RBAC API

API ที่เป็นมิตรกับผู้ใช้สำหรับ RBAC มากขึ้น API นี้เป็นส่วนย่อยของ Management API ผู้ใช้ RBAC สามารถใช้ API นี้เพื่อทำให้โค้ดง่ายขึ้น

อ้างอิง

ตัวแปร global e เป็น instance ของ Enforcer

Go

e, err := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")

Node.js

const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')

PHP

$e = new Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv');

Python

e = casbin.Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")

.NET

var e = new Enforcer("path/to/model.conf", "path/to/policy.csv");

Rust

let mut e = Enforcer::new("examples/rbac_model.conf", "examples/rbac_policy.csv").await?;

Java

Enforcer e = new Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv");

GetRolesForUser()

GetRolesForUser ใช้เพื่อดึงบทบาทที่ผู้ใช้มี

ตัวอย่าง:

Go

res := e.GetRolesForUser("alice")

Node.js

const res = await e.getRolesForUser('alice')

PHP

$res = $e->getRolesForUser("alice");

Python

roles = e.get_roles_for_user("alice")

.NET

var res = e.GetRolesForUser("alice");

Rust

let roles = e.get_roles_for_user("alice", None); // No domain

Java

List<String> res = e.getRolesForUser("alice");

GetUsersForRole()

GetUsersForRole ใช้เพื่อดึงผู้ใช้ที่มีบทบาทนั้นๆ

ตัวอย่าง:

Go

res := e.GetUsersForRole("data1_admin")

Node.js

const res = await e.getUsersForRole('data1_admin')

PHP

$res = $e->getUsersForRole("data1_admin");

Python

users = e.get_users_for_role("data1_admin")

.NET

var res = e.GetUsersForRole("data1_admin");

Rust

let users = e.get_users_for_role("data1_admin", None); // No domain

Java

List<String> res = e.getUsersForRole("data1_admin");

HasRoleForUser()

HasRoleForUser ใช้เพื่อตรวจสอบว่าผู้ใช้มีบทบาทนั้นหรือไม่

ตัวอย่าง:

Go

res := e.HasRoleForUser("alice", "data1_admin")

Node.js

const res = await e.hasRoleForUser('alice', 'data1_admin')

PHP

$res = $e->hasRoleForUser("alice", "data1_admin");

Python

has = e.has_role_for_user("alice", "data1_admin")

.NET

var res = e.HasRoleForUser("alice", "data1_admin");

Rust

let has = e.has_role_for_user("alice", "data1_admin", None); // No domain

Java

boolean res = e.hasRoleForUser("alice", "data1_admin");

AddRoleForUser()

AddRoleForUser ใช้เพื่อเพิ่มบทบาทให้กับผู้ใช้ จะคืนค่า false หากผู้ใช้มีบทบาทนั้นอยู่แล้ว (ไม่มีการเปลี่ยนแปลง)

ตัวอย่าง:

Go

e.AddRoleForUser("alice", "data2_admin")

Node.js

await e.addRoleForUser('alice', 'data2_admin')

PHP

$e->addRoleForUser("alice", "data2_admin");

Python

e.add_role_for_user("alice", "data2_admin")

.NET

var added = e.AddRoleForUser("alice", "data2_admin");
or
var added = await e.AddRoleForUserAsync("alice", "data2_admin");

Rust

let added = e.add_role_for_user("alice", "data2_admin", None).await?; // No domain

Java

boolean added = e.addRoleForUser("alice", "data2_admin");

AddRolesForUser()

AddRolesForUser ใช้เพื่อเพิ่มหลายบทบาทให้กับผู้ใช้ จะคืนค่า false หากผู้ใช้มีบทบาทใดบทบาทหนึ่งอยู่แล้ว (ไม่มีการเปลี่ยนแปลง)

ตัวอย่าง:

Go

var roles = []string{"data2_admin", "data1_admin"}
e.AddRolesForUser("alice", roles)

Node.js

const roles = ["data1_admin", "data2_admin"];
roles.map((role) => e.addRoleForUser("alice", role));

Rust

let roles = vec!["data1_admin".to_owned(), "data2_admin".to_owned()];
let all_added = e.add_roles_for_user("alice", roles, None).await?; // No domain

DeleteRoleForUser()

DeleteRoleForUser ใช้เพื่อลบบทบาทของผู้ใช้ จะคืนค่า false หากผู้ใช้ไม่มีบทบาทนั้น (ไม่มีการเปลี่ยนแปลง)

