管理 API
提供对Casbin策略管理完全支持的基本API。
筛选的 API
几乎所有的带有过滤器的api有着相同的参数 (fieldIndex int, fieldValues ...string). field index 是匹配起始点的索引。 field Value 表示结果应该有的值。 请注意字段值中的空字符串可以是任意单词。
示例:
p, alice, book, read
p, bob, book, read
p, bob, book, write
p, alice, pen, get
p, bob, pen ,get
e.GetFilteredPolicy(1, "book") // 将返回:[Alice book read] [bob book read] [bob book write]]
e. etFilteredPolicy(1, "book", "read") // 将返回: [[Alice book read] [bob book read]]
etFilteredPolicy(0, "Alice", "", "read") // 将返回: [[Alice book read]]
e.GetFilteredPolicy(0, "Alice") // 将返回: [Alice book read] [Alice penge]]
参考
全局变量 e 是 Enforcer 实例。
e, err := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')
$e = new Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv');
e = casbin.Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
var e = new Enforcer("path/to/model.conf", "path/to/policy.csv");
let mut e = Enforce::new("examples/rbac_model.conf", "examples/rbac_policy.csv").await?;
Enforce()
Enforce决定一个 “subject” 是否能够用 “action” 操作访问 “object” ,输入参数通常是: (sub, obj, act)。
For example:
ok, err := e.Enforce(request)
$ok = $e->enforcer($request);
ok = e.enforcer($request);
EnforceWithMatcher()
EnforceWithMatcher使用自定义匹配器来决定“subject”是否可以通过"action"操作访问“object”, 输入参数通常为:(matcher, sub, obj, act),在匹配器为""时默认使用模型匹配器。
例如:
ok, err := e.EnforceWithMatcher(matcher, request)
$ok = $e->enforceWithMatcher($matcher, $request);
ok = e.enforce_with_matcher(matcher, request);
EnforceEx()
EnforceEx 通过通知匹配的规则来解释执行
例如:
ok, reason, err := e.EnforceEx(request)
list($ok, $reason) = $e->enforceEx($request);
ok, reason = e.enforce_ex(request);
EnforceExWithMatcher()
EnforceExWEMatcher 使用自定义匹配器并通过通知匹配的规则来解释强制执行。
例如:
ok, reason, err := e.EnforceExWithMatcher(matcher, request)
BatchEnforce()
BatchEnforce 强制执行每个请求并返回一个布尔数组的结果
例如:
boolArray, err := e.BatchEnforce(requests)
GetAllSubjects()
GetAllSubjects 获取当前策略中显示的 subject 列表。
例如:
allSubjects := e.GetAllSubjects()
const allSubjects = await e.getAllSubjects()
$allSubjects = $e->getAllSubjects();
var allSubjects = e.GetAllSubjects();
let all_subjects = e.get_all_subjects();
GetAllNamedSubjects()
GetAllNamedSubjects 获取当前命名策略中显示的 subject 列表。
例如:
allNamedSubjects := e.GetAllNamedSubjects("p")
const allNamedSubjects = await e.getAllNamedSubjects('p')
$allNamedSubjects = $e->getAllNamedSubjects("p");
var allNamedSubjects = e.GetAllNamedSubjects("p");
let all_named_subjects = e.get_all_named_subjects("p");
GetAllObjects()
GetAllObjects 获取当前策略中显示的 object 列表。
例如:
allObjects := e.GetAllObjects()
const allObjects = await e.getAllObjects()
$allObjects = $e->getAllObjects();
var allObjects = e.GetAllObjects();
let all_objects = e.get_all_objects();
GetAllNamedObjects()
GetAllNamedObjects 获取当前命名策略中显示的 object 列表。
例如:
allNamedObjects := e.GetAllNamedObjects("p")
const allNamedObjects = await e.getAllNamedObjects('p')
$allNamedObjects = $e->getAllNamedObjects("p");
var allNamedObjects = e.GetAllNamedObjects("p");
let all_named_objects = e.get_all_named_objects("p");
GetAllActions()
GetAllActions 获取当前策略中显示的操作列表。
例如:
allActions := e.GetAllActions()
const allActions = await e.getAllActions()
$allActions = $e->getAllActions();
var allActions = e.GetAllActions();
let all_actions = e.get_all_actions();
GetAllNamedActions()
GetAllNamedActions 获取当前命名策略中显示的操作列表。
例如:
allNamedActions := e.GetAllNamedActions("p")
