Casbin

Casbin

  • 文档
  • API
  • 编辑器
  • JetBrains 插件
  • Casdoor
  • 论坛
  • OA
  • 趋势
  • 云服务
  • 帮助
  • 博客
  • Languages icon中文
    • English
    • 한국어
    • 参与翻译
  • GitHub

›API

基础知识

  • 概述
  • 开始使用
  • 工作原理
  • 教程

Model

  • 支持的Models
  • Model语法
  • 函数
  • 基于角色的访问控制
  • 域内RBAC
  • ABAC

存储

  • Model存储
  • Policy存储
  • 政策子集加载

扩充功能

  • 适配器
  • 观察者
  • 调度器
  • 角色管理器
  • 中间件

API

  • 管理 API
  • RBAC API

高级用法。

  • 多线程
  • 基准测试
  • Performance Optimization

管理

  • 管理员门户
  • Casbin 服务
  • 日志 & 错误处理
  • 在线编辑器
  • Frontend Usage

更多

  • 本项目使用者
  • 隐私政策
  • 服务条款
Translate

管理 API

提供对Casbin策略管理完全支持的基本API。

参考

全局变量 e是执行者实例。

Go
Node.js
PHP
.NET
Rust
e, err := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')
$e = new Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv');
var e = new Enforcer("path/to/model.conf", "path/to/policy.csv");
let mut e = Enforce::new("examples/rbac_model.conf", "examples/rbac_policy.csv").await?;

GetAllSubjects()

GetAllSubjects 获取当前策略中显示的主题列表。

For example:

Go
Node.js
PHP
.NET
Rust
allSubjects := e.GetAllSubjects()
const allSubjects = await e.getAllSubjects()
$allSubjects = $e->getAllSubjects();
var allSubjects = e.GetAllSubjects();
let all_subjects = e.get_all_subjects();

GetAllNamedSubjects()

GetAllNamedSubjects 获取当前命名策略中显示的主题列表。

For example:

Go
Node.js
PHP
.NET
Rust
allNamedSubjects := e.GetAllNamedSubjects("p")
const allNamedSubjects = await e.getAllNamedSubjects('p')
$allNamedSubjects = $e->getAllNamedSubjects("p");
var allNamedSubjects = e.GetAllNamedSubjects("p");
let all_named_subjects = e.get_all_named_subjects("p");

GetAllObjects()

GetAllObjects 获取当前策略中显示的对象列表。

例如:

Go
Node.js
PHP
.NET
Rust
allObjects := e.GetAllObjects()
const allObjects = await e.getAllObjects()
$allObjects = $e->getAllObjects();
var allObjects = e.GetAllObjects();
let all_objects = e.get_all_objects();

GetAllNamedObjects()

GetAllNamedObjects 获取当前命名策略中显示的对象列表。

例如:

Go
Node.js
PHP
.NET
Rust
allNamedObjects := e.GetAllNamedObjects("p")
const allNamedObjects = await e.getAllNamedObjects('p')
$allNamedObjects = $e->getAllNamedObjects("p");
var allNamedObjects = e.GetAllNamedObjects("p");
let all_named_objects = e.get_all_named_objects("p");

GetAllActions()

GetAllActions 获取当前策略中显示的操作列表。

例如:

Go
Node.js
PHP
.NET
Rust
allActions := e.GetAllActions()
const allActions = await e.getAllActions()
$allActions = $e->getAllActions();
var allActions = e.GetAllActions();
let all_actions = e.get_all_actions();

GetAllNamedActions()

GetAllNamedActions 获取当前命名策略中显示的操作列表。

例如:

Go
Node.js
PHP
.NET
Rust
allNamedActions := e.GetAllNamedActions("p")
const allNamedActions = await e.getAllNamedActions('p')
$allNamedActions = $e->getAllNamedActions("p");
var allNamedActions = e.GetAllNamedActions("p");
let all_named_actions = e.get_all_named_actions("p");

GetAllRoles()

GetAllRoles获取当前策略中显示的角色列表。

例如:

Go
Node.js
PHP
.NET
Rust
allRoles = e.GetAllRoles()
const allRoles = await e.getAllRoles()
$allRoles = $e->getAllRoles();
var allRoles = e.GetAllRoles();
let all_roles = e.get_all_roles();

