管理 API
提供对Casbin策略管理完全支持的基本API。
参考
全局变量 e是执行者实例。
e, err := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')
$e = new Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv');
e = casbin.Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
var e = new Enforcer("path/to/model.conf", "path/to/policy.csv");
let mut e = Enforce::new("examples/rbac_model.conf", "examples/rbac_policy.csv").await?;
Enforce()
Enforce决定“主体”是否能够用“动作”操作访问“对象”,输入参数通常是: (sub, obj, act)。
例如:
ok, err := e.Enforce(request)
$ok = $e->enforcer($request);
ok = e.enforcer($request);
EnforceWithMatcher()
EnforceWithMatcher使用自定义匹配器来决定“subject”是否可以通过"action"操作访问“object”, 输入参数通常为:(matcher, sub, obj, act),在匹配器为""时默认使用模型匹配器。
For example:
ok, err := e.EnforceWithMatcher(matcher, request)
$ok = $e->enforceWithMatcher($matcher, $request);
ok = e.enforce_with_matcher(matcher, request);
EnforceEx()
EnforceEx explain enforcement by informing matched rules.
例如:
ok, reason, err := e.EnforceEx(request)
list($ok, $reason) = $e->enforceEx($request);
ok, reason = e.enforce_ex(request);
EnforceExWithMatcher()
EnforceExWithMatcher use a custom matcher and explain enforcement by informing matched rules.
例如:
ok, reason, err := e.EnforceExWithMatcher(matcher, request)
BatchEnforce()
BatchEnforce enforces each request and returns result in a bool array
例如:
boolArray, err := e.BatchEnforce(requests)
GetAllSubjects()
GetAllSubjects gets the list of subjects that show up in the current policy.
例如:
allSubjects := e.GetAllSubjects()
const allSubjects = await e.getAllSubjects()
$allSubjects = $e->getAllSubjects();
var allSubjects = e.GetAllSubjects();
let all_subjects = e.get_all_subjects();
GetAllNamedSubjects()
GetAllNamedSubjects gets the list of subjects that show up in the current named policy.
例如:
allNamedSubjects := e.GetAllNamedSubjects("p")
const allNamedSubjects = await e.getAllNamedSubjects('p')
$allNamedSubjects = $e->getAllNamedSubjects("p");
var allNamedSubjects = e.GetAllNamedSubjects("p");
let all_named_subjects = e.get_all_named_subjects("p");
GetAllObjects()
GetAllObjects gets the list of objects that show up in the current policy.
例如:
allObjects := e.GetAllObjects()
const allObjects = await e.getAllObjects()
$allObjects = $e->getAllObjects();
var allObjects = e.GetAllObjects();
let all_objects = e.get_all_objects();
GetAllNamedObjects()
GetAllNamedObjects gets the list of objects that show up in the current named policy.
例如:
allNamedObjects := e.GetAllNamedObjects("p")
const allNamedObjects = await e.getAllNamedObjects('p')
$allNamedObjects = $e->getAllNamedObjects("p");
var allNamedObjects = e.GetAllNamedObjects("p");
let all_named_objects = e.get_all_named_objects("p");
GetAllActions()
GetAllActions gets the list of actions that show up in the current policy.
例如:
allActions := e.GetAllActions()
const allActions = await e.getAllActions()
$allActions = $e->getAllActions();
var allActions = e.GetAllActions();
let all_actions = e.get_all_actions();
GetAllNamedActions()
GetAllNamedActions gets the list of actions that show up in the current named policy.
例如:
allNamedActions := e.GetAllNamedActions("p")
const allNamedActions = await e.getAllNamedActions('p')
$allNamedActions = $e->getAllNamedActions("p");
var allNamedActions = e.GetAllNamedActions("p");
let all_named_actions = e.get_all_named_actions("p");
GetAllRoles()
GetAllRoles gets the list of roles that show up in the current policy.
例如:
allRoles = e.GetAllRoles()
const allRoles = await e.getAllRoles()
$allRoles = $e->getAllRoles();
var allRoles = e.GetAllRoles();
let all_roles = e.get_all_roles();
GetAllNamedRoles()
GetAllNamedRoles gets the list of roles that show up in the current named policy.
