RBAC API

Una API más amigable para RBAC. Esta API es un subconjunto de la API de Gestión. Los usuarios de RBAC podrían usar esta API para simplificar el código.

Referencia

la variable global e es una instancia de Enforcer.

e, err := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")

const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')

$e = new Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv');

e = casbin.Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")

var e = new Enforcer("path/to/model.conf", "path/to/policy.csv");

let mut e = Enforcer::new("examples/rbac_model.conf", "examples/rbac_policy.csv").await?;

Enforcer e = new Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv");

`GetRolesForUser()`

GetRolesForUser obtiene los roles que un usuario tiene.

Por ejemplo:

res := e.GetRolesForUser("alice")

const res = await e.getRolesForUser('alice')

$res = $e->getRolesForUser("alice");

roles = e.get_roles_for_user("alice")

var res = e.GetRolesForUser("alice");

let roles = e.get_roles_for_user("alice", None); // No domain

List<String> res = e.getRolesForUser("alice");

`GetUsersForRole()`

GetUsersForRole obtiene los usuarios que tienen un rol.

Por ejemplo:

res := e.GetUsersForRole("data1_admin")

const res = await e.getUsersForRole('data1_admin')

$res = $e->getUsersForRole("data1_admin");

users = e.get_users_for_role("data1_admin")

var res = e.GetUsersForRole("data1_admin");

let users = e.get_users_for_role("data1_admin", None); // No domain

List<String> res = e.getUsersForRole("data1_admin");

`HasRoleForUser()`

HasRoleForUser determina si un usuario tiene un rol.

Por ejemplo:

res := e.HasRoleForUser("alice", "data1_admin")

const res = await e.hasRoleForUser('alice', 'data1_admin')

$res = $e->hasRoleForUser("alice", "data1_admin");

has = e.has_role_for_user("alice", "data1_admin")

var res = e.HasRoleForUser("alice", "data1_admin");

let has = e.has_role_for_user("alice", "data1_admin", None); // No domain

boolean res = e.hasRoleForUser("alice", "data1_admin");

`AddRoleForUser()`

AddRoleForUser añade un rol a un usuario. Devuelve falso si el usuario ya tiene el rol (es decir, no afectado).

Por ejemplo:

e.AddRoleForUser("alice", "data2_admin")

await e.addRoleForUser('alice', 'data2_admin')

$e->addRoleForUser("alice", "data2_admin");

e.add_role_for_user("alice", "data2_admin")

var added = e.AddRoleForUser("alice", "data2_admin");
or
var added = await e.AddRoleForUserAsync("alice", "data2_admin");

let added = e.add_role_for_user("alice", "data2_admin", None).await?; // No domain

boolean added = e.addRoleForUser("alice", "data2_admin");

`AddRolesForUser()`

AddRolesForUser añade múltiples roles a un usuario. Devuelve falso si el usuario ya tiene uno de estos roles (es decir, no afectado).

Por ejemplo:

Go
Node.js
Rust

var roles = []string{"data2_admin", "data1_admin"}
e.AddRolesForUser("alice", roles)

const roles = ["data1_admin", "data2_admin"];
roles.map((role) => e.addRoleForUser("alice", role));

let roles = vec!["data1_admin".to_owned(), "data2_admin".to_owned()];
let all_added = e.add_roles_for_user("alice", roles, None).await?; // No domain

`DeleteRoleForUser()`

DeleteRoleForUser elimina un rol de un usuario. Devuelve falso si el usuario no tiene el rol (es decir, no afectado).

Por ejemplo:

e.DeleteRoleForUser("alice", "data1_admin")

await e.deleteRoleForUser('alice', 'data1_admin')

$e->deleteRoleForUser("alice", "data1_admin");

e.delete_role_for_user("alice", "data1_admin")

var deleted = e.DeleteRoleForUser("alice", "data1_admin");
or
var deleted = await e.DeleteRoleForUser("alice", "data1_admin");

let deleted = e.delete_role_for_user("alice", "data1_admin", None).await?; // No domain

boolean deleted = e.deleteRoleForUser("alice", "data1_admin");

`DeleteRolesForUser()`

DeleteRolesForUser elimina todos los roles de un usuario. Devuelve falso si el usuario no tiene ningún rol (es decir, no afectado).