GetAllNamedRoles()

GetAllNamedRoles 获取当前命名策略中显示的角色列表。

例如:

Go
Node.js
PHP
.NET
Rust
allNamedRoles := e.GetAllNamedRoles("g")
const allNamedRoles = await e.getAllNamedRoles('g')
$allNamedRoles = $e->getAllNamedRoles('g');
var allNamedRoles = e.GetAllNamedRoles("g");
let all_named_roles = e.get_all_named_roles("g");

GetPolicy()

GetPolicy 获取策略中的所有授权规则。

例如:

Go
Node.js
PHP
.NET
Rust
policy = e.GetPolicy()
const policy = await e.getPolicy()
$policy = $e->getPolicy();
var policy = e.GetPolicy();
let policy = e.get_policy();

GetFilteredPolicy()

GetFilteredPolicy 获取策略中的所有授权规则,可以指定字段筛选器。

例如:

Go
Node.js
PHP
.NET
Rust
filteredPolicy := e.GetFilteredPolicy(0, "alice")
const filteredPolicy = await e.getFilteredPolicy(0, 'alice')
$filteredPolicy = $e->getFilteredPolicy(0, "alice");
var filteredPolicy = e.GetFilteredPolicy(0, "alice");
let filtered_policy = e.get_filtered_policy(0, vec!["alice".to_owned()]);

GetNamedPolicy()

GetNamedPolicy 获取命名策略中的所有授权规则。

例如:

Go
Node.js
PHP
.NET
Rust
namedPolicy := e.GetNamedPolicy("p")
const namedPolicy = await e.getNamedPolicy('p')
$namedPolicy = $e->getNamedPolicy("p");
var namedPolicy = e.GetNamedPolicy("p");
let named_policy = e.get_named_policy("p");

GetFilteredNamedPolicy()

GetFilteredNamedPolicy 获取命名策略中的所有授权规则,可以指定字段过滤器。

例如:

Go
Node.js
PHP
.NET
Rust
filteredNamedPolicy = e.GetFilteredNamedPolicy("p", 0, "bob")
const filteredNamedPolicy = await e.getFilteredNamedPolicy('p', 0, 'bob')
$filteredNamedPolicy = $e->getFilteredNamedPolicy("p", 0, "bob");
var filteredNamedPolicy = e.GetFilteredNamedPolicy("p", 0, "alice");
let filtered_named_policy = e.get_filtered_named_policy("p", 0, vec!["bob".to_owned()]);

GetGroupingPolicy()

GetGroupingPolicy 获取策略中的所有角色继承规则。

例如:

Go
Node.js
PHP
.NET
Rust
groupingPolicy := e.GetGroupingPolicy()
const groupingPolicy = await e.getGroupingPolicy()
$groupingPolicy = $e->getGroupingPolicy();
var groupingPolicy = e.GetGroupingPolicy();
let grouping_policy = e.get_grouping_policy();

GetFilteredGroupingPolicy()

GetFilteredGroupingPolicy 获取策略中的所有角色继承规则,可以指定字段筛选器。

例如:

Go
Node.js
PHP
.NET
Rust
filteredGroupingPolicy := e.GetFilteredGroupingPolicy(0, "alice")
const filteredGroupingPolicy = await e.getFilteredGroupingPolicy(0, 'alice')
$filteredGroupingPolicy = $e->getFilteredGroupingPolicy(0, "alice");
var filteredGroupingPolicy = e.GetFilteredGroupingPolicy(0, "alice");
let filtered_grouping_policy = e.get_filtered_grouping_policy(0, vec!["alice".to_owned()]);

GetNamedGroupingPolicy()

GetNamedGroupingPolicy 获取策略中的所有角色继承规则。

例如:

Go
Node.js
PHP
.NET
Rust
namedGroupingPolicy := e.GetNamedGroupingPolicy("g")
const namedGroupingPolicy = await e.getNamedGroupingPolicy('g')
$namedGroupingPolicy = $e->getNamedGroupingPolicy("g");
var namedGroupingPolicy = e.GetNamedGroupingPolicy("g");
let named_grouping_policy = e.get_named_grouping_policy("g");

