Management API
The Management API provides comprehensive support for Casbin policy management operations.
Filtered API
Filtered API methods share a common parameter signature: (fieldIndex int, fieldValues ...string). The fieldIndex parameter specifies the starting index for matching, while fieldValues contains the expected values. Empty strings in fieldValues act as wildcards, matching any value.
Пример:
p, alice, book, read
p, bob, book, read
p, bob, book, write
p, alice, pen, get
p, bob, pen ,get
e.GetFilteredPolicy(1, "book") // returns: [["alice", "book", "read"], ["bob", "book", "read"], ["bob", "book", "write"]]
e.GetFilteredPolicy(1, "book", "read") // returns: [["alice", "book", "read"], ["bob", "book", "read"]]
e.GetFilteredPolicy(0, "alice", "", "read") // returns: [[alice book read]]
e.GetFilteredPolicy(0, "alice") // returns: [["alice", "book", "read"], ["alice", "pen", "get"]]
API Reference
Throughout this reference, the variable e represents an Enforcer instance.
e, err := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')
$e = new Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv');
e = casbin.Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
var e = new Enforcer("path/to/model.conf", "path/to/policy.csv");
let mut e = Enforce::new("examples/rbac_model.conf", "examples/rbac_policy.csv").await?;
Enforcer e = new Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv");
Enforce()
Enforce решает, может ли "субъект" получить доступ к "объекту" с операцией "действие", входные параметры обычно: (sub, obj, act).
Например:
ok, err := e.Enforce(request)
const ok = await e.enforce(request);
$ok = $e->enforcer($request);
ok = e.enforcer(request)
var ok = e.Enforce(request);
// or async
var ok = await e.EnforceAsync(request);
boolean ok = e.enforce(request);
EnforceWithMatcher()
EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "".
For example:
ok, err := e.EnforceWithMatcher(matcher, request)
$ok = $e->enforceWithMatcher($matcher, $request);
ok = e.enforce_with_matcher(matcher, request)
var ok = e.EnforceWithMatcher(matcher, request);
// or async
var ok = await e.EnforceWithMatcherAsync(matcher, request);
boolean ok = e.enforceWithMatcher(matcher, request);
EnforceEx()
EnforceEx explain enforcement by informing matched rules.
For example:
ok, reason, err := e.EnforceEx(request)
const ok = await e.enforceEx(request);
list($ok, $reason) = $e->enforceEx($request);
var (ok, explain) = e.EnforceEx(request);
// or async
var (ok, explain) = await e.EnforceExAsync(request);
ok, reason = e.enforce_ex(request)
EnforceExWithMatcher()
EnforceExWithMatcher use a custom matcher and explain enforcement by informing matched rules.
Например:
ok, reason, err := e.EnforceExWithMatcher(matcher, request)
var (ok, explain) = e.EnforceExWithMatcher(matcher, request);
// or async
var (ok, explain) = await e.EnforceExWithMatcherAsync(matcher, request);
BatchEnforce()
BatchEnforce enforces each request and returns result in a bool array
For example:
boolArray, err := e.BatchEnforce(requests)
const boolArray = await e.batchEnforce(requests);
var boolArray = e.BatchEnforce(requests);
// or async
var boolArray = await e.BatchEnforceAsync(requests);
List<Boolean> boolArray = e.batchEnforce(requests);
GetAllSubjects()
GetAllSubjects gets the list of subjects that show up in the current policy.
For example:
allSubjects := e.GetAllSubjects()
const allSubjects = await e.getAllSubjects()
$allSubjects = $e->getAllSubjects();
all_subjects = e.get_all_subjects()
var allSubjects = e.GetAllSubjects();
let all_subjects = e.get_all_subjects();
List<String> allSubjects = e.getAllSubjects();
GetAllNamedSubjects()
GetAllNamedSubjects gets the list of subjects that show up in the current named policy.
For example:
allNamedSubjects := e.GetAllNamedSubjects("p")
const allNamedSubjects = await e.getAllNamedSubjects('p')
$allNamedSubjects = $e->getAllNamedSubjects("p");
all_named_subjects = e.get_all_named_subjects("p")
var allNamedSubjects = e.GetAllNamedSubjects("p");
let all_named_subjects = e.get_all_named_subjects("p");
List<String> allNamedSubjects = e.getAllNamedSubjects("p");
GetAllObjects()
GetAllObjects gets the list of objects that show up in the current policy.
For example:
allObjects := e.GetAllObjects()
const allObjects = await e.getAllObjects()
$allObjects = $e->getAllObjects();
all_objects = e.get_all_objects()
var allObjects = e.GetAllObjects();
let all_objects = e.get_all_objects();
List<String> allObjects = e.getAllObjects();
GetAllNamedObjects()
GetAllNamedObjects gets the list of objects that show up in the current named policy.
