Management API
The primitive API that provides full support for Casbin policy management.
Reference
global variable e is Enforcer instance.
e := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')
$e = new Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv');
let mut e = Enforce::new("examples/rbac_model.conf", "examples/rbac_policy.csv").await?;
GetAllSubjects()
GetAllSubjects gets the list of subjects that show up in the current policy.
For example:
allSubjects := e.GetAllSubjects()
const allSubjects = await e.getAllSubjects()
$allSubjects = $e->getAllSubjects();
let all_subjects = e.get_all_subjects();
GetAllNamedSubjects()
GetAllNamedSubjects gets the list of subjects that show up in the current named policy.
For example:
allNamedSubjects := e.GetAllNamedSubjects("p")
const allNamedSubjects = await e.getAllNamedSubjects('p')
$allNamedSubjects = $e->getAllNamedSubjects("p");
let all_named_subjects = e.get_all_named_subjects("p");
GetAllObjects()
GetAllObjects gets the list of objects that show up in the current policy.
For example:
allObjects := e.GetAllObjects()
const allObjects = await e.getAllObjects()
$allObjects = $e->getAllObjects();
let all_objects = e.get_all_objects();
GetAllNamedObjects()
GetAllNamedObjects gets the list of objects that show up in the current named policy.
For example:
allNamedObjects := e.GetAllNamedObjects("p")
const allNamedObjects = await e.getAllNamedObjects('p')
$allNamedObjects = $e->getAllNamedObjects("p");
let all_named_objects = e.get_all_named_objects("p");
GetAllActions()
GetAllActions gets the list of actions that show up in the current policy.
For example:
allActions := e.GetAllActions()
const allActions = await e.getAllActions()
$allActions = $e->getAllActions();
let all_actions = e.get_all_actions();
GetAllNamedActions()
GetAllNamedActions gets the list of actions that show up in the current named policy.
For example:
allNamedActions := e.GetAllNamedActions("p")
const allNamedActions = await e.getAllNamedActions('p')
$allNamedActions = $e->getAllNamedActions("p");
let all_named_actions = e.get_all_named_actions("p");
GetAllRoles()
GetAllRoles gets the list of roles that show up in the current policy.
For example:
allRoles = e.GetAllRoles()
const allRoles = await e.getAllRoles()
$allRoles = $e->getAllRoles();
let all_roles = e.get_all_roles();
GetAllNamedRoles()
GetAllNamedRoles gets the list of roles that show up in the current named policy.
For example:
allNamedRoles := e.GetAllNamedRoles("g")
const allNamedRoles = await e.getAllNamedRoles('g')
$allNamedRoles = $e->getAllNamedRoles('g');
let all_named_roles = e.get_all_named_roles("g");
GetPolicy()
GetPolicy gets all the authorization rules in the policy.
For example:
policy = e.GetPolicy()
const policy = await e.getPolicy()
$policy = $e->getPolicy();
let policy = e.get_policy();
GetFilteredPolicy()
GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.
For example:
filteredPolicy := e.GetFilteredPolicy(0, "alice")
const filteredPolicy = await e.getFilteredPolicy(0, 'alice')
$filteredPolicy = $e->getFilteredPolicy(0, "alice");
let filtered_policy = e.get_filtered_policy(0, vec!["alice".to_owned()]);
GetNamedPolicy()
GetNamedPolicy gets all the authorization rules in the named policy.
For example:
namedPolicy := e.GetNamedPolicy("p")
const namedPolicy = await e.getNamedPolicy('p')
$namedPolicy = $e->getNamedPolicy("p");
let named_policy = e.get_named_policy("p");
GetFilteredNamedPolicy()
GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.
For example:
filteredNamedPolicy = e.GetFilteredNamedPolicy("p", 0, "bob")
const filteredNamedPolicy = await e.getFilteredNamedPolicy('p', 0, 'bob')
$filteredNamedPolicy = $e->getFilteredNamedPolicy("p", 0, "bob");
let filtered_named_policy = e.get_filtered_named_policy("p", 0, vec!["bob".to_owned()]);
GetGroupingPolicy()
GetGroupingPolicy gets all the role inheritance rules in the policy.
For example:
groupingPolicy := e.GetGroupingPolicy()
const groupingPolicy = await e.getGroupingPolicy()
$groupingPolicy = $e->getGroupingPolicy();
let grouping_policy = e.get_grouping_policy();
GetFilteredGroupingPolicy()
GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
For example:
filteredGroupingPolicy := e.GetFilteredGroupingPolicy(0, "alice")
const filteredGroupingPolicy = await e.getFilteredGroupingPolicy(0, 'alice')
$filteredGroupingPolicy = $e->getFilteredGroupingPolicy(0, "alice");
let filtered_grouping_policy = e.get_filtered_grouping_policy(0, vec!["alice".to_owned()]);
GetNamedGroupingPolicy()
GetNamedGroupingPolicy gets all the role inheritance rules in the policy.