GetFilteredNamedGroupingPolicy()

GetFilteredNamedGroupingPolicy 获取策略中的所有角色继承规则。

例如:

Go
Node.js
PHP
.NET
Rust
namedGroupingPolicy := e.GetFilteredNamedGroupingPolicy("g", 0, "alice")
const namedGroupingPolicy = await e.getFilteredNamedGroupingPolicy('g', 0, 'alice')
$namedGroupingPolicy = $e->getFilteredNamedGroupingPolicy("g", 0, "alice");
var namedGroupingPolicy = e.GetFilteredNamedGroupingPolicy("g", 0, "alice");
let named_grouping_policy = e.get_filtered_named_groupingPolicy("g", 0, vec!["alice".to_owned()]);

HasPolicy()

HasPolicy 确定是否存在授权规则。

例如:

Go
Node.js
PHP
.NET
Rust
hasPolicy := e.HasPolicy("data2_admin", "data2", "read")
const hasPolicy = await e.hasPolicy('data2_admin', 'data2', 'read')
$hasPolicy = $e->hasPolicy('data2_admin', 'data2', 'read');
var hasPolicy = e.HasPolicy("data2_admin", "data2", "read");
let has_policy = e.has_policy(vec!["data2_admin".to_owned(), "data2".to_owned(), "read".to_owned()]);

HasNamedPolicy()

HasNamedPolicy 确定是否存在命名授权规则。

例如:

Go
Node.js
PHP
.NET
Rust
hasNamedPolicy := e.HasNamedPolicy("p", "data2_admin", "data2", "read")
const hasNamedPolicy = await e.hasNamedPolicy('p', 'data2_admin', 'data2', 'read')
$hasNamedPolicy = $e->hasNamedPolicy("p", "data2_admin", "data2", "read");
var hasNamedPolicy = e.HasNamedPolicy("p", "data2_admin", "data2", "read");
let has_named_policy = e.has_named_policy("p", vec!["data2_admin".to_owned(), "data2".to_owned(), "read".to_owned()]);

AddPolicy()

AddPolicy 向当前策略添加授权规则。 如果规则已经存在,函数返回false,并且不会添加规则。 否则,函数通过添加新规则并返回true。

例如:

Go
Node.js
PHP
.NET
Rust
added := e.AddPolicy("eve", "data3", "read")
const p = ['eve', 'data3', 'read']
const added = await e.addPolicy(...p)
$added = $e->addPolicy('eve', 'data3', 'read');
var added = e.AddPolicy("eve", "data3", "read");
or
var added = await e.AddPolicyAsync("eve", "data3", "read");
let added = e.add_policy(vec!["eve".to_owned(), "data3".to_owned(), "read".to_owned()]);

AddPolicies()

AddPolicies adds authorization rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.

例如:

Go
Rust
Node.js
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}

areRulesAdded := e.AddPolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];

let are_rules_added = e.add_policies(rules).await?
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];

const areRulesAdded = await e.addPolicies(rules);

AddNamedPolicy()

AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

例如:

Go
Node.js
PHP
.NET
Rust
added := e.AddNamedPolicy("p", "eve", "data3", "read")
const p = ['eve', 'data3', 'read']
const added = await e.addNamedPolicy('p', ...p)
$added = $e->addNamedPolicy("p", "eve", "data3", "read");
var added = e.AddNamedPolicy("p", "eve", "data3", "read");
or
var added = await e.AddNamedPolicyAsync("p", "eve", "data3", "read");
let added = e.add_named_policy("p", vec!["eve".to_owned(), "data3".to_owned(), "read".to_owned()]).await?;

AddNamedPolicies()

AddNamedPolicies adds authorization rules to the current named policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.

例如:

Go
Rust
Node.js
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}

areRulesAdded := e.AddNamedPolicies("p", rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];

let are_rules_added := e.add_named_policies("p", rules).await?;
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];

const areRulesAdded = await e.addNamedPolicies('p', rules);

RemovePolicy()

RemovePolicy removes an authorization rule from the current policy.

