Edit

RBAC API

A more friendly API for RBAC. This API is a subset of Management API. The RBAC users could use this API to simplify the code.

Reference

global variable e is Enforcer instance.

Go

Node.js

PHP

e := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")

const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')

$e = new Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv');

GetRolesForUser()

GetRolesForUser gets the roles that a user has.

For example:

Go

Node.js

PHP

res := e.GetRolesForUser("alice")

const res = e.getRolesForUser('alice')

$res = $e->getRolesForUser("alice");

GetUsersForRole()

GetUsersForRole gets the users that has a role.

For example:

Go

Node.js

PHP

res := e.GetUsersForRole("data1_admin")

const res = e.getUsersForRole('data1_admin')

$res = $e->getUsersForRole("data1_admin");

HasRoleForUser()

HasRoleForUser determines whether a user has a role.

For example:

Go

Node.js

PHP

res := e.HasRoleForUser("alice", "data1_admin")

const res = e.hasRoleForUser('alice', 'data1_admin')

$res = $e->hasRoleForUser("alice", "data1_admin");

AddRoleForUser()

AddRoleForUser adds a role for a user. Returns false if the user already has the role (aka not affected).

For example:

Go

Node.js

PHP

e.AddRoleForUser("alice", "data2_admin")

await e.addRoleForUser('alice', 'data2_admin')

$e->addRoleForUser("alice", "data2_admin");

DeleteRoleForUser()

DeleteRoleForUser deletes a role for a user. Returns false if the user does not have the role (aka not affected).

For example:

Go

Node.js

PHP

e.DeleteRoleForUser("alice", "data1_admin")

await e.deleteRoleForUser('alice', 'data1_admin')

$e->deleteRoleForUser("alice", "data1_admin");

DeleteRolesForUser()

DeleteRolesForUser deletes all roles for a user. Returns false if the user does not have any roles (aka not affected).

For example:

Go

Node.js

PHP

e.DeleteRolesForUser("alice")

await e.deleteRolesForUser('alice')

$e->deleteRolesForUser("alice");

DeleteUser()

DeleteUser deletes a user. Returns false if the user does not exist (aka not affected).

For example:

Go

Node.js

PHP

e.DeleteUser("alice")

await e.deleteUser('alice')

$e->deleteUser("alice");

DeleteRole()

DeleteRole deletes a role.

For example:

Go

Node.js

PHP

e.DeleteRole("data2_admin")

await e.deleteRole("data2_admin")

$e->deleteRole("data2_admin");

DeletePermission()

DeletePermission deletes a permission. Returns false if the permission does not exist (aka not affected).

For example:

Go

Node.js

PHP

e.DeletePermission("read")

await e.deletePermission('read')

$e->deletePermission("read");

AddPermissionForUser()

AddPermissionForUser adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).

For example:

Go

Node.js

PHP

e.AddPermissionForUser("bob", "read")

await e.addPermissionForUser('bob', 'read')

$e->addPermissionForUser("bob", "read");

DeletePermissionForUser()

DeletePermissionForUser deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected).

For example:

Go

Node.js

PHP

e.DeletePermissionForUser("bob", "read")

await e.deletePermissionForUser("bob", "read")

$e->deletePermissionForUser("bob", "read");

DeletePermissionsForUser()

DeletePermissionsForUser deletes permissions for a user or role. Returns false if the user or role does not have any permissions (aka not affected).

For example:

Go

Node.js

PHP

e.DeletePermissionsForUser("bob")

await e.deletePermissionsForUser('bob')

$e->deletePermissionsForUser("bob");

GetPermissionsForUser()

GetPermissionsForUser gets permissions for a user or role.

For example:

Go

Node.js

PHP

e.GetPermissionsForUser("bob")

e.getPermissionsForUser('bob')

$e->getPermissionsForUser("bob");

HasPermissionForUser()

HasPermissionForUser determines whether a user has a permission.

For example:

Go

Node.js

PHP

e.HasPermissionForUser("alice", []string{"read"})

e.hasPermissionForUser('alice', 'read')

$e->hasPermissionForUser("alice", []string{"read"});

GetImplicitRolesForUser()

GetImplicitRolesForUser gets implicit roles that a user has. Compared to GetRolesForUser(), this function retrieves indirect roles besides direct roles.

For example:
g, alice, role:admin
g, role:admin, role:user

GetRolesForUser("alice") can only get: ["role:admin"].
But GetImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].

For example:

Go

Node.js

PHP

e.GetImplicitRolesForUser("alice")

Method is not implemented

$e->getImplicitRolesForUser("alice");

GetImplicitPermissionsForUser()

GetImplicitPermissionsForUser gets implicit permissions for a user or role.
Compared to GetPermissionsForUser(), this function retrieves permissions for inherited roles.

For example:
p, admin, data1, read
p, alice, data2, read
g, alice, admin

GetPermissionsForUser("alice") can only get: [["alice", "data2", "read"]].
But GetImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].

For example:

Go

Node.js

PHP

e.GetImplicitPermissionsForUser("alice")

Method is not implemented

$e->getImplicitPermissionsForUser("alice");