const allNamedActions = await e.getAllNamedActions('p')
$allNamedActions = $e->getAllNamedActions("p");
var allNamedActions = e.GetAllNamedActions("p");
let all_named_actions = e.get_all_named_actions("p");
GetAllRoles()
GetAllRoles获取当前策略中显示的角色列表。
例如:
allRoles = e.GetAllRoles()
const allRoles = await e.getAllRoles()
$allRoles = $e->getAllRoles();
var allRoles = e.GetAllRoles();
let all_roles = e.get_all_roles();
GetAllNamedRoles()
GetAllNamedRoles 获取当前命名策略中显示的角色列表。
例如:
allNamedRoles := e.GetAllNamedRoles("g")
const allNamedRoles = await e.getAllNamedRoles('g')
$allNamedRoles = $e->getAllNamedRoles('g');
var allNamedRoles = e.GetAllNamedRoles("g");
let all_named_roles = e.get_all_named_roles("g");
GetPolicy()
GetPolicy 获取策略中的所有授权规则。
例如:
policy = e.GetPolicy()
const policy = await e.getPolicy()
$policy = $e->getPolicy();
var policy = e.GetPolicy();
let policy = e.get_policy();
GetFilteredPolicy()
GetFilteredPolicy 获取策略中的所有授权规则,我们可以指定字段筛选器。
例如:
filteredPolicy := e.GetFilteredPolicy(0, "alice")
const filteredPolicy = await e.getFilteredPolicy(0, 'alice')
$filteredPolicy = $e->getFilteredPolicy(0, "alice");
var filteredPolicy = e.GetFilteredPolicy(0, "alice");
let filtered_policy = e.get_filtered_policy(0, vec!["alice".to_owned()]);
GetNamedPolicy()
GetNamedPolicy 获取命名策略中的所有授权规则。
例如:
namedPolicy := e.GetNamedPolicy("p")
const namedPolicy = await e.getNamedPolicy('p')
$namedPolicy = $e->getNamedPolicy("p");
var namedPolicy = e.GetNamedPolicy("p");
let named_policy = e.get_named_policy("p");
GetFilteredNamedPolicy()
GetFilteredNamedPolicy 获取命名策略中的所有授权规则,可以指定字段过滤器。
例如:
filteredNamedPolicy = e.GetFilteredNamedPolicy("p", 0, "bob")
const filteredNamedPolicy = await e.getFilteredNamedPolicy('p', 0, 'bob')
$filteredNamedPolicy = $e->getFilteredNamedPolicy("p", 0, "bob");
var filteredNamedPolicy = e.GetFilteredNamedPolicy("p", 0, "alice");
let filtered_named_policy = e.get_filtered_named_policy("p", 0, vec!["bob".to_owned()]);
GetGroupingPolicy()
GetGroupingPolicy 获取策略中的所有角色继承规则。
例如:
groupingPolicy := e.GetGroupingPolicy()
const groupingPolicy = await e.getGroupingPolicy()
$groupingPolicy = $e->getGroupingPolicy();
var groupingPolicy = e.GetGroupingPolicy();
let grouping_policy = e.get_grouping_policy();
GetFilteredGroupingPolicy()
GetFilteredGroupingPolicy 获取策略中的所有角色继承规则,可以指定字段筛选器。
例如:
filteredGroupingPolicy := e.GetFilteredGroupingPolicy(0, "alice")
const filteredGroupingPolicy = await e.getFilteredGroupingPolicy(0, 'alice')
$filteredGroupingPolicy = $e->getFilteredGroupingPolicy(0, "alice");
var filteredGroupingPolicy = e.GetFilteredGroupingPolicy(0, "alice");
let filtered_grouping_policy = e.get_filtered_grouping_policy(0, vec!["alice".to_owned()]);
GetNamedGroupingPolicy()
GetNamedGroupingPolicy 获取策略中的所有角色继承规则。
例如:
namedGroupingPolicy := e.GetNamedGroupingPolicy("g")
const namedGroupingPolicy = await e.getNamedGroupingPolicy('g')
$namedGroupingPolicy = $e->getNamedGroupingPolicy("g");
var namedGroupingPolicy = e.GetNamedGroupingPolicy("g");
let named_grouping_policy = e.get_named_grouping_policy("g");
GetFilteredNamedGroupingPolicy()
GetFilteredNamedGroupingPolicy 获取策略中的所有角色继承规则,可以指定字段过滤器。
例如:
namedGroupingPolicy := e.GetFilteredNamedGroupingPolicy("g", 0, "alice")
const namedGroupingPolicy = await e.getFilteredNamedGroupingPolicy('g', 0, 'alice')
$namedGroupingPolicy = $e->getFilteredNamedGroupingPolicy("g", 0, "alice");