For example:
allNamedObjects := e.GetAllNamedObjects("p")
const allNamedObjects = await e.getAllNamedObjects('p')
$allNamedObjects = $e->getAllNamedObjects("p");
all_named_objects = e.get_all_named_objects("p")
var allNamedObjects = e.GetAllNamedObjects("p");
let all_named_objects = e.get_all_named_objects("p");
List<String> allNamedObjects = e.getAllNamedObjects("p");
GetAllActions()
GetAllActions gets the list of actions that show up in the current policy.
For example:
allActions := e.GetAllActions()
const allActions = await e.getAllActions()
$allActions = $e->getAllActions();
all_actions = e.get_all_actions()
var allActions = e.GetAllActions();
let all_actions = e.get_all_actions();
List<String> allActions = e.getAllActions();
GetAllNamedActions()
GetAllNamedActions gets the list of actions that show up in the current named policy.
For example:
allNamedActions := e.GetAllNamedActions("p")
const allNamedActions = await e.getAllNamedActions('p')
$allNamedActions = $e->getAllNamedActions("p");
all_named_actions = e.get_all_named_actions("p")
var allNamedActions = e.GetAllNamedActions("p");
let all_named_actions = e.get_all_named_actions("p");
List<String> allNamedActions = e.getAllNamedActions("p");
GetAllRoles()
GetAllRoles gets the list of roles that show up in the current policy.
For example:
allRoles = e.GetAllRoles()
const allRoles = await e.getAllRoles()
$allRoles = $e->getAllRoles();
all_roles = e.get_all_roles()
var allRoles = e.GetAllRoles();
let all_roles = e.get_all_roles();
List<String> allRoles = e.getAllRoles();
GetAllNamedRoles()
GetAllNamedRoles gets the list of roles that show up in the current named policy.
For example:
allNamedRoles := e.GetAllNamedRoles("g")
const allNamedRoles = await e.getAllNamedRoles('g')
$allNamedRoles = $e->getAllNamedRoles('g');
all_named_roles = e.get_all_named_roles("g")
var allNamedRoles = e.GetAllNamedRoles("g");
let all_named_roles = e.get_all_named_roles("g");
List<String> allNamedRoles = e.getAllNamedRoles("g");
GetPolicy()
GetPolicy gets all the authorization rules in the policy.
For example:
policy = e.GetPolicy()
const policy = await e.getPolicy()
$policy = $e->getPolicy();
policy = e.get_policy()
var policy = e.GetPolicy();
let policy = e.get_policy();
List<List<String>> policy = e.getPolicy();
GetFilteredPolicy()
GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.
For example:
filteredPolicy := e.GetFilteredPolicy(0, "alice")
const filteredPolicy = await e.getFilteredPolicy(0, 'alice')
$filteredPolicy = $e->getFilteredPolicy(0, "alice");
filtered_policy = e.get_filtered_policy(0, "alice")
var filteredPolicy = e.GetFilteredPolicy(0, "alice");
let filtered_policy = e.get_filtered_policy(0, vec!["alice".to_owned()]);
List<List<String>> filteredPolicy = e.getFilteredPolicy(0, "alice");
GetNamedPolicy()
GetNamedPolicy gets all the authorization rules in the named policy.
For example:
namedPolicy := e.GetNamedPolicy("p")
const namedPolicy = await e.getNamedPolicy('p')
$namedPolicy = $e->getNamedPolicy("p");
named_policy = e.get_named_policy("p")
var namedPolicy = e.GetNamedPolicy("p");
let named_policy = e.get_named_policy("p");
List<List<String>> namedPolicy = e.getNamedPolicy("p");
GetFilteredNamedPolicy()
GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.
For example:
filteredNamedPolicy = e.GetFilteredNamedPolicy("p", 0, "bob")
const filteredNamedPolicy = await e.getFilteredNamedPolicy('p', 0, 'bob')
$filteredNamedPolicy = $e->getFilteredNamedPolicy("p", 0, "bob");
filtered_named_policy = e.get_filtered_named_policy("p", 0, "alice")
var filteredNamedPolicy = e.GetFilteredNamedPolicy("p", 0, "alice");
let filtered_named_policy = e.get_filtered_named_policy("p", 0, vec!["bob".to_owned()]);
List<List<String>> filteredNamedPolicy = e.getFilteredNamedPolicy("p", 0, "bob");
GetGroupingPolicy()
GetGroupingPolicy gets all the role inheritance rules in the policy.