Por ejemplo:

e.DeleteRolesForUser("alice")

await e.deleteRolesForUser('alice')

$e->deleteRolesForUser("alice");

e.delete_roles_for_user("alice")

var deletedAtLeastOne = e.DeleteRolesForUser("alice");
or
var deletedAtLeastOne = await e.DeleteRolesForUserAsync("alice");

let deleted_at_least_one = e.delete_roles_for_user("alice", None).await?; // No domain

boolean deletedAtLeastOne = e.deleteRolesForUser("alice");

`DeleteUser()`

DeleteUser elimina un usuario. Devuelve falso si el usuario no existe (es decir, no afectado).

Por ejemplo:

e.DeleteUser("alice")

await e.deleteUser('alice')

$e->deleteUser("alice");

e.delete_user("alice")

var deleted = e.DeleteUser("alice");
or
var deleted = await e.DeleteUserAsync("alice");

let deleted = e.delete_user("alice").await?;

boolean deleted = e.deleteUser("alice");

`DeleteRole()`

DeleteRole elimina un rol.

Por ejemplo:

e.DeleteRole("data2_admin")

await e.deleteRole("data2_admin")

$e->deleteRole("data2_admin");

e.delete_role("data2_admin")

var deleted = e.DeleteRole("data2_admin");
or
var deleted = await e.DeleteRoleAsync("data2_admin");

let deleted = e.delete_role("data2_admin").await?;

e.deleteRole("data2_admin");

`DeletePermission()`

DeletePermission elimina un permiso. Devuelve falso si el permiso no existe (es decir, no afectado).

Por ejemplo:

e.DeletePermission("read")

await e.deletePermission('read')

$e->deletePermission("read");

e.delete_permission("read")

var deleted = e.DeletePermission("read");
or
var deleted = await e.DeletePermissionAsync("read");

let deleted = e.delete_permission(vec!["read".to_owned()]).await?;

boolean deleted = e.deletePermission("read");

`AddPermissionForUser()`

AddPermissionForUser añade un permiso a un usuario o rol. Devuelve falso si el usuario o rol ya tiene el permiso (es decir, no afectado).

Por ejemplo:

e.AddPermissionForUser("bob", "read")

await e.addPermissionForUser('bob', 'read')

$e->addPermissionForUser("bob", "read");

e.add_permission_for_user("bob", "read")

var added = e.AddPermissionForUser("bob", "read");
or
var added = await e.AddPermissionForUserAsync("bob", "read");

let added = e.add_permission_for_user("bob", vec!["read".to_owned()]).await?;

boolean added = e.addPermissionForUser("bob", "read");

`AddPermissionsForUser()`

AddPermissionsForUser añade múltiples permisos a un usuario o rol. Devuelve falso si el usuario o rol ya tiene uno de los permisos (es decir, no afectado).

Por ejemplo:

Go
Node.js
Rust

var permissions = [][]string{{"data1", "read"},{"data2","write"}}
for i := 0; i < len(permissions); i++ {
    e.AddPermissionsForUser("alice", permissions[i])
}

const permissions = [
    ["data1", "read"],
    ["data2", "write"],
];

permissions.map((permission) => e.addPermissionForUser("bob", ...permission));

let permissions = vec![
    vec!["data1".to_owned(), "read".to_owned()],
    vec!["data2".to_owned(), "write".to_owned()],
];

let all_added = e.add_permissions_for_user("bob", permissions).await?;

`DeletePermissionForUser()`

DeletePermissionForUser elimina un permiso de un usuario o rol. Devuelve falso si el usuario o rol no tiene el permiso (es decir, no afectado).

Por ejemplo:

e.DeletePermissionForUser("bob", "read")

await e.deletePermissionForUser("bob", "read")

$e->deletePermissionForUser("bob", "read");

e.delete_permission_for_user("bob", "read")

var deleted = e.DeletePermissionForUser("bob", "read");
or
var deleted = await e.DeletePermissionForUserAsync("bob", "read");

let deleted = e.delete_permission_for_user("bob", vec!["read".to_owned()]).await?;

boolean deleted = e.deletePermissionForUser("bob", "read");

`DeletePermissionsForUser()`

DeletePermissionsForUser elimina permisos de un usuario o rol. Devuelve falso si el usuario o rol no tiene ningún permiso (es decir, no afectado).