var namedGroupingPolicy = e.GetFilteredNamedGroupingPolicy("g", 0, "alice");
let named_grouping_policy = e.get_filtered_named_groupingPolicy("g", 0, vec!["alice".to_owned()]);
HasPolicy()
HasPolicy 确定是否存在授权规则。
例如:
hasPolicy := e.HasPolicy("data2_admin", "data2", "read")
const hasPolicy = await e.hasPolicy('data2_admin', 'data2', 'read')
$hasPolicy = $e->hasPolicy('data2_admin', 'data2', 'read');
var hasPolicy = e.HasPolicy("data2_admin", "data2", "read");
let has_policy = e.has_policy(vec!["data2_admin".to_owned(), "data2".to_owned(), "read".to_owned()]);
HasNamedPolicy()
HasNamedPolicy determines whether a named authorization rule exists.
例如:
hasNamedPolicy := e.HasNamedPolicy("p", "data2_admin", "data2", "read")
const hasNamedPolicy = await e.hasNamedPolicy('p', 'data2_admin', 'data2', 'read')
$hasNamedPolicy = $e->hasNamedPolicy("p", "data2_admin", "data2", "read");
var hasNamedPolicy = e.HasNamedPolicy("p", "data2_admin", "data2", "read");
let has_named_policy = e.has_named_policy("p", vec!["data2_admin".to_owned(), "data2".to_owned(), "read".to_owned()]);
AddPolicy()
AddPolicy 向当前策略添加授权规则。 如果规则已经存在,函数返回false,并且不会添加规则。 否则,函数通过添加新规则并返回true。
例如:
added := e.AddPolicy("eve", "data3", "read")
const p = ['eve', 'data3', 'read']
const added = await e.addPolicy(...p)
$added = $e->addPolicy('eve', 'data3', 'read');
var added = e.AddPolicy("eve", "data3", "read");
or
var added = await e.AddPolicyAsync("eve", "data3", "read");
let added = e.add_policy(vec!["eve".to_owned(), "data3".to_owned(), "read".to_owned()]);
AddPolicies()
AddPolicy 向当前策略添加授权规则。 该操作本质上是原子的 因此,如果授权规则由不符合现行政策的规则组成, 函数返回false,当前政策中没有添加任何政策规则。 如果所有授权规则都符合政策规则,则函数返回true,每项政策规则都被添加到目前的政策中。
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddPolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_added = e.add_policies(rules).await?
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesAdded = await e.addPolicies(rules);
AddNamedPolicy()
AddNamedPolicy 向当前命名策略添加授权规则。 如果规则已经存在,函数返回false,并且不会添加规则。 否则,通过添加新规则函数返回 true。
例如:
added := e.AddNamedPolicy("p", "eve", "data3", "read")
const p = ['eve', 'data3', 'read']
const added = await e.addNamedPolicy('p', ...p)
$added = $e->addNamedPolicy("p", "eve", "data3", "read");
var added = e.AddNamedPolicy("p", "eve", "data3", "read");
or
var added = await e.AddNamedPolicyAsync("p", "eve", "data3", "read");
let added = e.add_named_policy("p", vec!["eve".to_owned(), "data3".to_owned(), "read".to_owned()]).await?;
AddNamedPolicies()
AddNamedPolicies 向当前命名策略中添加授权规则。 该操作本质上是原子的 因此,如果授权规则由不符合现行政策的规则组成, 函数返回false,当前政策中没有添加任何政策规则。 如果所有授权规则都符合策略规则,则函数返回true,每项策略规则都被添加到目前的策略中。
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddNamedPolicies("p", rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_added := e.add_named_policies("p", rules).await?;
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesAdded = await e.addNamedPolicies('p', rules);
RemovePolicy()
RemovePolicy 从当前策略中删除授权规则。
例如:
removed := e.RemovePolicy("alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removePolicy(...p)
$removed = $e->removePolicy("alice", "data1", "read");
var removed = e.RemovePolicy("alice", "data1", "read");
or
var removed = await e.RemovePolicyAsync("alice", "data1", "read");
let removed = e.remove_policy(vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
RemovePolicies()
