Translate

管理 API

提供对Casbin策略管理完全支持的基本API。

参考

全局变量 e是执行者实例。

e := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')
$e = new Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv');

GetAllSubjects()

GetAllSubjects 获取当前策略中显示的主题列表。

For example:

allSubjects := e.GetAllSubjects()
const allSubjects = e.getAllSubjects()
$allSubjects = $e->getAllSubjects();

GetAllNamedSubjects()

GetAllNamedSubjects 获取当前命名策略中显示的主题列表。

For example:

allNamedSubjects := e.GetAllNamedSubjects("p")
const allNamedSubjects = e.getAllNamedSubjects('p')
$allNamedSubjects = $e->getAllNamedSubjects("p");

GetAllObjects()

GetAllObjects 获取当前策略中显示的对象列表。

例如:

allObjects := e.GetAllObjects()
const allObjects = e.getAllObjects()
$allObjects = $e->getAllObjects();

GetAllNamedObjects()

GetAllNamedObjects 获取当前命名策略中显示的对象列表。

例如:

allNamedObjects := e.GetAllNamedObjects("p")
const allNamedObjects = e.getAllNamedObjects('p')
$allNamedObjects = $e->getAllNamedObjects("p");

GetAllActions()

GetAllActions 获取当前策略中显示的操作列表。

例如:

allActions := e.GetAllActions()
const allActions = e.getAllActions()
$allActions = $e->getAllActions();

GetAllNamedActions()

GetAllNamedActions 获取当前命名策略中显示的操作列表。

例如:

allNamedActions := e.GetAllNamedActions("p")
const allNamedActions = e.getAllNamedActions('p')
$allNamedActions = $e->getAllNamedActions("p");

GetAllRoles()

GetAllRoles获取当前策略中显示的角色列表。

例如:

allRoles = e.GetAllRoles()
const allRoles = e.getAllRoles()
$allRoles = $e->getAllRoles();

GetAllNamedRoles()

GetAllNamedRoles 获取当前命名策略中显示的角色列表。

例如:

allNamedRoles := e.GetAllNamedRoles("g")

const allNamedRoles = e.getAllNamedRoles('g')
$allNamedRoles = $e->getAllNamedRoles('g');

GetPolicy()

GetPolicy 获取策略中的所有授权规则。

例如:

policy = e.GetPolicy()
const policy = e.getPolicy()
$policy = $e->getPolicy();

GetFilteredPolicy()

GetFilteredPolicy 获取策略中的所有授权规则,可以指定字段筛选器。

例如:

filteredPolicy := e.GetFilteredPolicy(0, "alice")
const filteredPolicy = e.getFilteredPolicy(0, 'alice')
$filteredPolicy = $e->getFilteredPolicy(0, "alice");

GetNamedPolicy()

GetNamedPolicy 获取命名策略中的所有授权规则。

例如:

namedPolicy := e.GetNamedPolicy("p")
const namedPolicy = e.getNamedPolicy('p')
$namedPolicy = $e->getNamedPolicy("p");

GetFilteredNamedPolicy()

GetFilteredNamedPolicy 获取命名策略中的所有授权规则,可以指定字段过滤器。

例如:

filteredNamedPolicy = e.GetFilteredNamedPolicy("p", 0, "bob")
const filteredNamedPolicy = e.getFilteredNamedPolicy('p', 0, 'bob')
$filteredNamedPolicy = $e->getFilteredNamedPolicy("p", 0, "bob");

GetGroupingPolicy()

GetGroupingPolicy 获取策略中的所有角色继承规则。

例如:

groupingPolicy := e.GetGroupingPolicy()
const groupingPolicy = e.getGroupingPolicy()
$groupingPolicy = $e->getGroupingPolicy();

GetFilteredGroupingPolicy()