ตัวอย่าง:

Go

e.DeleteRoleForUser("alice", "data1_admin")

Node.js

await e.deleteRoleForUser('alice', 'data1_admin')

PHP

$e->deleteRoleForUser("alice", "data1_admin");

Python

e.delete_role_for_user("alice", "data1_admin")

.NET

var deleted = e.DeleteRoleForUser("alice", "data1_admin");
or
var deleted = await e.DeleteRoleForUser("alice", "data1_admin");

Rust

let deleted = e.delete_role_for_user("alice", "data1_admin", None).await?; // No domain

Java

boolean deleted = e.deleteRoleForUser("alice", "data1_admin");

DeleteRolesForUser()

DeleteRolesForUser ใช้เพื่อลบบทบาททั้งหมดของผู้ใช้ จะคืนค่า false หากผู้ใช้ไม่มีบทบาทใดๆ (ไม่มีการเปลี่ยนแปลง)

ตัวอย่าง:

Go

e.DeleteRolesForUser("alice")

Node.js

await e.deleteRolesForUser('alice')

PHP

$e->deleteRolesForUser("alice");

Python

e.delete_roles_for_user("alice")

.NET

var deletedAtLeastOne = e.DeleteRolesForUser("alice");
or
var deletedAtLeastOne = await e.DeleteRolesForUserAsync("alice");

Rust

let deleted_at_least_one = e.delete_roles_for_user("alice", None).await?; // No domain

Java

boolean deletedAtLeastOne = e.deleteRolesForUser("alice");

DeleteUser()

DeleteUser ใช้เพื่อลบผู้ใช้ จะคืนค่า false หากผู้ใช้ไม่มีอยู่ (ไม่มีการเปลี่ยนแปลง)

ตัวอย่าง:

Go

e.DeleteUser("alice")

Node.js

await e.deleteUser('alice')

PHP

$e->deleteUser("alice");

Python

e.delete_user("alice")

.NET

var deleted = e.DeleteUser("alice");
or
var deleted = await e.DeleteUserAsync("alice");

Rust

let deleted = e.delete_user("alice").await?;

Java

boolean deleted = e.deleteUser("alice");

DeleteRole()

DeleteRole ใช้เพื่อลบบทบาท

ตัวอย่าง:

Go

e.DeleteRole("data2_admin")

Node.js

await e.deleteRole("data2_admin")

PHP

$e->deleteRole("data2_admin");

Python

e.delete_role("data2_admin")

.NET

var deleted = e.DeleteRole("data2_admin");
or
var deleted = await e.DeleteRoleAsync("data2_admin");

Rust

let deleted = e.delete_role("data2_admin").await?;

Java

e.deleteRole("data2_admin");

DeletePermission()

DeletePermission ใช้เพื่อลบสิทธิ์ จะคืนค่า false หากสิทธิ์นั้นไม่มีอยู่ (ไม่มีการเปลี่ยนแปลง)

ตัวอย่าง:

Go

e.DeletePermission("read")

Node.js

await e.deletePermission('read')

PHP

$e->deletePermission("read");

Python

e.delete_permission("read")

.NET

var deleted = e.DeletePermission("read");
or
var deleted = await e.DeletePermissionAsync("read");

Rust

let deleted = e.delete_permission(vec!["read".to_owned()]).await?;

Java

boolean deleted = e.deletePermission("read");

AddPermissionForUser()

AddPermissionForUser ใช้เพื่อเพิ่มสิทธิ์ให้กับผู้ใช้หรือบทบาท จะคืนค่า false หากผู้ใช้หรือบทบาทมีสิทธิ์นั้นอยู่แล้ว (ไม่มีการเปลี่ยนแปลง)

ตัวอย่าง:

Go

e.AddPermissionForUser("bob", "read")

Node.js

await e.addPermissionForUser('bob', 'read')

PHP

$e->addPermissionForUser("bob", "read");

Python

e.add_permission_for_user("bob", "read")

.NET

var added = e.AddPermissionForUser("bob", "read");
or
var added = await e.AddPermissionForUserAsync("bob", "read");

Rust

let added = e.add_permission_for_user("bob", vec!["read".to_owned()]).await?;

Java

boolean added = e.addPermissionForUser("bob", "read");

AddPermissionsForUser()

AddPermissionsForUser ใช้เพื่อเพิ่มหลายสิทธิ์ให้กับผู้ใช้หรือบทบาท จะคืนค่า false หากผู้ใช้หรือบทบาทมีสิทธิ์ใดสิทธิ์หนึ่งอยู่แล้ว (ไม่มีการเปลี่ยนแปลง)