For example:
groupingPolicy := e.GetGroupingPolicy()
const groupingPolicy = await e.getGroupingPolicy()
$groupingPolicy = $e->getGroupingPolicy();
grouping_policy = e.get_grouping_policy()
var groupingPolicy = e.GetGroupingPolicy();
let grouping_policy = e.get_grouping_policy();
List<List<String>> groupingPolicy = e.getGroupingPolicy();
GetFilteredGroupingPolicy()
GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
For example:
filteredGroupingPolicy := e.GetFilteredGroupingPolicy(0, "alice")
const filteredGroupingPolicy = await e.getFilteredGroupingPolicy(0, 'alice')
$filteredGroupingPolicy = $e->getFilteredGroupingPolicy(0, "alice");
filtered_grouping_policy = e.get_filtered_grouping_policy(0, "alice")
var filteredGroupingPolicy = e.GetFilteredGroupingPolicy(0, "alice");
let filtered_grouping_policy = e.get_filtered_grouping_policy(0, vec!["alice".to_owned()]);
List<List<String>> filteredGroupingPolicy = e.getFilteredGroupingPolicy(0, "alice");
GetNamedGroupingPolicy()
GetNamedGroupingPolicy gets all the role inheritance rules in the policy.
For example:
namedGroupingPolicy := e.GetNamedGroupingPolicy("g")
const namedGroupingPolicy = await e.getNamedGroupingPolicy('g')
$namedGroupingPolicy = $e->getNamedGroupingPolicy("g");
named_grouping_policy = e.get_named_grouping_policy("g")
var namedGroupingPolicy = e.GetNamedGroupingPolicy("g");
let named_grouping_policy = e.get_named_grouping_policy("g");
List<List<String>> namedGroupingPolicy = e.getNamedGroupingPolicy("g");
GetFilteredNamedGroupingPolicy()
GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy.
For example:
namedGroupingPolicy := e.GetFilteredNamedGroupingPolicy("g", 0, "alice")
const namedGroupingPolicy = await e.getFilteredNamedGroupingPolicy('g', 0, 'alice')
$namedGroupingPolicy = $e->getFilteredNamedGroupingPolicy("g", 0, "alice");
named_grouping_policy = e.get_filtered_named_grouping_policy("g", 0, "alice")
var namedGroupingPolicy = e.GetFilteredNamedGroupingPolicy("g", 0, "alice");
let named_grouping_policy = e.get_filtered_named_groupingPolicy("g", 0, vec!["alice".to_owned()]);
List<List<String>> filteredNamedGroupingPolicy = e.getFilteredNamedGroupingPolicy("g", 0, "alice");
HasPolicy()
HasPolicy determines whether an authorization rule exists.
For example:
hasPolicy := e.HasPolicy("data2_admin", "data2", "read")
const hasPolicy = await e.hasPolicy('data2_admin', 'data2', 'read')
$hasPolicy = $e->hasPolicy('data2_admin', 'data2', 'read');
has_policy = e.has_policy("data2_admin", "data2", "read")
var hasPolicy = e.HasPolicy("data2_admin", "data2", "read");
let has_policy = e.has_policy(vec!["data2_admin".to_owned(), "data2".to_owned(), "read".to_owned()]);
boolean hasPolicy = e.hasPolicy("data2_admin", "data2", "read");
HasNamedPolicy()
HasNamedPolicy determines whether a named authorization rule exists.
For example:
hasNamedPolicy := e.HasNamedPolicy("p", "data2_admin", "data2", "read")
const hasNamedPolicy = await e.hasNamedPolicy('p', 'data2_admin', 'data2', 'read')
$hasNamedPolicy = $e->hasNamedPolicy("p", "data2_admin", "data2", "read");
has_named_policy = e.has_named_policy("p", "data2_admin", "data2", "read")
var hasNamedPolicy = e.HasNamedPolicy("p", "data2_admin", "data2", "read");
let has_named_policy = e.has_named_policy("p", vec!["data2_admin".to_owned(), "data2".to_owned(), "read".to_owned()]);
boolean hasNamedPolicy = e.hasNamedPolicy("p", "data2_admin", "data2", "read");
AddPolicy()
AddPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
added := e.AddPolicy('eve', 'data3', 'read')
const p = ['eve', 'data3', 'read']
const added = await e.addPolicy(...p)
$added = $e->addPolicy('eve', 'data3', 'read');
added = e.add_policy("eve", "data3", "read")
var added = e.AddPolicy("eve", "data3", "read");
or
var added = await e.AddPolicyAsync("eve", "data3", "read");
let added = e.add_policy(vec!["eve".to_owned(), "data3".to_owned(), "read".to_owned()]);
boolean added = e.addPolicy("eve", "data3", "read");
AddPolicies()
AddPolicies adds authorization rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddPolicies(rules)
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesAdded = await e.addPolicies(rules);
rules = [
["jack", "data4", "read"],
["katy", "data4", "write"],
["leyo", "data4", "read"],
["ham", "data4", "write"]
]
are_rules_added = e.add_policies(rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_added = e.add_policies(rules).await?
