Passer au contenu principal

RBAC with Domains API

This simplified API is designed for RBAC with domains. It is a subset of the Management API, making it easier for RBAC users to work with domain-based policies.

Référence

La variable globale e représente l'instance Enforcer.

e, err := NewEnforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv")

GetUsersForRoleInDomain()

GetUsersForRoleInDomain() retrieves all users assigned to a specific role within a domain.

Par exemple :

res := e.GetUsersForRoleInDomain("admin", "domain1")

GetRolesForUserInDomain()

GetRolesForUserInDomain() retrieves all roles assigned to a user within a domain.

Par exemple :

res := e.GetRolesForUserInDomain("admin", "domain1")

GetPermissionsForUserInDomain()

GetPermissionsForUserInDomain() retrieves all permissions for a user or role within a domain.

Par exemple :

res := e.GetPermissionsForUserInDomain("alice", "domain1")

AddRoleForUserInDomain()

AddRoleForUserInDomain() assigns a role to a user within a domain. Returns false if the user already has the role (no changes made).

Par exemple :

ok, err := e.AddRoleForUserInDomain("alice", "admin", "domain1")

DeleteRoleForUserInDomain()

DeleteRoleForUserInDomain() removes a role from a user within a domain. Returns false if the user does not have the role (no changes made).

Par exemple :

ok, err := e.DeleteRoleForUserInDomain("alice", "admin", "domain1")

DeleteRolesForUserInDomain()

DeleteRolesForUserInDomain() removes all roles from a user within a domain. Returns false if the user has no roles (no changes made).

Par exemple :

ok, err := e.DeleteRolesForUserInDomain("alice", "domain1")

GetAllUsersByDomain()

GetAllUsersByDomain() retrieves all users associated with the specified domain. Returns an empty string array if no domain is defined in the model.

Par exemple :

res := e.GetAllUsersByDomain("domain1")

DeleteAllUsersByDomain()

DeleteAllUsersByDomain() removes all users associated with the specified domain. Returns false if no domain is defined in the model.

Par exemple :

ok, err := e.DeleteAllUsersByDomain("domain1")

DeleteDomains()

DeleteDomains() removes all associated users and roles for the specified domains. If no parameters are provided, all domains are deleted.

Par exemple :

ok, err := e.DeleteDomains("domain1", "domain2")

GetAllDomains()

GetAllDomains() retrieves all domains.

Par exemple :

res, _ := e.GetAllDomains()
note

When handling domain names that contain ::, unexpected behavior may occur. In Casbin, :: is a reserved keyword, similar to for or if in programming languages. Never use :: within a domain name.

GetAllRolesByDomain()

GetAllRolesByDomain() retrieves all roles associated with the specified domain.

Par exemple :

res := e.GetAllRolesByDomain("domain1")
note

Cette méthode ne s'applique pas aux domaines qui ont une relation d'héritage, également connus sous le nom de rôles implicites.

GetImplicitUsersForResourceByDomain()

GetImplicitUsersForResourceByDomain() returns implicit users based on resource and domain.

Par exemple :

p, admin, domain1, data1, read
p, admin, domain1, data1, write
p, admin, domain2, data2, read
p, admin, domain2, data2, write
g, alice, admin, domain1
g, bob, admin, domain2

GetImplicitUsersForResourceByDomain("data1", "domain1") renverra ["alice", "domain1", "data1", "read"],["alice", "domain1", "data1", "write"]], nil

ImplicitUsers, err := e.GetImplicitUsersForResourceByDomain("data1", "domain1")
note

Seuls les utilisateurs seront renvoyés, les rôles (2ème argument dans "g") seront exclus.