RemovePolicies 从当前策略中删除授权规则。 该操作本质上是原子的 因此,如果授权规则由不符合现行政策的规则组成, 函数返回 false ,当前政策中没有任何政策规则被删除。 如果所有授权规则都符合策略规则,则函数返回true,每项策略规则都从现行策略中删除。
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemovePolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_removed = e.remove_policies(rules).await?;
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesRemoved = await e.removePolicies(rules);
RemoveFilteredPolicy()
RemoveFilteredPolicy 移除当前策略中的授权规则,可以指定字段筛选器。 RemovePolicy 从当前策略中删除授权规则。
例如:
removed := e.RemoveFilteredPolicy(0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredPolicy(0, ...p)
$removed = $e->removeFilteredPolicy(0, "alice", "data1", "read");
var removed = e.RemoveFilteredPolicy("alice", "data1", "read");
or
var removed = await e.RemoveFilteredPolicyAsync("alice", "data1", "read");
let removed = e.remove_filtered_policy(0, vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
RemoveNamedPolicy()
RemoveNamedPolicy 从当前命名策略中删除授权规则。
例如:
removed := e.RemoveNamedPolicy("p", "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeNamedPolicy('p', ...p)
$removed = $e->removeNamedPolicy("p", "alice", "data1", "read");
var removed = e.RemoveNamedPolicy("p", "alice", "data1", "read");
or
var removed = await e.RemoveNamedPolicyAsync("p", "alice", "data1", "read");
let removed = e.remove_named_policy("p", vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
RemoveNamedPolicies()
RemoveNamedPolicies 从当前命名策略中删除授权规则。 该操作本质上是原子的 因此,如果授权规则由不符合现行策略的规则组成, 函数返回 false ,当前策略中没有任何策略规则被删除。 如果所有授权规则都符合策略规则,则函数返回true,每项策略规则都从现行策略中删除。
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemoveNamedPolicies("p", rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let areRulesRemoved = e.remove_named_policies("p", rules).await?;
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesRemoved = await e.removeNamedPolicies('p', rules);
RemoveFilteredNamedPolicy()
RemoveFilteredNamedPolicy 从当前命名策略中移除授权规则,可以指定字段筛选器。
例如:
removed := e.RemoveFilteredNamedPolicy("p", 0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredNamedPolicy('p', 0, ...p)
$removed = $e->removeFilteredNamedPolicy("p", 0, "alice", "data1", "read");
var removed = e.RemoveFilteredNamedPolicy("p", 0, "alice", "data1", "read");
or
var removed = e.RemoveFilteredNamedPolicyAync("p", 0, "alice", "data1", "read");
let removed = e.remove_filtered_named_policy("p", 0, vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
HasGroupingPolicy()
HasGroupingPolicy 确定是否存在角色继承规则。
例如:
has := e.HasGroupingPolicy("alice", "data2_admin")
const has = await e.hasGroupingPolicy('alice', 'data2_admin')
$has = $e->hasGroupingPolicy("alice", "data2_admin");
var has = e.HasGroupingPolicy("alice", "data2_admin");
let has = e.has_grouping_policy(vec!["alice".to_owned(), "data2_admin".to_owned()]);
HasNamedGroupingPolicy()
HasNamedGroupingPolicy 确定是否存在命名角色继承规则。
例如:
has := e.HasNamedGroupingPolicy("g", "alice", "data2_admin")
const has = await e.hasNamedGroupingPolicy('g', 'alice', 'data2_admin')
$has = $e->hasNamedGroupingPolicy("g", "alice", "data2_admin");
var has = e.HasNamedGroupingPolicy("g", "alice", "data2_admin");
let has = e.has_named_grouping_policy("g", vec!["alice".to_owned(), "data2_admin".to_owned()]);
AddGroupingPolicy()
AddGroupingPolicy 向当前策略添加角色继承规则。 如果规则已经存在,函数返回false,并且不会添加规则。 Otherwise the function returns true by adding the new rule.