String[][] rules = {
{"jack", "data4", "read"},
{"katy", "data4", "write"},
{"leyo", "data4", "read"},
{"ham", "data4", "write"},
};
boolean areRulesAdded = e.addPolicies(rules);
AddPoliciesEx()
AddPoliciesEx adds authorization rules to the current policy. If the rule already exists, the rule will not be added. But unlike AddPolicies, other non-existent rules are added instead of returning false directly
For example:
ok, err := e.AddPoliciesEx([][]string{{"user1", "data1", "read"}, {"user2", "data2", "read"}})
AddNamedPolicy()
AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
added := e.AddNamedPolicy("p", "eve", "data3", "read")
const p = ['eve', 'data3', 'read']
const added = await e.addNamedPolicy('p', ...p)
$added = $e->addNamedPolicy("p", "eve", "data3", "read");
added = e.add_named_policy("p", "eve", "data3", "read")
var added = e.AddNamedPolicy("p", "eve", "data3", "read");
or
var added = await e.AddNamedPolicyAsync("p", "eve", "data3", "read");
let added = e.add_named_policy("p", vec!["eve".to_owned(), "data3".to_owned(), "read".to_owned()]).await?;
boolean added = e.addNamedPolicy("p", "eve", "data3", "read");
AddNamedPolicies()
AddNamedPolicies adds authorization rules to the current named policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddNamedPolicies("p", rules)
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesAdded = await e.addNamedPolicies('p', rules);
rules = [
["jack", "data4", "read"],
["katy", "data4", "write"],
["leyo", "data4", "read"],
["ham", "data4", "write"]
]
are_rules_added = e.add_named_policies("p", rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_added := e.add_named_policies("p", rules).await?;
List<List<String>> rules = Arrays.asList(
Arrays.asList("jack", "data4", "read"),
Arrays.asList("katy", "data4", "write"),
Arrays.asList("leyo", "data4", "read"),
Arrays.asList("ham", "data4", "write")
);
boolean areRulesAdded = e.addNamedPolicies("p", rules);
AddNamedPoliciesEx()
AddNamedPoliciesEx adds authorization rules to the current named policy. If the rule already exists, the rule will not be added. But unlike AddNamedPolicies, other non-existent rules are added instead of returning false directly
For example:
ok, err := e.AddNamedPoliciesEx("p", [][]string{{"user1", "data1", "read"}, {"user2", "data2", "read"}})
SelfAddPoliciesEx()
SelfAddPoliciesEx adds authorization rules to the current named policy with autoNotifyWatcher disabled. If the rule already exists, the rule will not be added. But unlike SelfAddPolicies, other non-existent rules are added instead of returning false directly
For example:
ok, err := e.SelfAddPoliciesEx("p", "p", [][]string{{"user1", "data1", "read"}, {"user2", "data2", "read"}})
RemovePolicy()
RemovePolicy removes an authorization rule from the current policy.
For example:
removed := e.RemovePolicy("alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removePolicy(...p)
$removed = $e->removePolicy("alice", "data1", "read");
removed = e.remove_policy("alice", "data1", "read")
var removed = e.RemovePolicy("alice", "data1", "read");
or
var removed = await e.RemovePolicyAsync("alice", "data1", "read");
let removed = e.remove_policy(vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
boolean removed = e.removePolicy("alice", "data1", "read");
RemovePolicies()
RemovePolicies removes authorization rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemovePolicies(rules)
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesRemoved = await e.removePolicies(rules);
rules = [
["jack", "data4", "read"],
["katy", "data4", "write"],
["leyo", "data4", "read"],
["ham", "data4", "write"]
]
are_rules_removed = e.remove_policies(rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_removed = e.remove_policies(rules).await?;
String[][] rules = {
{"jack", "data4", "read"},
{"katy", "data4", "write"},
{"leyo", "data4", "read"},
{"ham", "data4", "write"},
};
boolean areRulesRemoved = e.removePolicies(rules);
RemoveFilteredPolicy()
RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. RemovePolicy removes an authorization rule from the current policy.
For example:
removed := e.RemoveFilteredPolicy(0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredPolicy(0, ...p)
$removed = $e->removeFilteredPolicy(0, "alice", "data1", "read");
removed = e.remove_filtered_policy(0, "alice", "data1", "read")
var removed = e.RemoveFilteredPolicy("alice", "data1", "read");
or
var removed = await e.RemoveFilteredPolicyAsync("alice", "data1", "read");
let removed = e.remove_filtered_policy(0, vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
boolean removed = e.removeFilteredPolicy(0, "alice", "data1", "read");
RemoveNamedPolicy()
RemoveNamedPolicy removes an authorization rule from the current named policy.