例如:
allNamedRoles := e.GetAllNamedRoles("g")
const allNamedRoles = await e.getAllNamedRoles('g')
$allNamedRoles = $e->getAllNamedRoles('g');
var allNamedRoles = e.GetAllNamedRoles("g");
let all_named_roles = e.get_all_named_roles("g");
GetPolicy()
GetPolicy gets all the authorization rules in the policy.
例如:
policy = e.GetPolicy()
const policy = await e.getPolicy()
$policy = $e->getPolicy();
var policy = e.GetPolicy();
let policy = e.get_policy();
GetFilteredPolicy()
GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.
例如:
filteredPolicy := e.GetFilteredPolicy(0, "alice")
const filteredPolicy = await e.getFilteredPolicy(0, 'alice')
$filteredPolicy = $e->getFilteredPolicy(0, "alice");
var filteredPolicy = e.GetFilteredPolicy(0, "alice");
let filtered_policy = e.get_filtered_policy(0, vec!["alice".to_owned()]);
GetNamedPolicy()
GetNamedPolicy gets all the authorization rules in the named policy.
例如:
namedPolicy := e.GetNamedPolicy("p")
const namedPolicy = await e.getNamedPolicy('p')
$namedPolicy = $e->getNamedPolicy("p");
var namedPolicy = e.GetNamedPolicy("p");
let named_policy = e.get_named_policy("p");
GetFilteredNamedPolicy()
GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.
例如:
filteredNamedPolicy = e.GetFilteredNamedPolicy("p", 0, "bob")
const filteredNamedPolicy = await e.getFilteredNamedPolicy('p', 0, 'bob')
$filteredNamedPolicy = $e->getFilteredNamedPolicy("p", 0, "bob");
var filteredNamedPolicy = e.GetFilteredNamedPolicy("p", 0, "alice");
let filtered_named_policy = e.get_filtered_named_policy("p", 0, vec!["bob".to_owned()]);
GetGroupingPolicy()
GetGroupingPolicy gets all the role inheritance rules in the policy.
例如:
groupingPolicy := e.GetGroupingPolicy()
const groupingPolicy = await e.getGroupingPolicy()
$groupingPolicy = $e->getGroupingPolicy();
var groupingPolicy = e.GetGroupingPolicy();
let grouping_policy = e.get_grouping_policy();
GetFilteredGroupingPolicy()
GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
例如:
filteredGroupingPolicy := e.GetFilteredGroupingPolicy(0, "alice")
const filteredGroupingPolicy = await e.getFilteredGroupingPolicy(0, 'alice')
$filteredGroupingPolicy = $e->getFilteredGroupingPolicy(0, "alice");
var filteredGroupingPolicy = e.GetFilteredGroupingPolicy(0, "alice");
let filtered_grouping_policy = e.get_filtered_grouping_policy(0, vec!["alice".to_owned()]);
GetNamedGroupingPolicy()
GetNamedGroupingPolicy gets all the role inheritance rules in the policy.
例如:
namedGroupingPolicy := e.GetNamedGroupingPolicy("g")
const namedGroupingPolicy = await e.getNamedGroupingPolicy('g')
$namedGroupingPolicy = $e->getNamedGroupingPolicy("g");
var namedGroupingPolicy = e.GetNamedGroupingPolicy("g");
let named_grouping_policy = e.get_named_grouping_policy("g");
GetFilteredNamedGroupingPolicy()
GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy.
例如:
namedGroupingPolicy := e.GetFilteredNamedGroupingPolicy("g", 0, "alice")
const namedGroupingPolicy = await e.getFilteredNamedGroupingPolicy('g', 0, 'alice')
$namedGroupingPolicy = $e->getFilteredNamedGroupingPolicy("g", 0, "alice");
var namedGroupingPolicy = e.GetFilteredNamedGroupingPolicy("g", 0, "alice");
let named_grouping_policy = e.get_filtered_named_groupingPolicy("g", 0, vec!["alice".to_owned()]);
HasPolicy()
HasPolicy determines whether an authorization rule exists.
