Перейти к основному контенту

RBAC with Domains API

This simplified API is designed for RBAC with domains. It is a subset of the Management API, making it easier for RBAC users to work with domain-based policies.

Справка

Глобальная переменная e представляет экземпляр Enforcer.

e, err := NewEnforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv")

GetUsersForRoleInDomain()

GetUsersForRoleInDomain() retrieves all users assigned to a specific role within a domain.

Например:

res := e.GetUsersForRoleInDomain("admin", "domain1")

GetRolesForUserInDomain()

GetRolesForUserInDomain() retrieves all roles assigned to a user within a domain.

Например:

res := e.GetRolesForUserInDomain("admin", "domain1")

GetPermissionsForUserInDomain()

GetPermissionsForUserInDomain() retrieves all permissions for a user or role within a domain.

Например:

res := e.GetPermissionsForUserInDomain("alice", "domain1")

AddRoleForUserInDomain()

AddRoleForUserInDomain() assigns a role to a user within a domain. Returns false if the user already has the role (no changes made).

Например:

ok, err := e.AddRoleForUserInDomain("alice", "admin", "domain1")

DeleteRoleForUserInDomain()

DeleteRoleForUserInDomain() removes a role from a user within a domain. Returns false if the user does not have the role (no changes made).

Например:

ok, err := e.DeleteRoleForUserInDomain("alice", "admin", "domain1")

DeleteRolesForUserInDomain()

DeleteRolesForUserInDomain() removes all roles from a user within a domain. Returns false if the user has no roles (no changes made).

Например:

ok, err := e.DeleteRolesForUserInDomain("alice", "domain1")

GetAllUsersByDomain()

GetAllUsersByDomain() retrieves all users associated with the specified domain. Returns an empty string array if no domain is defined in the model.

Например:

res := e.GetAllUsersByDomain("domain1")

DeleteAllUsersByDomain()

DeleteAllUsersByDomain() removes all users associated with the specified domain. Returns false if no domain is defined in the model.

Например:

ok, err := e.DeleteAllUsersByDomain("domain1")

DeleteDomains()

DeleteDomains() removes all associated users and roles for the specified domains. If no parameters are provided, all domains are deleted.

Например:

ok, err := e.DeleteDomains("domain1", "domain2")

GetAllDomains()

GetAllDomains() retrieves all domains.

Например:

res, _ := e.GetAllDomains()
заметка

When handling domain names that contain ::, unexpected behavior may occur. In Casbin, :: is a reserved keyword, similar to for or if in programming languages. Never use :: within a domain name.

GetAllRolesByDomain()

GetAllRolesByDomain() retrieves all roles associated with the specified domain.

Например:

res := e.GetAllRolesByDomain("domain1")
заметка

Этот метод не применяется к доменам, которые имеют отношения наследования, также известные как неявные роли.

GetImplicitUsersForResourceByDomain()

GetImplicitUsersForResourceByDomain() returns implicit users based on resource and domain.

Например:

p, admin, domain1, data1, read
p, admin, domain1, data1, write
p, admin, domain2, data2, read
p, admin, domain2, data2, write
g, alice, admin, domain1
g, bob, admin, domain2

GetImplicitUsersForResourceByDomain("data1", "domain1") вернет ["alice", "domain1", "data1", "read"],["alice", "domain1", "data1", "write"]], nil

ImplicitUsers, err := e.GetImplicitUsersForResourceByDomain("data1", "domain1")
заметка

Будут возвращены только пользователи, роли (2-й аргумент в "g") будут исключены.