For example:
removed := e.RemoveNamedPolicy("p", "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeNamedPolicy('p', ...p)
$removed = $e->removeNamedPolicy("p", "alice", "data1", "read");
removed = e.remove_named_policy("p", "alice", "data1", "read")
var removed = e.RemoveNamedPolicy("p", "alice", "data1", "read");
or
var removed = await e.RemoveNamedPolicyAsync("p", "alice", "data1", "read");
let removed = e.remove_named_policy("p", vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
boolean removed = e.removeNamedPolicy("p", "alice", "data1", "read");
RemoveNamedPolicies()
RemoveNamedPolicies removes authorization rules from the current named policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
For example:
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemoveNamedPolicies("p", rules)
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesRemoved = await e.removeNamedPolicies('p', rules);
rules = [
["jack", "data4", "read"],
["katy", "data4", "write"],
["leyo", "data4", "read"],
["ham", "data4", "write"]
]
are_rules_removed = e.remove_named_policies("p", rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let areRulesRemoved = e.remove_named_policies("p", rules).await?;
List<List<String>> rules = Arrays.asList(
Arrays.asList("jack", "data4", "read"),
Arrays.asList("katy", "data4", "write"),
Arrays.asList("leyo", "data4", "read"),
Arrays.asList("ham", "data4", "write")
);
boolean areRulesRemoved = e.removeNamedPolicies("p", rules);
RemoveFilteredNamedPolicy()
RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.
For example:
removed := e.RemoveFilteredNamedPolicy("p", 0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredNamedPolicy('p', 0, ...p)
$removed = $e->removeFilteredNamedPolicy("p", 0, "alice", "data1", "read");
removed = e.remove_filtered_named_policy("p", 0, "alice", "data1", "read")
var removed = e.RemoveFilteredNamedPolicy("p", 0, "alice", "data1", "read");
or
var removed = e.RemoveFilteredNamedPolicyAync("p", 0, "alice", "data1", "read");
let removed = e.remove_filtered_named_policy("p", 0, vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
boolean removed = e.removeFilteredNamedPolicy("p", 0, "alice", "data1", "read");
HasGroupingPolicy()
HasGroupingPolicy determines whether a role inheritance rule exists.
For example:
has := e.HasGroupingPolicy("alice", "data2_admin")
const has = await e.hasGroupingPolicy('alice', 'data2_admin')
$has = $e->hasGroupingPolicy("alice", "data2_admin");
has = e.has_grouping_policy("alice", "data2_admin")
var has = e.HasGroupingPolicy("alice", "data2_admin");
let has = e.has_grouping_policy(vec!["alice".to_owned(), "data2_admin".to_owned()]);
boolean has = e.hasGroupingPolicy("alice", "data2_admin");
HasNamedGroupingPolicy()
HasNamedGroupingPolicy determines whether a named role inheritance rule exists.
For example:
has := e.HasNamedGroupingPolicy("g", "alice", "data2_admin")
const has = await e.hasNamedGroupingPolicy('g', 'alice', 'data2_admin')
$has = $e->hasNamedGroupingPolicy("g", "alice", "data2_admin");
has = e.has_named_grouping_policy("g", "alice", "data2_admin")
var has = e.HasNamedGroupingPolicy("g", "alice", "data2_admin");
let has = e.has_named_grouping_policy("g", vec!["alice".to_owned(), "data2_admin".to_owned()]);
boolean has = e.hasNamedGroupingPolicy("g", "alice", "data2_admin");
AddGroupingPolicy()
AddGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
added := e.AddGroupingPolicy("group1", "data2_admin")
const added = await e.addGroupingPolicy('group1', 'data2_admin')
$added = $e->addGroupingPolicy("group1", "data2_admin");
added = e.add_grouping_policy("group1", "data2_admin")
var added = e.AddGroupingPolicy("group1", "data2_admin");
or
var added = await e.AddGroupingPolicyAsync("group1", "data2_admin");
let added = e.add_grouping_policy(vec!["group1".to_owned(), "data2_admin".to_owned()]).await?;
boolean added = e.addGroupingPolicy("group1", "data2_admin");
AddGroupingPolicies()
AddGroupingPolicies adds role inheritance rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all authorization the rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
For example:
rules := [][] string {
[]string {"ham", "data4_admin"},
[]string {"jack", "data5_admin"},
}
areRulesAdded := e.AddGroupingPolicies(rules)
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesAdded = await e.addGroupingPolicies(groupingRules);
rules = [
["ham", "data4_admin"],
["jack", "data5_admin"]
]
are_rules_added = e.add_grouping_policies(rules)
let rules = vec![
vec!["ham".to_owned(), "data4_admin".to_owned()],
vec!["jack".to_owned(), "data5_admin".to_owned()],
];
let areRulesAdded = e.add_grouping_policies(rules).await?;