例如:
hasPolicy := e.HasPolicy("data2_admin", "data2", "read")
const hasPolicy = await e.hasPolicy('data2_admin', 'data2', 'read')
$hasPolicy = $e->hasPolicy('data2_admin', 'data2', 'read');
var hasPolicy = e.HasPolicy("data2_admin", "data2", "read");
let has_policy = e.has_policy(vec!["data2_admin".to_owned(), "data2".to_owned(), "read".to_owned()]);
HasNamedPolicy()
HasNamedPolicy 决定是否存在命名授权规则。
例如:
hasNamedPolicy := e.HasNamedPolicy("p", "data2_admin", "data2", "read")
const hasNamedPolicy = await e.hasNamedPolicy('p', 'data2_admin', 'data2', 'read')
$hasNamedPolicy = $e->hasNamedPolicy("p", "data2_admin", "data2", "read");
var hasNamedPolicy = e.HasNamedPolicy("p", "data2_admin", "data2", "read");
let has_named_policy = e.has_named_policy("p", vec!["data2_admin".to_owned(), "data2".to_owned(), "read".to_owned()]);
AddPolicy()
AddPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
例如:
added := e.AddPolicy("eve", "data3", "read")
const p = ['eve', 'data3', 'read']
const added = await e.addPolicy(...p)
$added = $e->addPolicy('eve', 'data3', 'read');
var added = e.AddPolicy("eve", "data3", "read");
or
var added = await e.AddPolicyAsync("eve", "data3", "read");
let added = e.add_policy(vec!["eve".to_owned(), "data3".to_owned(), "read".to_owned()]);
AddPolicies()
AddPolicies adds authorization rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddPolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_added = e.add_policies(rules).await?
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesAdded = await e.addPolicies(rules);
AddNamedPolicy()
AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
例如:
added := e.AddNamedPolicy("p", "eve", "data3", "read")
const p = ['eve', 'data3', 'read']
const added = await e.addNamedPolicy('p', ...p)
$added = $e->addNamedPolicy("p", "eve", "data3", "read");
var added = e.AddNamedPolicy("p", "eve", "data3", "read");
or
var added = await e.AddNamedPolicyAsync("p", "eve", "data3", "read");
let added = e.add_named_policy("p", vec!["eve".to_owned(), "data3".to_owned(), "read".to_owned()]).await?;
AddNamedPolicies()
AddNamedPolicies adds authorization rules to the current named policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddNamedPolicies("p", rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_added := e.add_named_policies("p", rules).await?;
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesAdded = await e.addNamedPolicies('p', rules);
RemovePolicy()
RemovePolicy removes an authorization rule from the current policy.
例如:
removed := e.RemovePolicy("alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removePolicy(...p)
$removed = $e->removePolicy("alice", "data1", "read");
var removed = e.RemovePolicy("alice", "data1", "read");
or
var removed = await e.RemovePolicyAsync("alice", "data1", "read");
let removed = e.remove_policy(vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
RemovePolicies()
RemovePolicies removes authorization rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemovePolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_removed = e.remove_policies(rules).await?;
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesRemoved = await e.removePolicies(rules);
RemoveFilteredPolicy()
RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. RemovePolicy removes an authorization rule from the current policy.
例如:
removed := e.RemoveFilteredPolicy(0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredPolicy(0, ...p)
$removed = $e->removeFilteredPolicy(0, "alice", "data1", "read");
var removed = e.RemoveFilteredPolicy("alice", "data1", "read");
or
var removed = await e.RemoveFilteredPolicyAsync("alice", "data1", "read");
let removed = e.remove_filtered_policy(0, vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
RemoveNamedPolicy()
RemoveNamedPolicy removes an authorization rule from the current named policy.
例如:
removed := e.RemoveNamedPolicy("p", "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeNamedPolicy('p', ...p)
$removed = $e->removeNamedPolicy("p", "alice", "data1", "read");
var removed = e.RemoveNamedPolicy("p", "alice", "data1", "read");
or
var removed = await e.RemoveNamedPolicyAsync("p", "alice", "data1", "read");
let removed = e.remove_named_policy("p", vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
RemoveNamedPolicies()
RemoveNamedPolicies removes authorization rules from the current named policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemoveNamedPolicies("p", rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let areRulesRemoved = e.remove_named_policies("p", rules).await?;
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesRemoved = await e.removeNamedPolicies('p', rules);
RemoveFilteredNamedPolicy()
RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.
