RBAC API
A more friendly API for RBAC. This API is a subset of Management API. The RBAC users could use this API to simplify the code.
Reference
global variable e is Enforcer instance.
e := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')
GetRolesForUser()
GetRolesForUser gets the roles that a user has.
For example:
res := e.GetRolesForUser("alice")
const res = e.getRolesForUser('alice')
GetUsersForRole()
GetUsersForRole gets the users that has a role.
For example:
res := e.GetUsersForRole("data1_admin")
const res = e.getUsersForRole('data1_admin')
HasRoleForUser()
HasRoleForUser determines whether a user has a role.
For example:
res := e.HasRoleForUser("alice", "data1_admin")
const res = e.hasRoleForUser('alice', 'data1_admin')
AddRoleForUser()
AddRoleForUser adds a role for a user. Returns false if the user already has the role (aka not affected).
For example:
e.AddRoleForUser("alice", "data2_admin")
await e.addRoleForUser('alice', 'data2_admin')
DeleteRoleForUser()
DeleteRoleForUser deletes a role for a user. Returns false if the user does not have the role (aka not affected).
For example:
e.DeleteRoleForUser("alice", "data1_admin")
await e.deleteRoleForUser('alice', 'data1_admin')
DeleteRolesForUser()
DeleteRolesForUser deletes all roles for a user. Returns false if the user does not have any roles (aka not affected).
For example:
e.DeleteRolesForUser("alice")
await e.deleteRolesForUser('alice')
DeleteUser()
DeleteUser deletes a user. Returns false if the user does not exist (aka not affected).
For example:
e.DeleteUser("alice")
await e.deleteUser('alice')
DeleteRole()
DeleteRole deletes a role.
For example:
e.DeleteRole("data2_admin")
await e.deleteRole("data2_admin")
DeletePermission()
DeletePermission deletes a permission. Returns false if the permission does not exist (aka not affected).
For example:
e.DeletePermission("read")
await e.deletePermission('read')
AddPermissionForUser()
AddPermissionForUser adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).
For example:
e.AddPermissionForUser("bob", "read")
await e.addPermissionForUser('bob', 'read')
DeletePermissionForUser()
DeletePermissionForUser deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected).
For example:
e.DeletePermissionForUser("bob", "read")
await e.deletePermissionForUser("bob", "read")
DeletePermissionsForUser()
DeletePermissionsForUser deletes permissions for a user or role. Returns false if the user or role does not have any permissions (aka not affected).
For example:
e.DeletePermissionsForUser("bob")
await e.deletePermissionsForUser('bob')
GetPermissionsForUser()
GetPermissionsForUser gets permissions for a user or role.
For example:
e.GetPermissionsForUser("bob")
e.getPermissionsForUser('bob')
HasPermissionForUser()
HasPermissionForUser determines whether a user has a permission.
For example:
e.HasPermissionForUser("alice", []string{"read"})
e.hasPermissionForUser('alice', 'read')
GetImplicitRolesForUser()
GetImplicitRolesForUser gets implicit roles that a user has. Compared to GetRolesForUser(), this function retrieves indirect roles besides direct roles.
For example:
g, alice, role:admin
g, role:admin, role:user
GetRolesForUser("alice") can only get: ["role:admin"].
But GetImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].
For example:
e.GetImplicitRolesForUser("alice")
Method is not implemented
GetImplicitPermissionsForUser()
GetImplicitPermissionsForUser gets implicit permissions for a user or role.
Compared to GetPermissionsForUser(), this function retrieves permissions for inherited roles.
For example:
p, admin, data1, read
p, alice, data2, read
g, alice, admin
GetPermissionsForUser("alice") can only get: [["alice", "data2", "read"]].
But GetImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].
For example:
e.GetImplicitPermissionsForUser("alice")
Method is not implemented