For example:
namedGroupingPolicy := e.GetNamedGroupingPolicy("g")
const namedGroupingPolicy = await e.getNamedGroupingPolicy('g')
$namedGroupingPolicy = $e->getNamedGroupingPolicy("g");
let named_grouping_policy = e.get_named_grouping_policy("g");
GetFilteredNamedGroupingPolicy()
GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy.
For example:
namedGroupingPolicy := e.GetFilteredNamedGroupingPolicy("g", 0, "alice")
const namedGroupingPolicy = await e.getFilteredNamedGroupingPolicy('g', 0, 'alice')
$namedGroupingPolicy = $e->getFilteredNamedGroupingPolicy("g", 0, "alice");
let named_grouping_policy = e.get_filtered_named_groupingPolicy("g", 0, vec!["alice".to_owned()]);
HasPolicy()
HasPolicy determines whether an authorization rule exists.
For example:
hasPolicy := e.HasPolicy("data2_admin", "data2", "read")
const hasPolicy = await e.hasPolicy('data2_admin', 'data2', 'read')
$hasPolicy = $e->hasPolicy('data2_admin', 'data2', 'read');
let has_policy = e.has_policy(vec!["data2_admin".to_owned(), "data2".to_owned(), "read".to_owned()]);
HasNamedPolicy()
HasNamedPolicy determines whether a named authorization rule exists.
For example:
hasNamedPolicy := e.HasNamedPolicy("p", "data2_admin", "data2", "read")
const hasNamedPolicy = await e.hasNamedPolicy('p', 'data2_admin', 'data2', 'read')
$hasNamedPolicy = $e->hasNamedPolicy("p", "data2_admin", "data2", "read");
let has_named_policy = e.has_named_policy("p", vec!["data2_admin".to_owned(), "data2".to_owned(), "read".to_owned()]);
AddPolicy()
AddPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
added := e.AddPolicy("eve", "data3", "read")
const p = ['eve', 'data3', 'read']
const added = await e.addPolicy(...p)
$added = $e->addPolicy('eve', 'data3', 'read');
let added = e.add_policy(vec!["eve".to_owned(), "data3".to_owned(), "read".to_owned()]);
AddPolicies()
AddPolicies adds authorization rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all authorization the rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddPolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_added = e.add_policies(rules).await?
AddNamedPolicy()
AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
added := e.AddNamedPolicy("p", "eve", "data3", "read")
const p = ['eve', 'data3', 'read']
const added = await e.addNamedPolicy('p', ...p)
$added = $e->addNamedPolicy("p", "eve", "data3", "read");
let added = e.add_named_policy("p", vec!["eve".to_owned(), "data3".to_owned(), "read".to_owned()]).await?;
AddNamedPolicies()
AddNamedPolicies adds authorization rules to the current named policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all authorization the rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddNamedPolicies("p", rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_added := e.add_named_policies("p", rules).await?;
RemovePolicy()
RemovePolicy removes an authorization rule from the current policy.
For example:
removed := e.RemovePolicy("alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removePolicy(...p)
$removed = $e->removePolicy("alice", "data1", "read");
let removed = e.remove_policy(vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
RemovePolicies()
RemovePolicies removes authorization rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all authorization the rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemovePolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_removed = e.remove_policies(rules).await?;
RemoveFilteredPolicy()
RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. RemovePolicy removes an authorization rule from the current policy.
For example:
removed := e.RemoveFilteredPolicy(0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredPolicy(0, ...p)
$removed = $e->removeFilteredPolicy(0, "alice", "data1", "read");
let removed = e.remove_filtered_policy(0, vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
RemoveNamedPolicy()
RemoveNamedPolicy removes an authorization rule from the current named policy.
For example:
removed := e.RemoveNamedPolicy("p", "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeNamedPolicy('p', ...p)
$removed = $e->removeNamedPolicy("p", "alice", "data1", "read");
let removed = e.remove_named_policy("p", vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
RemoveNamedPolicies()
RemoveNamedPolicies removes authorization rules from the current named policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all authorization the rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemoveNamedPolicies("p", rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let areRulesRemoved = e.remove_named_policies("p", rules).await?;
RemoveFilteredNamedPolicy()
RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.
For example:
removed := e.RemoveFilteredNamedPolicy("p", 0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredNamedPolicy('p', 0, ...p)
$removed = $e->removeFilteredNamedPolicy("p", 0, "alice", "data1", "read");
let removed = e.remove_filtered_named_policy("p", 0, vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
HasGroupingPolicy()
HasGroupingPolicy determines whether a role inheritance rule exists.
For example:
has := e.HasGroupingPolicy("alice", "data2_admin")
const has = await e.hasGroupingPolicy('alice', 'data2_admin')
$has = $e->hasGroupingPolicy("alice", "data2_admin");
let has = e.has_grouping_policy(vec!["alice".to_owned(), "data2_admin".to_owned()]);
HasNamedGroupingPolicy()
HasNamedGroupingPolicy determines whether a named role inheritance rule exists.