例如:
removed := e.RemoveFilteredNamedPolicy("p", 0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredNamedPolicy('p', 0, ...p)
$removed = $e->removeFilteredNamedPolicy("p", 0, "alice", "data1", "read");
var removed = e.RemoveFilteredNamedPolicy("p", 0, "alice", "data1", "read");
or
var removed = e.RemoveFilteredNamedPolicyAync("p", 0, "alice", "data1", "read");
let removed = e.remove_filtered_named_policy("p", 0, vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
HasGroupingPolicy()
HasGroupingPolicy determines whether a role inheritance rule exists.
例如:
has := e.HasGroupingPolicy("alice", "data2_admin")
const has = await e.hasGroupingPolicy('alice', 'data2_admin')
$has = $e->hasGroupingPolicy("alice", "data2_admin");
var has = e.HasGroupingPolicy("alice", "data2_admin");
let has = e.has_grouping_policy(vec!["alice".to_owned(), "data2_admin".to_owned()]);
HasNamedGroupingPolicy()
HasNamedGroupingPolicy determines whether a named role inheritance rule exists.
例如:
has := e.HasNamedGroupingPolicy("g", "alice", "data2_admin")
const has = await e.hasNamedGroupingPolicy('g', 'alice', 'data2_admin')
$has = $e->hasNamedGroupingPolicy("g", "alice", "data2_admin");
var has = e.HasNamedGroupingPolicy("g", "alice", "data2_admin");
let has = e.has_named_grouping_policy("g", vec!["alice".to_owned(), "data2_admin".to_owned()]);
AddGroupingPolicy()
AddGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
added := e.AddGroupingPolicy("group1", "data2_admin")
const added = await e.addGroupingPolicy('group1', 'data2_admin')
$added = $e->addGroupingPolicy("group1", "data2_admin");
var added = e.AddGroupingPolicy("group1", "data2_admin");
or
var added = await e.AddGroupingPolicyAsync("group1", "data2_admin");
let added = e.add_grouping_policy(vec!["group1".to_owned(), "data2_admin".to_owned()]).await?;
AddGroupingPolicies()
AddGroupingPolicies adds role inheritance rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all authorization the rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddGroupingPolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];
let areRulesAdded = e.add_grouping_policies(rules).await?;
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesAdded = await e.addGroupingPolicies(groupingRules);
AddNamedGroupingPolicy()
AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
例如:
added := e.AddNamedGroupingPolicy("g", "group1", "data2_admin")
const added = await e.addNamedGroupingPolicy('g', 'group1', 'data2_admin')
$added = $e->addNamedGroupingPolicy("g", "group1", "data2_admin");
var added = e.AddNamedGroupingPolicy("g", "group1", "data2_admin");
or
var added = await e.AddNamedGroupingPolicyAsync("g", "group1", "data2_admin");
let added = e.add_named_grouping_policy("g", vec!["group1".to_owned(), "data2_admin".to_owned()]).await?;
AddNamedGroupingPolicies()
AddNamedGroupingPolicies adds named role inheritance rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddNamedGroupingPolicies("g", rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];
let are_rules_added = e.add_named_grouping_policies("g", rules).await?;
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesAdded = await e.addNamedGroupingPolicies('g', groupingRules);
RemoveGroupingPolicy()
RemoveGroupingPolicy removes a role inheritance rule from the current policy.
例如:
removed := e.RemoveGroupingPolicy("alice", "data2_admin")
const removed = await e.removeGroupingPolicy('alice', 'data2_admin')
$removed = $e->removeGroupingPolicy("alice", "data2_admin");
var removed = e.RemoveGroupingPolicy("alice", "data2_admin");
or
var removed = await e.RemoveGroupingPolicyAsync("alice", "data2_admin");
let removed = e.remove_grouping_policy(vec!["alice".to_owned(), "data2_admin".to_owned()]).await?;
RemoveGroupingPolicies()
RemoveGroupingPolicies removes role inheritance rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemoveGroupingPolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];
let are_rules_removed = e.remove_grouping_policies(rules).await?;
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesRemoved = await e.removeGroupingPolicies(groupingRules);
RemoveFilteredGroupingPolicy()
RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.