String[][] groupingRules = {
{"ham", "data4_admin"},
{"jack", "data5_admin"}
};
boolean areRulesAdded = e.addGroupingPolicies(groupingRules);
AddGroupingPoliciesEx()
AddGroupingPoliciesEx adds role inheritance rules to the current policy. If the rule already exists, the rule will not be added. But unlike AddGroupingPolicies, other non-existent rules are added instead of returning false directly
For example:
ok, err := e.AddGroupingPoliciesEx([][]string{{"user1", "member"}, {"user2", "member"}})
AddNamedGroupingPolicy()
AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
added := e.AddNamedGroupingPolicy("g", "group1", "data2_admin")
const added = await e.addNamedGroupingPolicy('g', 'group1', 'data2_admin')
$added = $e->addNamedGroupingPolicy("g", "group1", "data2_admin");
added = e.add_named_grouping_policy("g", "group1", "data2_admin")
var added = e.AddNamedGroupingPolicy("g", "group1", "data2_admin");
or
var added = await e.AddNamedGroupingPolicyAsync("g", "group1", "data2_admin");
let added = e.add_named_grouping_policy("g", vec!["group1".to_owned(), "data2_admin".to_owned()]).await?;
boolean added = e.addNamedGroupingPolicy("g", "group1", "data2_admin");
AddNamedGroupingPolicies()
AddNamedGroupingPolicies adds named role inheritance rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
For example:
rules := [][] string {
[]string {"ham", "data4_admin"},
[]string {"jack", "data5_admin"},
}
areRulesAdded := e.AddNamedGroupingPolicies("g", rules)
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesAdded = await e.addNamedGroupingPolicies('g', groupingRules);
rules = [
["ham", "data4_admin"],
["jack", "data5_admin"]
]
are_rules_added = e.add_named_grouping_policies("g", rules)
let rules = vec![
vec!["ham".to_owned(), "data4_admin".to_owned()],
vec!["jack".to_owned(), "data5_admin".to_owned()],
];
let are_rules_added = e.add_named_grouping_policies("g", rules).await?;
String[][] groupingRules = {
{"ham", "data4_admin"},
{"jack", "data5_admin"}
};
boolean areRulesAdded = e.addNamedGroupingPolicies("g", groupingRules);
AddNamedGroupingPoliciesEx()
AddNamedGroupingPoliciesEx adds named role inheritance rules to the current policy. If the rule already exists, the rule will not be added. But unlike AddNamedGroupingPolicies, other non-existent rules are added instead of returning false directly
For example:
ok, err := e.AddNamedGroupingPoliciesEx("g", [][]string{{"user1", "member"}, {"user2", "member"}})
RemoveGroupingPolicy()
RemoveGroupingPolicy removes a role inheritance rule from the current policy.
For example:
removed := e.RemoveGroupingPolicy("alice", "data2_admin")
const removed = await e.removeGroupingPolicy('alice', 'data2_admin')
$removed = $e->removeGroupingPolicy("alice", "data2_admin");
removed = e.remove_grouping_policy("alice", "data2_admin")
var removed = e.RemoveGroupingPolicy("alice", "data2_admin");
or
var removed = await e.RemoveGroupingPolicyAsync("alice", "data2_admin");
let removed = e.remove_grouping_policy(vec!["alice".to_owned(), "data2_admin".to_owned()]).await?;
boolean removed = e.removeGroupingPolicy("alice", "data2_admin");
RemoveGroupingPolicies()
RemoveGroupingPolicies removes role inheritance rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
For example:
rules := [][] string {
[]string {"ham", "data4_admin"},
[]string {"jack", "data5_admin"},
}
areRulesRemoved := e.RemoveGroupingPolicies(rules)
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesRemoved = await e.removeGroupingPolicies(groupingRules);
let rules = vec![
vec!["ham".to_owned(), "data4_admin".to_owned()],
vec!["jack".to_owned(), "data5_admin".to_owned()],
];
let are_rules_removed = e.remove_grouping_policies(rules).await?;
rules = [
["ham", "data4_admin"],
["jack", "data5_admin"]
]
are_rules_removed = e.remove_grouping_policies(rules)
String[][] groupingRules = {
{"ham", "data4_admin"},
{"jack", "data5_admin"}
};
boolean areRulesRemoved = e.removeGroupingPolicies(groupingRules);
RemoveFilteredGroupingPolicy()
RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.
For example:
removed := e.RemoveFilteredGroupingPolicy(0, "alice")
const removed = await e.removeFilteredGroupingPolicy(0, 'alice')
$removed = $e->removeFilteredGroupingPolicy(0, "alice");
removed = e.remove_filtered_grouping_policy(0, "alice")
var removed = e.RemoveFilteredGroupingPolicy(0, "alice");
or
var removed = await e.RemoveFilteredGroupingPolicyAsync(0, "alice");
let removed = e.remove_filtered_grouping_policy(0, vec!["alice".to_owned()]).await?;
boolean removed = e.removeFilteredGroupingPolicy(0, "alice");
RemoveNamedGroupingPolicy()
RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy.