GetFilteredGroupingPolicy 获取策略中的所有角色继承规则,可以指定字段筛选器。

例如:

filteredGroupingPolicy := e.GetFilteredGroupingPolicy(0, "alice")

const filteredGroupingPolicy = e.getFilteredGroupingPolicy(0, 'alice')
$filteredGroupingPolicy = $e->getFilteredGroupingPolicy(0, "alice");

GetNamedGroupingPolicy()

GetNamedGroupingPolicy 获取策略中的所有角色继承规则。

例如:

namedGroupingPolicy := e.GetNamedGroupingPolicy("g")
const namedGroupingPolicy = e.getNamedGroupingPolicy('g')
$namedGroupingPolicy = $e->getNamedGroupingPolicy("g");

GetFilteredNamedGroupingPolicy()

GetFilteredNamedGroupingPolicy 获取策略中的所有角色继承规则。

例如:

namedGroupingPolicy := e.GetFilteredNamedGroupingPolicy("g", 0, "alice")
const namedGroupingPolicy = e.getFilteredNamedGroupingPolicy('g', 0, 'alice')
$namedGroupingPolicy = $e->getFilteredNamedGroupingPolicy("g", 0, "alice");

HasPolicy()

HasPolicy 确定是否存在授权规则。

例如:

hasPolicy := e.HasPolicy("data2_admin", "data2", "read")
const hasPolicy = e.hasPolicy('data2_admin', 'data2', 'read')
$hasPolicy = $e->hasPolicy('data2_admin', 'data2', 'read');

HasNamedPolicy()

HasNamedPolicy 确定是否存在命名授权规则。

例如:

hasNamedPolicy := e.HasNamedPolicy("p", "data2_admin", "data2", "read")
const hasNamedPolicy = e.hasNamedPolicy('p', 'data2_admin', 'data2', 'read')
$hasNamedPolicy = $e->hasNamedPolicy("p", "data2_admin", "data2", "read");

AddPolicy()

AddPolicy 向当前策略添加授权规则。 如果规则已经存在,函数返回false,并且不会添加规则。 否则,函数通过添加新规则并返回true。

例如:

added := e.AddPolicy("eve", "data3", "read")
const p = ['eve', 'data3', 'read']
const added = await e.addPolicy(...p)
$added = $e->addPolicy('eve', 'data3', 'read');

AddNamedPolicy()

AddNamedPolicy 向当前命名策略添加授权规则。 如果规则已经存在,函数返回false,并且不会添加规则。 否则,函数通过添加新规则并返回true。

例如:

added := e.AddNamedPolicy("p", "eve", "data3", "read")
const p = ['eve', 'data3', 'read']
const added = await e.addNamedPolicy('p', ...p)
$added = $e->addNamedPolicy("p", "eve", "data3", "read");

RemovePolicy()

RemovePolicy 从当前策略中删除授权规则。

例如:

removed := e.RemovePolicy("alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removePolicy(...p)
$removed = $e->removePolicy("alice", "data1", "read");

RemoveFilteredPolicy()

RemoveFilteredPolicy 移除当前策略中的授权规则,可以指定字段筛选器。 RemovePolicy 从当前策略中删除授权规则。

例如:

removed := e.RemoveFilteredPolicy(0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredPolicy(0, ...p)
$removed = $e->removeFilteredPolicy(0, "alice", "data1", "read");

RemoveNamedPolicy()

RemoveNamedPolicy 从当前命名策略中删除授权规则。

例如:

removed := e.RemoveNamedPolicy("p", "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeNamedPolicy('p', ...p)
$removed = $e->removeNamedPolicy("p", "alice", "data1", "read");

RemoveFilteredNamedPolicy()

RemoveFilteredNamedPolicy 从当前命名策略中移除授权规则,可以指定字段筛选器。

例如:

removed := e.RemoveFilteredNamedPolicy("p", 0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredNamedPolicy('p', 0, ...p)
$removed = $e->removeFilteredNamedPolicy("p", 0, "alice", "data1", "read");

HasGroupingPolicy()