例如:
added := e.AddGroupingPolicy("group1", "data2_admin")
const added = await e.addGroupingPolicy('group1', 'data2_admin')
$added = $e->addGroupingPolicy("group1", "data2_admin");
var added = e.AddGroupingPolicy("group1", "data2_admin");
or
var added = await e.AddGroupingPolicyAsync("group1", "data2_admin");
let added = e.add_grouping_policy(vec!["group1".to_owned(), "data2_admin".to_owned()]).await?;
AddGroupingPolicies()
AddGroupingPolicy 向当前策略添加角色继承规则。 该操作本质上是原子的 因此,如果授权规则由不符合现行策略的规则组成, 函数返回false,当前策略中没有添加任何策略规则。 如果所有授权规则都符合策略规则,则函数返回true,每项策略规则都被添加到目前的策略中。
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddGroupingPolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];
let areRulesAdded = e.add_grouping_policies(rules).await?;
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesAdded = await e.addGroupingPolicies(groupingRules);
AddNamedGroupingPolicy()
AddNamedGroupingPolicy 将命名角色继承规则添加到当前策略。 如果规则已经存在,函数返回false,并且不会添加规则。 否则,函数通过添加新规则并返回true。
例如:
added := e.AddNamedGroupingPolicy("g", "group1", "data2_admin")
const added = await e.addNamedGroupingPolicy('g', 'group1', 'data2_admin')
$added = $e->addNamedGroupingPolicy("g", "group1", "data2_admin");
var added = e.AddNamedGroupingPolicy("g", "group1", "data2_admin");
or
var added = await e.AddNamedGroupingPolicyAsync("g", "group1", "data2_admin");
let added = e.add_named_grouping_policy("g", vec!["group1".to_owned(), "data2_admin".to_owned()]).await?;
AddNamedGroupingPolicies()
AddNamedGroupingPolicies 将命名角色继承规则添加到当前策略。 该操作本质上是原子的 因此,如果授权规则由不符合现行策略的规则组成, 函数返回false,当前政策中没有添加任何策略规则。 如果所有授权规则都符合策略规则,则函数返回true,每项策略规则都被添加到目前的策略中。
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddNamedGroupingPolicies("g", rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];
let are_rules_added = e.add_named_grouping_policies("g", rules).await?;
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesAdded = await e.addNamedGroupingPolicies('g', groupingRules);
RemoveGroupingPolicy()
RemoveGroupingPolicy 从当前策略中删除角色继承规则。
例如:
removed := e.RemoveGroupingPolicy("alice", "data2_admin")
const removed = await e.removeGroupingPolicy('alice', 'data2_admin')
$removed = $e->removeGroupingPolicy("alice", "data2_admin");
var removed = e.RemoveGroupingPolicy("alice", "data2_admin");
or
var removed = await e.RemoveGroupingPolicyAsync("alice", "data2_admin");
let removed = e.remove_grouping_policy(vec!["alice".to_owned(), "data2_admin".to_owned()]).await?;
RemoveGroupingPolicies()
RemoveGroupingPolicy 从当前策略中删除角色继承规则。 该操作本质上是原子的 因此,如果授权规则由不符合现行策略的规则组成, 函数返回 false ,当前策略中没有任何策略规则被删除。 如果所有授权规则都符合策略规则,则函数返回true,每项策略规则都从现行策略中删除。
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemoveGroupingPolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];
let are_rules_removed = e.remove_grouping_policies(rules).await?;
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesRemoved = await e.removeGroupingPolicies(groupingRules);
RemoveFilteredGroupingPolicy()
RemoveFilteredGroupingPolicy 从当前策略中移除角色继承规则,可以指定字段筛选器。
例如:
removed := e.RemoveFilteredGroupingPolicy(0, "alice")
const removed = await e.removeFilteredGroupingPolicy(0, 'alice')
$removed = $e->removeFilteredGroupingPolicy(0, "alice");
var removed = e.RemoveFilteredGroupingPolicy(0, "alice");
or
var removed = await e.RemoveFilteredGroupingPolicyAsync(0, "alice");
let removed = e.remove_filtered_grouping_policy(0, vec!["alice".to_owned()]).await?;
RemoveNamedGroupingPolicy()
RemoveNamedGroupingPolicy 从当前命名策略中移除角色继承规则。
例如:
removed := e.RemoveNamedGroupingPolicy("g", "alice")
