedMatchingFunc​

AddNamedDomainMatchingFunc​

GetRoleManager​

GetNamedRoleManager​

SetRoleManager​

SetNamedRoleManager​

Clear​

AddLink​

DeleteLink​

HasLink​

GetRoles​

GetUsers​

PrintRoles​

SetLogger​

GetDomains​