For example:
has := e.HasNamedGroupingPolicy("g", "alice", "data2_admin")
const has = await e.hasNamedGroupingPolicy('g', 'alice', 'data2_admin')
$has = $e->hasNamedGroupingPolicy("g", "alice", "data2_admin");
let has = e.has_named_grouping_policy("g", vec!["alice".to_owned(), "data2_admin".to_owned()]);
AddGroupingPolicy()
AddGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
added := e.AddGroupingPolicy("group1", "data2_admin")
const added = await e.addGroupingPolicy('group1', 'data2_admin')
$added = $e->addGroupingPolicy("group1", "data2_admin");
let added = e.add_grouping_policy(vec!["group1".to_owned(), "data2_admin".to_owned()]).await?;
AddGroupingPolicies()
AddGroupingPolicies adds role inheritance rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all authorization the rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddGroupingPolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];
let areRulesAdded = e.add_grouping_policies(rules).await?;
AddNamedGroupingPolicy()
AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
added := e.AddNamedGroupingPolicy("g", "group1", "data2_admin")
const added = await e.addNamedGroupingPolicy('g', 'group1', 'data2_admin')
$added = $e->addNamedGroupingPolicy("g", "group1", "data2_admin");
let added = e.add_named_grouping_policy("g", vec!["group1".to_owned(), "data2_admin".to_owned()]).await?;
AddNamedGroupingPolicies()
AddNamedGroupingPolicies adds named role inheritance rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all authorization the rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddNamedGroupingPolicies("g", rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];
let are_rules_added = e.add_named_grouping_policies("g", rules).await?;
RemoveGroupingPolicy()
RemoveGroupingPolicy removes a role inheritance rule from the current policy.
For example:
removed := e.RemoveGroupingPolicy("alice", "data2_admin")
const removed = await e.removeGroupingPolicy('alice', 'data2_admin')
$removed = $e->removeGroupingPolicy("alice", "data2_admin");
let removed = e.remove_grouping_policy(vec!["alice".to_owned(), "data2_admin".to_owned()]).await?;
RemoveGroupingPolicies()
RemoveGroupingPolicies removes role inheritance rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all authorization the rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemoveGroupingPolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];
let are_rules_removed = e.remove_grouping_policies(rules).await?;
RemoveFilteredGroupingPolicy()
RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.
For example:
removed := e.RemoveFilteredGroupingPolicy(0, "alice")
const removed = await e.removeFilteredGroupingPolicy(0, 'alice')
$removed = $e->removeFilteredGroupingPolicy(0, "alice");
let removed = e.remove_filtered_grouping_policy(0, vec!["alice".to_owned()]).await?;
RemoveNamedGroupingPolicy()
RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy.
For example:
removed := e.RemoveNamedGroupingPolicy("g", "alice")
const removed = await e.removeNamedGroupingPolicy('g', 'alice')
$removed = $e->removeNamedGroupingPolicy("g", "alice");
let removed = e.remove_named_grouping_policy("g", vec!["alice".to_owned()]).await?;
RemoveNamedGroupingPolicies()
RemoveNamedGroupingPolicies removes named role inheritance rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all authorization the rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemoveNamedGroupingPolicies("g", rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];
let are_rules_removed = e.remove_named_grouping_policies("g", rules).await?;
RemoveFilteredNamedGroupingPolicy()
RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.
For example:
removed := e.RemoveFilteredNamedGroupingPolicy("g", 0, "alice")
const removed = await e.removeFilteredNamedGroupingPolicy('g', 0, 'alice')
$removed = $e->removeFilteredNamedGroupingPolicy("g", 0, "alice");
let removed = e.remove_filtered_named_groupingPolicy("g", 0, vec!["alice".to_owned()]).await?;
AddFunction()
AddFunction adds a customized function.
For example:
func CustomFunction(key1 string, key2 string) bool {
if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" {
return true
} else if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId" {
return true
} else {
return false
}
}
func CustomFunctionWrapper(args ...interface{}) (interface{}, error) {
key1 := args[0].(string)
key2 := args[1].(string)
return bool(CustomFunction(key1, key2)), nil
}
e.AddFunction("keyMatchCustom", CustomFunctionWrapper)
Method is not implemented
func customFunction($key1, $key2) {
if ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data/:resource") {
return true;
} elseif ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data2/:id/using/:resId") {
return true;
} else {
return false;
}
}
func customFunctionWrapper(...$args){
$key1 := $args[0];
$key2 := $args[1];
return customFunction($key1, $key2);
}
$e->addFunction("keyMatchCustom", customFunctionWrapper);
fn custom_function(key1: STring, key2: String) {
key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" || key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId"
}
e.add_function("keyMatchCustom", custom_function);