Por ejemplo:

e.DeletePermissionsForUser("bob")

await e.deletePermissionsForUser('bob')

$e->deletePermissionsForUser("bob");

e.delete_permissions_for_user("bob")

var deletedAtLeastOne = e.DeletePermissionsForUser("bob");
or
var deletedAtLeastOne = await e.DeletePermissionsForUserAsync("bob");

let deleted_at_least_one = e.delete_permissions_for_user("bob").await?;

boolean deletedAtLeastOne = e.deletePermissionForUser("bob");

`GetPermissionsForUser()`

GetPermissionsForUser obtiene permisos para un usuario o rol.

Por ejemplo:

e.GetPermissionsForUser("bob")

await e.getPermissionsForUser('bob')

$e->getPermissionsForUser("bob");

e.get_permissions_for_user("bob")

var permissions = e.GetPermissionsForUser("bob");

List<List<String>> permissions = e.getPermissionsForUser("bob");

`HasPermissionForUser()`

HasPermissionForUser determina si un usuario tiene un permiso.

Por ejemplo:

e.HasPermissionForUser("alice", []string{"read"})

await e.hasPermissionForUser('alice', 'read')

$e->hasPermissionForUser("alice", []string{"read"});

has = e.has_permission_for_user("alice", "read")

var has = e.HasPermissionForUser("bob", "read");

let has = e.has_permission_for_user("alice", vec!["data1".to_owned(), "read".to_owned()]);

boolean has = e.hasPermissionForUser("alice", "read");

`GetImplicitRolesForUser()`

GetImplicitRolesForUser gets implicit roles that a user has. Compared to GetRolesForUser(), this function retrieves indirect roles besides direct roles.

For example:

g, alice, role:admin  
g, role:admin, role:user  

GetRolesForUser("alice") can only get: ["role:admin"].\ But GetImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].

For example:

e.GetImplicitRolesForUser("alice")

await e.getImplicitRolesForUser("alice")

$e->getImplicitRolesForUser("alice");

e.get_implicit_roles_for_user("alice")

var implicitRoles = e.GetImplicitRolesForUser("alice");

e.get_implicit_roles_for_user("alice", None); // No domain

List<String> implicitRoles = e.getImplicitRolesForUser("alice");

`GetImplicitUsersForRole()`

GetImplicitUsersForRole gets all users inheriting the role. Compared to GetUsersForRole(), this function retrieves indirect users.

For example:

g, alice, role:admin  
g, role:admin, role:user  

GetUsersForRole("role:user") can only get: ["role:admin"].\ But GetImplicitUesrsForRole("role:user") will get: ["role:admin", "alice"].

For example:

Go
Node.js
Java

users := e.GetImplicitUsersForRole("role:user")

const users = e.getImplicitUsersForRole("role:user");

List<String> users = e.getImplicitUsersForRole("role:user");

`GetImplicitPermissionsForUser()`

GetImplicitPermissionsForUser gets implicit permissions for a user or role.\ Compared to GetPermissionsForUser(), this function retrieves permissions for inherited roles.

For example:

p, admin, data1, read  
p, alice, data2, read  
g, alice, admin 

GetPermissionsForUser("alice") can only get: [["alice", "data2", "read"]].\ But GetImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].

For example:

e.GetImplicitPermissionsForUser("alice")

await e.getImplicitPermissionsForUser("alice")

$e->getImplicitPermissionsForUser("alice");

e.get_implicit_permissions_for_user("alice")

var implicitPermissions = e.GetImplicitPermissionsForUser("alice");

e.get_implicit_permissions_for_user("alice", None); // No domain

List<List<String>> implicitPermissions = e.getImplicitPermissionsForUser("alice");

`GetNamedImplicitPermissionsForUser()`

GetNamedImplicitPermissionsForUser gets implicit permissions for a user or role by named policy Compared to GetImplicitPermissionsForUser(), this function allow you to specify the policy name.

For example:

p, admin, data1, read
p2, admin, create
g, alice, admin

GetImplicitPermissionsForUser("alice") only get: [["admin", "data1", "read"]], whose policy is default "p"

But you can specify the policy as "p2" to get: [["admin", "create"]] by GetNamedImplicitPermissionsForUser("p2","alice")

For example:

Go
Python

e.GetNamedImplicitPermissionsForUser("p2","alice")

e.get_named_implicit_permissions_for_user("p2", "alice")

`GetDomainsForUser()`

GetDomainsForUser gets all domains which a user has.

