Vai al contenuto principale

RBAC with Domains API

This simplified API is designed for RBAC with domains. It is a subset of the Management API, making it easier for RBAC users to work with domain-based policies.

Riferimento

La variabile globale e rappresenta l'istanza Enforcer.

e, err := NewEnforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv")

GetUsersForRoleInDomain()

GetUsersForRoleInDomain() retrieves all users assigned to a specific role within a domain.

Ad esempio:

res := e.GetUsersForRoleInDomain("admin", "domain1")

GetRolesForUserInDomain()

GetRolesForUserInDomain() retrieves all roles assigned to a user within a domain.

Ad esempio:

res := e.GetRolesForUserInDomain("admin", "domain1")

GetPermissionsForUserInDomain()

GetPermissionsForUserInDomain() retrieves all permissions for a user or role within a domain.

Ad esempio:

res := e.GetPermissionsForUserInDomain("alice", "domain1")

AddRoleForUserInDomain()

AddRoleForUserInDomain() assigns a role to a user within a domain. Returns false if the user already has the role (no changes made).

Per esempio:

ok, err := e.AddRoleForUserInDomain("alice", "admin", "domain1")

DeleteRoleForUserInDomain()

DeleteRoleForUserInDomain() removes a role from a user within a domain. Returns false if the user does not have the role (no changes made).

Per esempio:

ok, err := e.DeleteRoleForUserInDomain("alice", "admin", "domain1")

DeleteRolesForUserInDomain()

DeleteRolesForUserInDomain() removes all roles from a user within a domain. Returns false if the user has no roles (no changes made).

Per esempio:

ok, err := e.DeleteRolesForUserInDomain("alice", "domain1")

GetAllUsersByDomain()

GetAllUsersByDomain() retrieves all users associated with the specified domain. Returns an empty string array if no domain is defined in the model.

Ad esempio:

res := e.GetAllUsersByDomain("domain1")

DeleteAllUsersByDomain()

DeleteAllUsersByDomain() removes all users associated with the specified domain. Returns false if no domain is defined in the model.

Ad esempio:

ok, err := e.DeleteAllUsersByDomain("domain1")

DeleteDomains()

DeleteDomains() removes all associated users and roles for the specified domains. If no parameters are provided, all domains are deleted.

Ad esempio:

ok, err := e.DeleteDomains("domain1", "domain2")

GetAllDomains()

GetAllDomains() retrieves all domains.

Ad esempio:

res, _ := e.GetAllDomains()
nota

When handling domain names that contain ::, unexpected behavior may occur. In Casbin, :: is a reserved keyword, similar to for or if in programming languages. Never use :: within a domain name.

GetAllRolesByDomain()

GetAllRolesByDomain() retrieves all roles associated with the specified domain.

Ad esempio:

res := e.GetAllRolesByDomain("domain1")
nota

Questo metodo non si applica ai domini che hanno una relazione di ereditarietà, nota anche come ruoli impliciti.

GetImplicitUsersForResourceByDomain()

GetImplicitUsersForResourceByDomain() returns implicit users based on resource and domain.

Ad esempio:

p, admin, domain1, data1, read
p, admin, domain1, data1, write
p, admin, domain2, data2, read
p, admin, domain2, data2, write
g, alice, admin, domain1
g, bob, admin, domain2

GetImplicitUsersForResourceByDomain("data1", "domain1") restituirà [["alice", "domain1", "data1", "read"],["alice", "domain1", "data1", "write"]], nil

ImplicitUsers, err := e.GetImplicitUsersForResourceByDomain("data1", "domain1")
nota

Saranno restituiti solo gli utenti, i ruoli (2° argomento in "g") saranno esclusi.