const removed = await e.removeNamedGroupingPolicy('g', 'alice')
$removed = $e->removeNamedGroupingPolicy("g", "alice");
var removed = e.RemoveNamedGroupingPolicy("g", "alice");
or
var removed = await e.RemoveNamedGroupingPolicyAsync("g", "alice");
let removed = e.remove_named_grouping_policy("g", vec!["alice".to_owned()]).await?;
RemoveNamedGroupingPolicies()
RemoveNamedGroupingPolicies 从当前策略中删除角色继承规则。 该操作本质上是原子的 因此,如果授权规则由不符合现行政策的规则组成, 函数返回 false ,当前政策中没有任何政策规则被删除。 如果所有授权规则都符合政策规则,则函数返回true,每项政策规则都从现行政策中删除。
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemoveNamedGroupingPolicies("g", rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];
let are_rules_removed = e.remove_named_grouping_policies("g", rules).await?;
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesRemoved = await e.removeNamedGroupingPolicies('g', groupingRules);
RemoveFilteredNamedGroupingPolicy()
RemoveFilteredNamedGroupingPolicy 从当前命名策略中移除角色继承规则,可以指定字段筛选器。
例如:
removed := e.RemoveFilteredNamedGroupingPolicy("g", 0, "alice")
const removed = await e.removeFilteredNamedGroupingPolicy('g', 0, 'alice')
$removed = $e->removeFilteredNamedGroupingPolicy("g", 0, "alice");
var removed = e.RemoveFilteredNamedGroupingPolicy("g", 0, "alice");
or
var removed = await e.RemoveFilteredNamedGroupingPolicyAsync("g", 0, "alice");
let removed = e.remove_filtered_named_groupingPolicy("g", 0, vec!["alice".to_owned()]).await?;
UpdatePolicy()
UpdatePolicy 把旧的政策更新到新的政策
例如:
updated, err := e.UpdatePolicy([]string{"eve", "data3", "read"}, []string{"eve", "data3", "write"})
UpdatePolicies()
UpdatePolicies 将所有的旧政策更新到新政策
例如:
updated, err := e.UpdatePolicies([][]string{{"eve", "data3", "read"}, {"jack", "data3", "read"}}, [][]string{{"eve", "data3", "write"}, {"jack", "data3", "write"}})
AddFunction()
AddFunction 添加自定义函数。
例如:
func CustomFunction(key1 string, key2 string) bool {
if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" {
return true
} else if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId" {
return true
} else {
return false
}
}
func CustomFunctionWrapper(args ...interface{}) (interface{}, error) {
key1 := args[0].(string)
key2 := args[1].(string)
return bool(CustomFunction(key1, key2)), nil
}
e.AddFunction("keyMatchCustom", CustomFunctionWrapper)
方法未实现
func customFunction($key1, $key2) {
if ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data/:resource") {
return true;
} elseif ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data2/:id/using/:resId") {
return true;
} else {
return false;
}
}
func customFunctionWrapper(...$args){
$key1 := $args[0];
$key2 := $args[1];
return customFunction($key1, $key2);
}
$e->addFunction("keyMatchCustom", customFunctionWrapper);
fn custom_function(key1: STring, key2: String) {
key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" || key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId"
}
e.add_function("keyMatchCustom", custom_function);
LoadFilteredPolicy()
LoadFilteredPolicy从文件/数据库加载过滤完成的政策
例如:
err := e.LoadFilteredPolicy()
LoadIncrementalFilteredPolicy()
LoadFilteredPolicy从文件/数据库添加过滤完成的策略
例如:
err := e.LoadIncrementalFilteredPolicy()
UpdateGroupingPolicy()
UpdateGroupingPolicy 在 g 部分更新策略
例如:
succeed, err : = e.UpdateGroupingPolicy([]string{"data3_admin", "data4_admin"}, []string{"admin", "data4_admin"})
UpdateNamedGroupingPolicy()
UpdateGroupingPolicy 在 `g 段更新旧策略 <0>ptype<0> 到新策略
例如:
succeed, err : = e.UpdateGroupingPolicy("g1",[]string{"data3_admin", "data4_admin"}, []string{"admin", "data4_admin"})
`