例如:

Go
Node.js
PHP
.NET
Rust
removed := e.RemovePolicy("alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removePolicy(...p)
$removed = $e->removePolicy("alice", "data1", "read");
var removed = e.RemovePolicyAsync("alice", "data1", "read");
or
var removed = await e.RemovePolicyAsync("alice", "data1", "read");
let removed = e.remove_policy(vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;

RemovePolicies()

RemovePolicies removes authorization rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.

例如:

Go
Rust
Node.js
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}

areRulesRemoved := e.RemovePolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];

let are_rules_removed = e.remove_policies(rules).await?;
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];

const areRulesRemoved = await e.removePolicies(rules);

RemoveFilteredPolicy()

RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. RemovePolicy removes an authorization rule from the current policy.

例如:

Go
Node.js
PHP
.NET
Rust
removed := e.RemoveFilteredPolicy(0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredPolicy(0, ...p)
$removed = $e->removeFilteredPolicy(0, "alice", "data1", "read");
var removed = e.RemoveFilteredPolicy("alice", "data1", "read");
or
var removed = await e.RemoveFilteredPolicyAsync("alice", "data1", "read");
let removed = e.remove_filtered_policy(0, vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;

RemoveNamedPolicy()

RemoveNamedPolicy removes an authorization rule from the current named policy.

For example:

Go
Node.js
PHP
.NET
Rust
removed := e.RemoveNamedPolicy("p", "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeNamedPolicy('p', ...p)
$removed = $e->removeNamedPolicy("p", "alice", "data1", "read");
var removed = e.RemoveNamedPolicy("p", "alice", "data1", "read");
or
var removed = await e.RemoveNamedPolicyAsync("p", "alice", "data1", "read");
let removed = e.remove_named_policy("p", vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;

RemoveNamedPolicies()

RemoveNamedPolicies removes authorization rules from the current named policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.

例如:

Go
Rust
Node.js
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}

areRulesRemoved := e.RemoveNamedPolicies("p", rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];

let areRulesRemoved = e.remove_named_policies("p", rules).await?;
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];

const areRulesRemoved = await e.removeNamedPolicies('p', rules);

RemoveFilteredNamedPolicy()

RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.

例如:

Go
Node.js
PHP
.NET
Rust
removed := e.RemoveFilteredNamedPolicy("p", 0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredNamedPolicy('p', 0, ...p)
$removed = $e->removeFilteredNamedPolicy("p", 0, "alice", "data1", "read");
var removed = e.RemoveFilteredNamedPolicy("p", 0, "alice", "data1", "read");
or
var removed = e.RemoveFilteredNamedPolicyAync("p", 0, "alice", "data1", "read");
let removed = e.remove_filtered_named_policy("p", 0, vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;

HasGroupingPolicy()

HasGroupingPolicy determines whether a role inheritance rule exists.

例如:

Go
Node.js
PHP
.NET
Rust
has := e.HasGroupingPolicy("alice", "data2_admin")
const has = await e.hasGroupingPolicy('alice', 'data2_admin')
$has = $e->hasGroupingPolicy("alice", "data2_admin");
var has = e.HasGroupingPolicy("alice", "data2_admin");
let has = e.has_grouping_policy(vec!["alice".to_owned(), "data2_admin".to_owned()]);

HasNamedGroupingPolicy()

HasNamedGroupingPolicy determines whether a named role inheritance rule exists.

例如:

Go
Node.js
PHP
.NET
Rust
has := e.HasNamedGroupingPolicy("g", "alice", "data2_admin")
const has = await e.hasNamedGroupingPolicy('g', 'alice', 'data2_admin')
$has = $e->hasNamedGroupingPolicy("g", "alice", "data2_admin");
var has = e.HasNamedGroupingPolicy("g", "alice", "data2_admin");
let has = e.has_named_grouping_policy("g", vec!["alice".to_owned(), "data2_admin".to_owned()]);

AddGroupingPolicy()

AddGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

例如:

Go
Node.js
PHP
.NET
Rust
added := e.AddGroupingPolicy("group1", "data2_admin")
const added = await e.addGroupingPolicy('group1', 'data2_admin')
$added = $e->addGroupingPolicy("group1", "data2_admin");
var added = e.AddGroupingPolicy("group1", "data2_admin");
or
var added = await e.AddGroupingPolicyAsync("group1", "data2_admin");
let added = e.add_grouping_policy(vec!["group1".to_owned(), "data2_admin".to_owned()]).await?;

AddGroupingPolicies()

AddGroupingPolicies adds role inheritance rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all authorization the rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.

