Casbin

Casbin

  • 문서
  • API
  • 편집기
  • JetBrains Plugin
  • Casdoor
  • Forum
  • OA
  • Trend
  • Cloud
  • 도움말
  • 블로그
  • Languages icon한국어
    • English
    • 中文
    • 번역 참여하기
  • GitHub

›기초

기초

  • 개요(Overview)
  • 시작하기
  • 작동 원리
  • 자습서

모델

  • 지원하는 접근 제어 모델
  • 모델(Model) 문법
  • 함수
  • RBAC
  • RBAC + 도메인
  • ABAC

저장소

  • 모델(Model) 저장
  • 정책(Policy) 저장
  • 정책(Policy) 부분 집합 불러오기

확장 기능

  • 어댑터
  • 감시자
  • Dispatchers
  • 역할(Role) 관리자
  • 미들웨어

API

  • Management API
  • RBAC API

고급 사용법 (Advanced usage)

  • 멀티 스레딩
  • 벤치마크
  • Performance Optimization

관리

  • 관리자 포탈
  • Casbin 서비스
  • 로깅 및 오류 처리
  • 온라인 편집기
  • Frontend Usage

자세히

  • Casbin 적용 사례
  • Privacy Policy
  • Terms of Service
Translate

시작하기

Installation

Go
Java
Node.js
PHP
Python
.NET
Rust
Delphi
go get github.com/casbin/casbin/v2
<dependency>
<groupId>org.casbin</groupId>
<artifactId>jcasbin</artifactId>
<version>1.6.0</version>
</dependency>
# NPM
npm install casbin --save

# Yarn
yarn add casbin

composer.json of your project. This will download the package:

composer require casbin/casbin
pip install casbin
dotnet add package Casbin.NET
cargo install cargo-edit
cargo add casbin

// If you use async-std as async executor
cargo add async-std

// If you use tokio as async executor
cargo add tokio // make sure you activate its `macros` feature

New a Casbin enforcer

The new a Casbin enforcer must provide a Model and a Adapter.

Casbin has a FileAdapter, see Adapter from more Adapter.

  • Use the Model file and default FileAdapter:
Go
Java
Node.js
PHP
Python
.NET
Delphi
Rust
import "github.com/casbin/casbin/v2"

e, err := casbin.NewEnforcer("path/to/model.conf", "path/to/policy.csv")
import org.casbin.jcasbin.main.Enforcer;

Enforcer e = new Enforcer("path/to/model.conf", "path/to/policy.csv");
import { newEnforcer } from 'casbin';

const e = await newEnforcer('path/to/model.conf', 'path/to/policy.csv');
require_once './vendor/autoload.php';

use Casbin\Enforcer;

$e = new Enforcer("path/to/model.conf", "path/to/policy.csv");
import casbin

e = casbin.Enforcer("path/to/model.conf", "path/to/policy.csv")
using NetCasbin; 

var e = new Enforcer("path/to/model.conf", "path/to/policy.csv");
var
casbin: ICasbin;
begin
casbin := TCasbin.Create('path/to/model.conf', 'path/to/policy.csv');
...
end
use casbin::prelude::*;

// If you use async_td as async executor
#[cfg(feature = "runtime-async-std")]
#[async_std::main]
async fn main() -> Result<()> {
let mut e = Enforcer::new("path/to/model.conf", "path/to/policy.csv").await?;
Ok(())
}

// If you use tokio as async executor
#[cfg(feature = "runtime-tokio")]
#[tokio::main]
async fn main() -> Result<()> {
let mut e = Enforcer::new("path/to/model.conf", "path/to/policy.csv").await?;
Ok(())
}
  • Use the Model text with other Adapter:
Go
import (
"log"

"github.com/casbin/casbin/v2"
"github.com/casbin/casbin/v2/model"
xormadapter "github.com/casbin/xorm-adapter/v2"
_ "github.com/go-sql-driver/mysql"
)

