Get Started

Installation

Go

go get github.com/casbin/casbin/v2

Java

Pour Maven:

<!-- https://mvnrepository.com/artifact/org.casbin/jcasbin -->
<dependency>
    <groupId>org.casbin</groupId>
    <artifactId>jcasbin</artifactId>
    <version>1.x.y</version>
</dependency>

Node.js

# NPM
npm install casbin --save

# Yarn
yarn add casbin

PHP

Exigez ce paquet dans le composer.json de votre projet pour télécharger le paquet:

composer require casbin/casbin

Python

pip install casbin

.NET

dotnet add package Casbin.NET

C++

# Download source
git clone https://github.com/casbin/casbin-cpp.git

# Generate project files
cd casbin-cpp && mkdir build && cd build && cmake .. -DCMAKE_BUILD_TYPE=Release

# Build and install casbin
cmake --build . --config Release --target casbin install -j 10

Rust

cargo install cargo-edit
cargo add casbin

// If you use async-std as async executor
cargo add async-std

// If you use tokio as async executor, make sure you activate its `macros` feature
cargo add tokio

Delphi

Casbin4D est livré dans un paquet (actuellement pour Delphi 10.3 Rio) et vous pouvez l'installer dans l'IDE. Cependant, il n'y a pas de composants visuels, ce qui signifie que vous pouvez utiliser les unités indépendamment des paquets. Il suffit d'importer les unités dans votre projet (en supposant que vous ne vous souciez pas de leur nombre).

Lua

luarocks install casbin  

Si vous recevez un message d'erreur: "Votre utilisateur n'a pas les permissions d'écriture dans /usr/local/lib/luarocks/rocks", vous voudrez peut-être exécuter la commande en tant qu'utilisateur privilégié ou utiliser votre arborescence locale avec --local. Pour corriger l'erreur, vous pouvez ajouter --local derrière votre commande comme ceci:

luarocks install casbin --local

Nouveau renforcement Casbin

Casbin utilise des fichiers de configuration pour définir le modèle de contrôle d'accès.

Il y a deux fichiers de configuration: model.conf et policy.csv. model.conf stocke le modèle d'accès, tandis que policy.csv stocke la configuration spécifique des permissions de l'utilisateur. L'utilisation de Casbin est très simple. Nous avons seulement besoin de créer une structure principale: enforcer. Lors de la construction de cette structure, model.conf et policy.csv seront chargés.

En d'autres termes, pour créer un renforcement Casbin, vous devez fournir un Modèle et un Adaptateur.

Casbin fournit un FileAdapter que vous pouvez utiliser. Voir Adapter pour plus d'informations.

• Exemple d'utilisation du fichier Modèle et de l'FileAdapter par défaut:

Go

import "github.com/casbin/casbin/v2"

e, err := casbin.NewEnforcer("path/to/model.conf", "path/to/policy.csv")

Java

import org.casbin.jcasbin.main.Enforcer;

Enforcer e = new Enforcer("path/to/model.conf", "path/to/policy.csv");

Node.js

import { newEnforcer } from 'casbin';

const e = await newEnforcer('path/to/model.conf', 'path/to/policy.csv');

PHP

require_once './vendor/autoload.php';

use Casbin\Enforcer;

$e = new Enforcer("path/to/model.conf", "path/to/policy.csv");

Python

import casbin

e = casbin.Enforcer("path/to/model.conf", "path/to/policy.csv")

.NET

using NetCasbin; 

var e = new Enforcer("path/to/model.conf", "path/to/policy.csv");

C++

#include <iostream>
#include <casbin/casbin.h>

int main() {
    // Create an Enforcer
    casbin::Enforcer e("path/to/model.conf", "path/to/policy.csv");

    // your code ..
}

Delphi

var
  casbin: ICasbin;
begin
  casbin := TCasbin.Create('path/to/model.conf', 'path/to/policy.csv');
  ...
end

Rust

use casbin::prelude::*;

// If you use async_td as async executor
#[cfg(feature = "runtime-async-std")]
#[async_std::main]
async fn main() -> Result<()> {
    let mut e = Enforcer::new("path/to/model.conf", "path/to/policy.csv").await?;
    Ok(())
}

// If you use tokio as async executor
#[cfg(feature = "runtime-tokio")]
#[tokio::main]
async fn main() -> Result<()> {
    let mut e = Enforcer::new("path/to/model.conf", "path/to/policy.csv").await?;
    Ok(())
}

Lua

local Enforcer = require("casbin")
local e = Enforcer:new("path/to/model.conf", "path/to/policy.csv") -- The Casbin Enforcer

• Utilisez le texte du Modèle avec un autre Adaptateur:

Go

import (
    "log"

    "github.com/casbin/casbin/v2"
    "github.com/casbin/casbin/v2/model"
    xormadapter "github.com/casbin/xorm-adapter/v2"
    _ "github.com/go-sql-driver/mysql"
)