HasGroupingPolicy 确定是否存在角色继承规则。

例如:

has := e.HasGroupingPolicy("alice", "data2_admin")
const has = e.hasGroupingPolicy('alice', 'data2_admin')
$has = $e->hasGroupingPolicy("alice", "data2_admin");

HasNamedGroupingPolicy()

HasNamedGroupingPolicy 确定是否存在命名角色继承规则。

For example:

has := e.HasNamedGroupingPolicy("g", "alice", "data2_admin")
const has = e.hasNamedGroupingPolicy('g', 'alice', 'data2_admin')
$has = $e->hasNamedGroupingPolicy("g", "alice", "data2_admin");

AddGroupingPolicy()

AddGroupingPolicy 向当前策略添加角色继承规则。 如果规则已经存在,函数返回false,并且不会添加规则。 如果规则已经存在,函数返回false,并且不会添加规则。

例如:

added := e.AddGroupingPolicy("group1", "data2_admin")
const added = await e.addGroupingPolicy('group1', 'data2_admin')
$added = $e->addGroupingPolicy("group1", "data2_admin");

AddNamedGroupingPolicy()

AddNamedGroupingPolicy 将命名角色继承规则添加到当前策略。 如果规则已经存在,函数返回false,并且不会添加规则。 否则,函数通过添加新规则并返回true。

例如:

added := e.AddNamedGroupingPolicy("g", "group1", "data2_admin")
const added = await e.addNamedGroupingPolicy('g', 'group1', 'data2_admin')
$added = $e->addNamedGroupingPolicy("g", "group1", "data2_admin");

RemoveGroupingPolicy()

RemoveGroupingPolicy 从当前策略中删除角色继承规则。

例如:

removed := e.RemoveGroupingPolicy("alice", "data2_admin")
const removed = await e.removeGroupingPolicy('alice', 'data2_admin')
$removed = $e->removeGroupingPolicy("alice", "data2_admin");

RemoveFilteredGroupingPolicy()

RemoveFilteredGroupingPolicy 从当前策略中移除角色继承规则,可以指定字段筛选器。

例如:

removed := e.RemoveFilteredGroupingPolicy(0, "alice")
const removed = await e.removeFilteredGroupingPolicy(0, 'alice')
$removed = $e->removeFilteredGroupingPolicy(0, "alice");

RemoveNamedGroupingPolicy()

RemoveNamedGroupingPolicy 从当前命名策略中移除角色继承规则。

例如:

removed := e.RemoveNamedGroupingPolicy("g", "alice")
const removed = await e.removeNamedGroupingPolicy('g', 'alice')
$removed = $e->removeNamedGroupingPolicy("g", "alice");

RemoveFilteredNamedGroupingPolicy()

RemoveFilteredNamedGroupingPolicy 从当前命名策略中移除角色继承规则,可以指定字段筛选器。

例如:

removed := e.RemoveFilteredNamedGroupingPolicy("g", 0, "alice")
const removed = await e.removeFilteredNamedGroupingPolicy('g', 0, 'alice')
$removed = $e->removeFilteredNamedGroupingPolicy("g", 0, "alice");

AddFunction()

AddFunction 添加自定义函数。

例如:

func CustomFunction(key1 string, key2 string) bool {
    if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" {
        return true
    } else if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId" {
        return true
    } else {
        return false
    }
}

func CustomFunctionWrapper(args ...interface{}) (interface{}, error) {
    key1 := args[0].(string)
    key2 := args[1].(string)

    return bool(CustomFunction(key1, key2)), nil
}

e.AddFunction("keyMatchCustom", CustomFunctionWrapper)
Method is not implemented
func customFunction($key1, $key2) {
    if ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data/:resource") {
        return true;
    } elseif ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data2/:id/using/:resId") {
        return true;
    } else {
        return false;
    }
}

func customFunctionWrapper(...$args){
    $key1 := $args[0];
    $key2 := $args[1];

    return customFunction($key1, $key2);
}

$e->addFunction("keyMatchCustom", customFunctionWrapper);
中间件RBAC API