For example:

p, admin, domain1, data1, read
p, admin, domain2, data2, read
p, admin, domain2, data2, write
g, alice, admin, domain1
g, alice, admin, domain2

GetDomainsForUser("alice") could get ["domain1", "domain2"]

For example:

result, err := e.GetDomainsForUser("alice")

`GetImplicitResourcesForUser()`

GetImplicitResourcesForUser returns all policies that should be true for user.

For example:

p, alice, data1, read
p, bob, data2, write
p, data2_admin, data2, read
p, data2_admin, data2, write

g, alice, data2_admin

GetImplicitResourcesForUser("alice") will return [[alice data1 read] [alice data2 read] [alice data2 write]]

resources, err := e.GetImplicitResourcesForUser("alice")

`GetImplicitUsersForPermission()`

GetImplicitUsersForPermission gets implicit users for a permission.

For example:

p, admin, data1, read
p, bob, data1, read
g, alice, admin

GetImplicitUsersForPermission("data1", "read") will return: ["alice", "bob"].

Note: only users will be returned, roles (2nd arg in "g") will be excluded.

users, err := e.GetImplicitUsersForPermission("data1", "read")

`GetAllowedObjectConditions()`

GetAllowedObjectConditions returns a string array of object conditions that the user can access.

For example:

p, alice, r.obj.price < 25, read
p, admin, r.obj.category_id = 2, read
p, bob, r.obj.author = bob, write

g, alice, admin

e.GetAllowedObjectConditions("alice", "read", "r.obj.") will return ["price < 25", "category_id = 2"], nil

Note:

prefix: You can customize the prefix of the object conditions, and "r.obj." is commonly used as a prefix. After removing the prefix, the remaining part is the condition of the object. If there is an obj policy that does not meet the prefix requirement, an errors.ERR_OBJ_CONDITION will be returned.
If the 'objectConditions' array is empty, return errors.ERR_EMPTY_CONDITION This error is returned because some data adapters' ORM return full table data by default when they receive an empty condition, which tends to behave contrary to expectations.(e.g. GORM) If you are using an adapter that does not behave like this, you can choose to ignore this error.

conditions, err := e.GetAllowedObjectConditions("alice", "read", "r.obj.")

`GetImplicitUsersForResource()`

GetImplicitUsersForResource return implicit user based on resource.

For example:

p, alice, data1, read
p, bob, data2, write
p, data2_admin, data2, read
p, data2_admin, data2, write
g, alice, data2_admin

GetImplicitUsersForResource("data2") will return [["bob", "data2", "write"], ["alice", "data2", "read"] ["alice", "data2", "write"]], nil.

GetImplicitUsersForResource("data1") will return [["alice", "data1", "read"]], nil.

ImplicitUsers, err := e.GetImplicitUsersForResource("data2")

nota

Only users will be returned, roles (2nd arg in "g") will be excluded.

Referencia​

GetRolesForUser()​

GetUsersForRole()​

HasRoleForUser()​

AddRoleForUser()​

AddRolesForUser()​

DeleteRoleForUser()​

DeleteRolesForUser()​

DeleteUser()​

DeleteRole()​

DeletePermission()​

AddPermissionForUser()​

AddPermissionsForUser()​

DeletePermissionForUser()​

DeletePermissionsForUser()​

GetPermissionsForUser()​

HasPermissionForUser()​

GetImplicitRolesForUser()​

GetImplicitUsersForRole()​

GetImplicitPermissionsForUser()​

GetNamedImplicitPermissionsForUser()​

GetDomainsForUser()​

GetImplicitResourcesForUser()​

GetImplicitUsersForPermission()​

GetAllowedObjectConditions()​

GetImplicitUsersForResource()​

Referencia

`GetRolesForUser()`

`GetUsersForRole()`

`HasRoleForUser()`

`AddRoleForUser()`

`AddRolesForUser()`

`DeleteRoleForUser()`

`DeleteRolesForUser()`

`DeleteUser()`

`DeleteRole()`

`DeletePermission()`

`AddPermissionForUser()`

`AddPermissionsForUser()`

`DeletePermissionForUser()`

`DeletePermissionsForUser()`

`GetPermissionsForUser()`

`HasPermissionForUser()`

`GetImplicitRolesForUser()`

`GetImplicitUsersForRole()`

`GetImplicitPermissionsForUser()`

`GetNamedImplicitPermissionsForUser()`

`GetDomainsForUser()`

`GetImplicitResourcesForUser()`

`GetImplicitUsersForPermission()`

`GetAllowedObjectConditions()`

`GetImplicitUsersForResource()`