// Initialize a Xorm adapter with MySQL database.
a, err := xormadapter.NewAdapter("mysql", "mysql_username:mysql_password@tcp(127.0.0.1:3306)/")
if err != nil {
    log.Fatalf("error: adapter: %s", err)
}

m, err := model.NewModelFromString(`
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
`)
if err != nil {
    log.Fatalf("error: model: %s", err)
}

e, err := casbin.NewEnforcer(m, a)
if err != nil {
    log.Fatalf("error: enforcer: %s", err)
}

Python

import casbin
import casbin_sqlalchemy_adapter


# Use SQLAlchemy Casbin adapter with SQLLite DB
adapter = casbin_sqlalchemy_adapter.Adapter('sqlite:///test.db')

# Create a config model policy
with open("rbac_example_model.conf", "w") as f:
    f.write("""
    [request_definition]
    r = sub, obj, act

    [policy_definition]
    p = sub, obj, act

    [policy_effect]
    e = some(where (p.eft == allow))

    [matchers]
    m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
    """)

# Create enforcer from adapter and config policy
e = casbin.Enforcer('rbac_example_model.conf', adapter)

Vérifier les permissions

Ajoutez un crochet d'exécution dans votre code juste avant que l'accès ne se produise:

Go

sub := "alice" // the user that wants to access a resource.
obj := "data1" // the resource that is going to be accessed.
act := "read" // the operation that the user performs on the resource.

ok, err := e.Enforce(sub, obj, act)

if err != nil {
    // handle err
}

if ok == true {
    // permit alice to read data1
} else {
    // deny the request, show an error
}

// You could use BatchEnforce() to enforce some requests in batches.
// This method returns a bool slice, and this slice's index corresponds to the row index of the two-dimensional array.
// e.g. results[0] is the result of {"alice", "data1", "read"}
results, err := e.BatchEnforce([][]interface{}{{"alice", "data1", "read"}, {"bob", "data2", "write"}, {"jack", "data3", "read"}})

Java

String sub = "alice"; // the user that wants to access a resource.
String obj = "data1"; // the resource that is going to be accessed.
String act = "read"; // the operation that the user performs on the resource.

if (e.enforce(sub, obj, act) == true) {
    // permit alice to read data1
} else {
    // deny the request, show an error
}

Node.js

const sub = 'alice'; // the user that wants to access a resource.
const obj = 'data1'; // the resource that is going to be accessed.
const act = 'read'; // the operation that the user performs on the resource.

if ((await e.enforce(sub, obj, act)) === true) {
    // permit alice to read data1
} else {
    // deny the request, show an error
}

PHP

$sub = "alice"; // the user that wants to access a resource.
$obj = "data1"; // the resource that is going to be accessed.
$act = "read"; // the operation that the user performs on the resource.

if ($e->enforce($sub, $obj, $act) === true) {
    // permit alice to read data1
} else {
    // deny the request, show an error
}

Python

sub = "alice"  # the user that wants to access a resource.
obj = "data1"  # the resource that is going to be accessed.
act = "read"  # the operation that the user performs on the resource.

if e.enforce(sub, obj, act):
    # permit alice to read data1
    pass
else:
    # deny the request, show an error
    pass

.NET

var sub = "alice";  # the user that wants to access a resource.
var obj = "data1";  # the resource that is going to be accessed.
var act = "read";  # the operation that the user performs on the resource.

if (await e.EnforceAsync(sub, obj, act)) 
{
    // permit alice to read data1
}
else
{
    // deny the request, show an error
}

C++

    casbin::Enforcer e("../assets/model.conf", "../assets/policy.csv");

    if (e.Enforce({"alice", "/alice_data/hello", "GET"})) {
        std::cout << "Enforce OK" << std::endl;
    } else {
        std::cout << "Enforce NOT Good" << std::endl;
    }

    if (e.Enforce({"alice", "/alice_data/hello", "POST"})) {
        std::cout << "Enforce OK" << std::endl;
    } else {
        std::cout << "Enforce NOT Good" << std::endl;
    }

Delphi

if casbin.enforce(['alice,data1,read']) then
  // Alice is super happy as she can read data1
else
  // Alice is sad

Rust

  let sub = "alice"; // the user that wants to access a resource.
  let obj = "data1"; // the resource that is going to be accessed.
  let act = "read"; // the operation that the user performs on the resource.

  if e.enforce((sub, obj, act)).await? {
      // permit alice to read data1
  } else {
      // error occurs
  }

Lua

if e:enforce("alice", "data1", "read") then
   -- permit alice to read data1
else
   -- deny the request, show an error
end

Casbin fournit également une API pour la gestion des permissions en temps réel. Par exemple, vous pouvez obtenir tous les rôles attribués à un utilisateur comme ci-dessous:

Go

roles, err := e.GetRolesForUser("alice")

Java

List<String> roles = e.getRolesForUser("alice");

Node.js

const roles = await e.getRolesForUser('alice');

PHP

$roles = $e->getRolesForUser("alice");

Python

roles = e.get_roles_for_user("alice")

.NET

var roles = e.GetRolesForUser("alice");

Delphi

roles = e.rolesForEntity("alice")

Rust

let roles = e.get_roles_for_user("alice");

Lua

local roles = e:GetRolesForUser("alice")

Voir API de gestion et API RBAC pour plus d'utilisation.

Veuillez vous référer aux cas de test pour plus d'utilisation.