For example:
removed := e.RemoveNamedGroupingPolicy("g", "alice")
const removed = await e.removeNamedGroupingPolicy('g', 'alice')
$removed = $e->removeNamedGroupingPolicy("g", "alice");
removed = e.remove_named_grouping_policy("g", "alice", "data2_admin")
var removed = e.RemoveNamedGroupingPolicy("g", "alice");
or
var removed = await e.RemoveNamedGroupingPolicyAsync("g", "alice");
let removed = e.remove_named_grouping_policy("g", vec!["alice".to_owned()]).await?;
boolean removed = e.removeNamedGroupingPolicy("g", "alice");
RemoveNamedGroupingPolicies()
RemoveNamedGroupingPolicies removes named role inheritance rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
For example:
rules := [][] string {
[]string {"ham", "data4_admin"},
[]string {"jack", "data5_admin"},
}
areRulesRemoved := e.RemoveNamedGroupingPolicies("g", rules)
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesRemoved = await e.removeNamedGroupingPolicies('g', groupingRules);
rules = [
["ham", "data4_admin"],
["jack", "data5_admin"]
]
are_rules_removed = e.remove_named_grouping_policies("g", rules)
let rules = vec![
vec!["ham".to_owned(), "data4_admin".to_owned()],
vec!["jack".to_owned(), "data5_admin".to_owned()],
];
let are_rules_removed = e.remove_named_grouping_policies("g", rules).await?;
String[][] groupingRules = {
{"ham", "data4_admin"},
{"jack", "data5_admin"}
};
boolean areRulesRemoved = e.removeNamedGroupingPolicies("g", groupingRules);
RemoveFilteredNamedGroupingPolicy()
RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.
For example:
removed := e.RemoveFilteredNamedGroupingPolicy("g", 0, "alice")
const removed = await e.removeFilteredNamedGroupingPolicy('g', 0, 'alice')
$removed = $e->removeFilteredNamedGroupingPolicy("g", 0, "alice");
removed = e.remove_filtered_named_grouping_policy("g", 0, "alice")
var removed = e.RemoveFilteredNamedGroupingPolicy("g", 0, "alice");
or
var removed = await e.RemoveFilteredNamedGroupingPolicyAsync("g", 0, "alice");
let removed = e.remove_filtered_named_groupingPolicy("g", 0, vec!["alice".to_owned()]).await?;
boolean removed = e.removeFilteredNamedGroupingPolicy("g", 0, "alice");
UpdatePolicy()
UpdatePolicy update a old policy to new policy.
For example:
updated, err := e.UpdatePolicy([]string{"eve", "data3", "read"}, []string{"eve", "data3", "write"})
const update = await e.updatePolicy(["eve", "data3", "read"], ["eve", "data3", "write"]);
updated = e.update_policy(["eve", "data3", "read"], ["eve", "data3", "write"])
boolean updated = e.updatePolicy(Arrays.asList("eve", "data3", "read"), Arrays.asList("eve", "data3", "write"));
UpdatePolicies()
UpdatePolicies updates all old policies to new policies.
For example:
updated, err := e.UpdatePolicies([][]string{{"eve", "data3", "read"}, {"jack", "data3", "read"}}, [][]string{{"eve", "data3", "write"}, {"jack", "data3", "write"}})
old_rules = [["eve", "data3", "read"], ["jack", "data3", "read"]]
new_rules = [["eve", "data3", "write"], ["jack", "data3", "write"]]
updated = e.update_policies(old_rules, new_rules)
UpdateNamedPolicy()
UpdateNamedPolicy update a old policy to new policy in the named policy.
For example:
updated, err := e.UpdateNamedPolicy("p", []string{"eve", "data3", "read"}, []string{"eve", "data3", "write"})
const update = await e.updateNamedPolicy('p', ["eve", "data3", "read"], ["eve", "data3", "write"]);
updated = e.update_named_policy("p", ["eve", "data3", "read"], ["eve", "data3", "write"])
boolean updated = e.updateNamedPolicy("p", Arrays.asList("eve", "data3", "read"), Arrays.asList("eve", "data3", "write"));
UpdateNamedPolicies()
UpdateNamedPolicies updates all old policies to new policies in the named policy.
For example:
updated, err := e.UpdateNamedPolicies("p", [][]string{{"eve", "data3", "read"}, {"jack", "data3", "read"}}, [][]string{{"eve", "data3", "write"}, {"jack", "data3", "write"}})
old_rules = [["eve", "data3", "read"], ["jack", "data3", "read"]]
new_rules = [["eve", "data3", "write"], ["jack", "data3", "write"]]
updated = e.update_named_policies("p", old_rules, new_rules)
UpdateFilteredPolicies()
UpdateFilteredPolicies updates all old policies that match the filter to new policies.
For example:
updated, err := e.UpdateFilteredPolicies([][]string{{"eve", "data3", "write"}}, 0, "eve", "data3", "read")
const updated = await e.updateFilteredPolicies([["eve", "data3", "write"]], 0, "eve", "data3", "read");
new_rules = [["eve", "data3", "write"]]
updated = e.update_filtered_policies(new_rules, 0, "eve", "data3", "read")
boolean updated = e.updateFilteredPolicies(Arrays.asList(Arrays.asList("eve", "data3", "write")), 0, "eve", "data3", "read");
AddFunction()
AddFunction adds a customized function.