例如:

Go
Rust
Node.js
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}

areRulesAdded := e.AddGroupingPolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];

let areRulesAdded = e.add_grouping_policies(rules).await?;
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];

const areRulesAdded = await e.addGroupingPolicies(groupingRules);

AddNamedGroupingPolicy()

AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

例如:

Go
Node.js
PHP
.NET
Rust
added := e.AddNamedGroupingPolicy("g", "group1", "data2_admin")
const added = await e.addNamedGroupingPolicy('g', 'group1', 'data2_admin')
$added = $e->addNamedGroupingPolicy("g", "group1", "data2_admin");
var added = e.AddNamedGroupingPolicy("g", "group1", "data2_admin");
or
var added = await e.AddNamedGroupingPolicyAsync("g", "group1", "data2_admin");
let added = e.add_named_grouping_policy("g", vec!["group1".to_owned(), "data2_admin".to_owned()]).await?;

AddNamedGroupingPolicies()

AddNamedGroupingPolicies adds named role inheritance rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.

For example:

Go
Rust
Node.js
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}

areRulesAdded := e.AddNamedGroupingPolicies("g", rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];

let are_rules_added = e.add_named_grouping_policies("g", rules).await?;
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];

const areRulesAdded = await e.addNamedGroupingPolicies('g', groupingRules);

RemoveGroupingPolicy()

RemoveGroupingPolicy removes a role inheritance rule from the current policy.

For example:

Go
Node.js
PHP
.NET
Rust
removed := e.RemoveGroupingPolicy("alice", "data2_admin")
const removed = await e.removeGroupingPolicy('alice', 'data2_admin')
$removed = $e->removeGroupingPolicy("alice", "data2_admin");
var removed = e.RemoveGroupingPolicy("alice", "data2_admin");
or
var removed = await e.RemoveGroupingPolicyAsync("alice", "data2_admin");
let removed = e.remove_grouping_policy(vec!["alice".to_owned(), "data2_admin".to_owned()]).await?;

RemoveGroupingPolicies()

RemoveGroupingPolicies removes role inheritance rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.

For example:

Go
Rust
Node.js
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}

areRulesRemoved := e.RemoveGroupingPolicies(rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];

let are_rules_removed = e.remove_grouping_policies(rules).await?;
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];

const areRulesRemoved = await e.removeGroupingPolicies(groupingRules);

RemoveFilteredGroupingPolicy()

RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.

For example:

Go
Node.js
PHP
.NET
Rust
removed := e.RemoveFilteredGroupingPolicy(0, "alice")
const removed = await e.removeFilteredGroupingPolicy(0, 'alice')
$removed = $e->removeFilteredGroupingPolicy(0, "alice");
var removed = e.RemoveFilteredGroupingPolicy(0, "alice");
or
var removed = await e.RemoveFilteredGroupingPolicyAsync(0, "alice");
let removed = e.remove_filtered_grouping_policy(0, vec!["alice".to_owned()]).await?;

RemoveNamedGroupingPolicy()

RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy.

For example:

Go
Node.js
PHP
.NET
Rust
removed := e.RemoveNamedGroupingPolicy("g", "alice")
const removed = await e.removeNamedGroupingPolicy('g', 'alice')
$removed = $e->removeNamedGroupingPolicy("g", "alice");
var removed = e.RemoveNamedGroupingPolicy("g", "alice");
or
var removed = await e.RemoveNamedGroupingPolicyAsync("g", "alice");
let removed = e.remove_named_grouping_policy("g", vec!["alice".to_owned()]).await?;

RemoveNamedGroupingPolicies()

RemoveNamedGroupingPolicies removes named role inheritance rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.