例如:
removed := e.RemoveFilteredGroupingPolicy(0, "alice")
const removed = await e.removeFilteredGroupingPolicy(0, 'alice')
$removed = $e->removeFilteredGroupingPolicy(0, "alice");
var removed = e.RemoveFilteredGroupingPolicy(0, "alice");
or
var removed = await e.RemoveFilteredGroupingPolicyAsync(0, "alice");
let removed = e.remove_filtered_grouping_policy(0, vec!["alice".to_owned()]).await?;
RemoveNamedGroupingPolicy()
RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy.
例如:
removed := e.RemoveNamedGroupingPolicy("g", "alice")
const removed = await e.removeNamedGroupingPolicy('g', 'alice')
$removed = $e->removeNamedGroupingPolicy("g", "alice");
var removed = e.RemoveNamedGroupingPolicy("g", "alice");
or
var removed = await e.RemoveNamedGroupingPolicyAsync("g", "alice");
let removed = e.remove_named_grouping_policy("g", vec!["alice".to_owned()]).await?;
RemoveNamedGroupingPolicies()
RemoveNamedGroupingPolicies removes named role inheritance rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
例如:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemoveNamedGroupingPolicies("g", rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];
let are_rules_removed = e.remove_named_grouping_policies("g", rules).await?;
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesRemoved = await e.removeNamedGroupingPolicies('g', groupingRules);
RemoveFilteredNamedGroupingPolicy()
RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.
For example:
removed := e.RemoveFilteredNamedGroupingPolicy("g", 0, "alice")
const removed = await e.removeFilteredNamedGroupingPolicy('g', 0, 'alice')
$removed = $e->removeFilteredNamedGroupingPolicy("g", 0, "alice");
var removed = e.RemoveFilteredNamedGroupingPolicy("g", 0, "alice");
or
var removed = await e.RemoveFilteredNamedGroupingPolicyAsync("g", 0, "alice");
let removed = e.remove_filtered_named_groupingPolicy("g", 0, vec!["alice".to_owned()]).await?;
UpdatePolicy()
UpdatePolicy update a old policy to new policy.
例如:
updated, err := e.UpdatePolicy([]string{"eve", "data3", "read"}, []string{"eve", "data3", "write"})
UpdatePolicies()
UpdatePolicies updates all old policies to new policies.
例如:
updated, err := e.UpdatePolicies([][]string{{"eve", "data3", "read"}, {"jack", "data3", "read"}}, [][]string{{"eve", "data3", "write"}, {"jack", "data3", "write"}})
AddFunction()
AddFunction adds a customized function.
例如:
func CustomFunction(key1 string, key2 string) bool {
if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" {
return true
} else if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId" {
return true
} else {
return false
}
}
func CustomFunctionWrapper(args ...interface{}) (interface{}, error) {
key1 := args[0].(string)
key2 := args[1].(string)
return bool(CustomFunction(key1, key2)), nil
}
e.AddFunction("keyMatchCustom", CustomFunctionWrapper)
Method is not implemented
func customFunction($key1, $key2) {
if ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data/:resource") {
return true;
} elseif ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data2/:id/using/:resId") {
return true;
} else {
return false;
}
}
func customFunctionWrapper(...$args){
$key1 := $args[0];
$key2 := $args[1];
return customFunction($key1, $key2);
}
$e->addFunction("keyMatchCustom", customFunctionWrapper);
fn custom_function(key1: STring, key2: String) {
key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" || key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId"
}
e.add_function("keyMatchCustom", custom_function);
LoadFilteredPolicy()
LoadFilteredPolicy loads filtered policies from file/database.
例如:
err := e.LoadFilteredPolicy()
LoadIncrementalFilteredPolicy()
LoadIncrementalFilteredPolicy append a filtered policy from file/database.
例如:
err := e.LoadIncrementalFilteredPolicy()
UpdateGroupingPolicy()
UpdateGroupingPolicy updates oldRule to newRulein g section
例如:
succeed, err : = e.UpdateGroupingPolicy([]string{"data3_admin", "data4_admin"}, []string{"admin", "data4_admin"})
UpdateNamedGroupingPolicy()
UpdateNamedGroupingPolicy updates oldRule named ptype to newRulein g section
例如:
succeed, err : = e.UpdateGroupingPolicy("g1",[]string{"data3_admin", "data4_admin"}, []string{"admin", "data4_admin"})