For example:
func CustomFunction(key1 string, key2 string) bool {
if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" {
return true
} else if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId" {
return true
} else {
return false
}
}
func CustomFunctionWrapper(args ...interface{}) (interface{}, error) {
key1 := args[0].(string)
key2 := args[1].(string)
return bool(CustomFunction(key1, key2)), nil
}
e.AddFunction("keyMatchCustom", CustomFunctionWrapper)
function customFunction(key1, key2){
if(key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource") {
return true
} else if(key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId") {
return true
} else {
return false
}
}
e.addFunction("keyMatchCustom", customFunction);
func customFunction($key1, $key2) {
if ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data/:resource") {
return true;
} elseif ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data2/:id/using/:resId") {
return true;
} else {
return false;
}
}
func customFunctionWrapper(...$args){
$key1 := $args[0];
$key2 := $args[1];
return customFunction($key1, $key2);
}
$e->addFunction("keyMatchCustom", customFunctionWrapper);
def custom_function(key1, key2):
return ((key1 == "/alice_data2/myid/using/res_id" and key2 == "/alice_data/:resource") or (key1 == "/alice_data2/myid/using/res_id" and key2 == "/alice_data2/:id/using/:resId"))
e.add_function("keyMatchCustom", custom_function)
fn custom_function(key1: STring, key2: String) {
key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" || key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId"
}
e.add_function("keyMatchCustom", custom_function);
public static class CustomFunc extends CustomFunction {
@Override
public AviatorObject call(Map<String, Object> env, AviatorObject arg1, AviatorObject arg2) {
String key1 = FunctionUtils.getStringValue(arg1, env);
String key2 = FunctionUtils.getStringValue(arg2, env);
if (key1.equals("/alice_data2/myid/using/res_id") && key2.equals("/alice_data/:resource")) {
return AviatorBoolean.valueOf(true);
} else if (key1.equals("/alice_data2/myid/using/res_id") && key2.equals("/alice_data2/:id/using/:resId")) {
return AviatorBoolean.valueOf(true);
} else {
return AviatorBoolean.valueOf(false);
}
}
@Override
public String getName() {
return "keyMatchCustom";
}
}
FunctionTest.CustomFunc customFunc = new FunctionTest.CustomFunc();
e.addFunction(customFunc.getName(), customFunc);
LoadFilteredPolicy()
LoadFilteredPolicy loads filtered policies from file/database.
For example:
err := e.LoadFilteredPolicy()
const ok = await e.loadFilteredPolicy();
class Filter:
P = []
G = []
adapter = casbin.persist.adapters.FilteredAdapter("rbac_with_domains_policy.csv")
e = casbin.Enforcer("rbac_with_domains_model.conf", adapter)
filter = Filter()
filter.P = ["", "domain1"]
filter.G = ["", "", "domain1"]
e.load_filtered_policy(filter)
e.loadFilteredPolicy(new String[] { "", "domain1" });
LoadIncrementalFilteredPolicy()
LoadIncrementalFilteredPolicy append a filtered policy from file/database.
For example:
err := e.LoadIncrementalFilteredPolicy()
const ok = await e.loadIncrementalFilteredPolicy();
adapter = casbin.persist.adapters.FilteredAdapter("rbac_with_domains_policy.csv")
e = casbin.Enforcer("rbac_with_domains_model.conf", adapter)
filter = Filter()
filter.P = ["", "domain1"]
filter.G = ["", "", "domain1"]
e.load_increment_filtered_policy(filter)
UpdateGroupingPolicy()
UpdateGroupingPolicy updates oldRule to newRulein g section
For example:
succeed, err : = e.UpdateGroupingPolicy([]string{"data3_admin", "data4_admin"}, []string{"admin", "data4_admin"})
boolean succeed = e.updateGroupingPolicy(Arrays.asList("data3_admin", "data4_admin"), Arrays.asList("admin", "data4_admin"));
UpdateNamedGroupingPolicy()
UpdateNamedGroupingPolicy updates oldRule named ptype to newRulein g section
For example:
succeed, err : = e.UpdateGroupingPolicy("g1",[]string{"data3_admin", "data4_admin"}, []string{"admin", "data4_admin"})
boolean succeed = e.updateNamedGroupingPolicy("g1", Arrays.asList("data3_admin", "data4_admin"), Arrays.asList("admin", "data4_admin"));
SetFieldIndex()
SetFieldIndex suport customization of conventional name and position of sub, obj, domain and priority.
[policy_definition]
p = customized_priority, obj, act, eft, subject
For example:
e.SetFieldIndex("p", constant.PriorityIndex, 0)
e.SetFieldIndex("p", constant.SubjectIndex, 4)