// Initialize a Xorm adapter with MySQL database.
a, err := xormadapter.NewAdapter("mysql", "mysql_username:mysql_password@tcp(127.0.0.1:3306)/casbin")
if err != nil {
log.Fatalf("error: adapter: %s", err)
}

m, err := model.NewModelFromString(`
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
`
)
if err != nil {
log.Fatalf("error: model: %s", err)
}

e, err := casbin.NewEnforcer(m, a)
if err != nil {
log.Fatalf("error: enforcer: %s", err)
}

Check permissions

Add an enforcement hook into your code right before the access happens:

Go
Java
Node.js
PHP
Python
.NET
Delphi
Rust
sub := "alice" // the user that wants to access a resource.
obj := "data1" // the resource that is going to be accessed.
act := "read" // the operation that the user performs on the resource.

ok, err := e.Enforce(sub, obj, act)

if err != nil {
// handle err
}

if ok == true {
// permit alice to read data1
} else {
// deny the request, show an error
}
String sub = "alice"; // the user that wants to access a resource.
String obj = "data1"; // the resource that is going to be accessed.
String act = "read"; // the operation that the user performs on the resource.

if (e.enforce(sub, obj, act) == true) {
// permit alice to read data1
} else {
// deny the request, show an error
}
const sub = 'alice'; // the user that wants to access a resource.
const obj = 'data1'; // the resource that is going to be accessed.
const act = 'read'; // the operation that the user performs on the resource.

if ((await e.enforce(sub, obj, act)) === true) {
// permit alice to read data1
} else {
// deny the request, show an error
}
$sub = "alice"; // the user that wants to access a resource.
$obj = "data1"; // the resource that is going to be accessed.
$act = "read"; // the operation that the user performs on the resource.

if ($e->enforce($sub, $obj, $act) === true) {
// permit alice to read data1
} else {
// deny the request, show an error
}
sub = "alice"  # the user that wants to access a resource.
obj = "data1" # the resource that is going to be accessed.
act = "read" # the operation that the user performs on the resource.

if e.enforce(sub, obj, act):
# permit alice to read data1
pass
else:
# deny the request, show an error
pass
var sub = "alice";  # the user that wants to access a resource.
var obj = "data1"; # the resource that is going to be accessed.
var act = "read"; # the operation that the user performs on the resource.

if (await e.EnforceAsync(sub, obj, act))
{
// permit alice to read data1
}
else
{
// deny the request, show an error
}
if casbin.enforce(['alice,data1,read']) then
// Alice is super happy as she can read data1
else
// Alice is sad
  let sub = "alice"; // the user that wants to access a resource.
let obj = "data1"; // the resource that is going to be accessed.
let act = "read"; // the operation that the user performs on the resource.

if e.enforce((sub, obj, act)).await? {
// permit alice to read data1
} else {
// error occurs
}

Casbin also provides API for permission management at run-time. For example, You can get all the roles assigned to a user as below:

Go
Java
Node.js
PHP
Python
.NET
Delphi
Rust
roles := e.GetRolesForUser("alice")
Roles roles = e.getRolesForUser("alice");
const roles = await e.getRolesForUser('alice');
$roles = $e->getRolesForUser("alice");
roles = e.get_roles_for_user("alice")
var roles = e.GetRolesForUser("alice");
```rust
let roles = e.get_roles_for_user("alice");

See Management API and RBAC API for more usage.

Please refer to the test cases for more usage.

← 개요(Overview)작동 원리 →
  • Installation
  • New a Casbin enforcer
    • Check permissions
Casbin
Docs
Getting StartedManagement APIRBAC APIMiddlewares
Community
Who's using Casbin?ForumStack OverflowProject Chat
Casbin          jCasbin
Node-Casbin   PHP-CasbinPyCasbin          Casbin.NETCasbin-CPP        Casbin-RS
Follow @CasbinNews
Copyright © 2021 Casbin contributors.