For example:

Go
Rust
Node.js
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}

areRulesRemoved := e.RemoveNamedGroupingPolicies("g", rules)
let rules = vec![
vec!["jack".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["katy".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["leyo".to_owned(), "group1".to_owned(), "domain1".to_owned()],
vec!["ham".to_owned(), "group1".to_owned(), "domain1".to_owned()],
];

let are_rules_removed = e.remove_named_grouping_policies("g", rules).await?;
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];

const areRulesRemoved = await e.removeNamedGroupingPolicies('g', groupingRules);

RemoveFilteredNamedGroupingPolicy()

RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.

For example:

Go
Node.js
PHP
.NET
Rust
removed := e.RemoveFilteredNamedGroupingPolicy("g", 0, "alice")
const removed = await e.removeFilteredNamedGroupingPolicy('g', 0, 'alice')
$removed = $e->removeFilteredNamedGroupingPolicy("g", 0, "alice");
var removed = e.RemoveFilteredNamedGroupingPolicy("g", 0, "alice");
or
var removed = await e.RemoveFilteredNamedGroupingPolicyAsync("g", 0, "alice");
let removed = e.remove_filtered_named_groupingPolicy("g", 0, vec!["alice".to_owned()]).await?;

UpdatePolicy()

UpdatePolicy update a old policy to new policy.

For example:

Go
updated, err := e.UpdatePolicy([]string{"eve", "data3", "read"}, []string{"eve", "data3", "write"})

AddFunction()

AddFunction adds a customized function.

For example:

Go
Node.js
PHP
Rust
func CustomFunction(key1 string, key2 string) bool {
if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" {
return true
} else if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId" {
return true
} else {
return false
}
}

func CustomFunctionWrapper(args ...interface{}) (interface{}, error) {
key1 := args[0].(string)
key2 := args[1].(string)

return bool(CustomFunction(key1, key2)), nil
}

e.AddFunction("keyMatchCustom", CustomFunctionWrapper)
Method is not implemented
func customFunction($key1, $key2) {
if ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data/:resource") {
return true;
} elseif ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data2/:id/using/:resId") {
return true;
} else {
return false;
}
}

func customFunctionWrapper(...$args){
$key1 := $args[0];
$key2 := $args[1];

return customFunction($key1, $key2);
}

$e->addFunction("keyMatchCustom", customFunctionWrapper);
fn custom_function(key1: STring, key2: String) {
key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" || key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId"
}


e.add_function("keyMatchCustom", custom_function);
← 中间件RBAC API →
  • 参考
    • GetAllSubjects()
    • GetAllNamedSubjects()
    • GetAllObjects()
    • GetAllNamedObjects()
    • GetAllActions()
    • GetAllNamedActions()
    • GetAllRoles()
    • GetAllNamedRoles()
    • GetPolicy()
    • GetFilteredPolicy()
    • GetNamedPolicy()
    • GetFilteredNamedPolicy()
    • GetGroupingPolicy()
    • GetFilteredGroupingPolicy()
    • GetNamedGroupingPolicy()
    • GetFilteredNamedGroupingPolicy()
    • HasPolicy()
    • HasNamedPolicy()
    • AddPolicy()
    • AddPolicies()
    • AddNamedPolicy()
    • AddNamedPolicies()
    • RemovePolicy()
    • RemovePolicies()
    • RemoveFilteredPolicy()
    • RemoveNamedPolicy()
    • RemoveNamedPolicies()
    • RemoveFilteredNamedPolicy()
    • HasGroupingPolicy()
    • HasNamedGroupingPolicy()
    • AddGroupingPolicy()
    • AddGroupingPolicies()
    • AddNamedGroupingPolicy()
    • AddNamedGroupingPolicies()
    • RemoveGroupingPolicy()
    • RemoveGroupingPolicies()
    • RemoveFilteredGroupingPolicy()
    • RemoveNamedGroupingPolicy()
    • RemoveNamedGroupingPolicies()
    • RemoveFilteredNamedGroupingPolicy()
    • UpdatePolicy()
    • AddFunction()
Casbin
Docs
Getting StartedManagement APIRBAC APIMiddlewares
Community
Who's using Casbin?ForumStack OverflowProject Chat
Casbin          jCasbin
Node-Casbin   PHP-CasbinPyCasbin          Casbin.NETCasbin-CPP        Casbin-RS
Follow @CasbinNews
Copyright © 2021 Casbin contributors.