ตัวอย่าง:

Go

var permissions = [][]string{{"data1", "read"},{"data2","write"}}
for i := 0; i < len(permissions); i++ {
    e.AddPermissionsForUser("alice", permissions[i])
}

Node.js

const permissions = [
    ["data1", "read"],
    ["data2", "write"],
];

permissions.map((permission) => e.addPermissionForUser("bob", ...permission));

Rust

let permissions = vec![
    vec!["data1".to_owned(), "read".to_owned()],
    vec!["data2".to_owned(), "write".to_owned()],
];

let all_added = e.add_permissions_for_user("bob", permissions).await?;

DeletePermissionForUser()

DeletePermissionForUser ใช้เพื่อลบสิทธิ์ของผู้ใช้หรือบทบาท จะคืนค่า false หากผู้ใช้หรือบทบาทไม่มีสิทธิ์นั้น (ไม่มีการเปลี่ยนแปลง)

ตัวอย่าง:

Go

e.DeletePermissionForUser("bob", "read")

Node.js

await e.deletePermissionForUser("bob", "read")

PHP

$e->deletePermissionForUser("bob", "read");

Python

e.delete_permission_for_user("bob", "read")

.NET

var deleted = e.DeletePermissionForUser("bob", "read");
or
var deleted = await e.DeletePermissionForUserAsync("bob", "read");

Rust

let deleted = e.delete_permission_for_user("bob", vec!["read".to_owned()]).await?;

Java

boolean deleted = e.deletePermissionForUser("bob", "read");

DeletePermissionsForUser()

DeletePermissionsForUser ใช้เพื่อลบสิทธิ์ของผู้ใช้หรือบทบาท จะคืนค่า false หากผู้ใช้หรือบทบาทไม่มีสิทธิ์ใดๆ (ไม่มีการเปลี่ยนแปลง)

ตัวอย่าง:

Go

e.DeletePermissionsForUser("bob")

Node.js

await e.deletePermissionsForUser('bob')

PHP

$e->deletePermissionsForUser("bob");

Python

e.delete_permissions_for_user("bob")

.NET

var deletedAtLeastOne = e.DeletePermissionsForUser("bob");
or
var deletedAtLeastOne = await e.DeletePermissionsForUserAsync("bob");

Rust

let deleted_at_least_one = e.delete_permissions_for_user("bob").await?;

Java

boolean deletedAtLeastOne = e.deletePermissionForUser("bob");

GetPermissionsForUser()

GetPermissionsForUser ใช้เพื่อดึงสิทธิ์ของผู้ใช้หรือบทบาท

ตัวอย่าง:

Go

e.GetPermissionsForUser("bob")

Node.js

await e.getPermissionsForUser('bob')

PHP

$e->getPermissionsForUser("bob");

Python

e.get_permissions_for_user("bob")

.NET

var permissions = e.GetPermissionsForUser("bob");

Java

List<List<String>> permissions = e.getPermissionsForUser("bob");

HasPermissionForUser()

HasPermissionForUser ใช้เพื่อตรวจสอบว่าผู้ใช้มีสิทธิ์นั้นหรือไม่

ตัวอย่าง:

Go

e.HasPermissionForUser("alice", []string{"read"})

Node.js

await e.hasPermissionForUser('alice', 'read')

PHP

$e->hasPermissionForUser("alice", []string{"read"});

Python

has = e.has_permission_for_user("alice", "read")

.NET

var has = e.HasPermissionForUser("bob", "read");

Rust

let has = e.has_permission_for_user("alice", vec!["data1".to_owned(), "read".to_owned()]);

Java

boolean has = e.hasPermissionForUser("alice", "read");

GetImplicitRolesForUser()

GetImplicitRolesForUser gets implicit roles that a user has. Compared to GetRolesForUser(), this function retrieves indirect roles besides direct roles.

For example:

g, alice, role:admin  
g, role:admin, role:user  

GetRolesForUser("alice") can only get: ["role:admin"].\ But GetImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].

For example:

Go

e.GetImplicitRolesForUser("alice")

Node.js

await e.getImplicitRolesForUser("alice")

PHP

$e->getImplicitRolesForUser("alice");

Python

e.get_implicit_roles_for_user("alice")

.NET

var implicitRoles = e.GetImplicitRolesForUser("alice");

Rust

e.get_implicit_roles_for_user("alice", None); // No domain

Java

List<String> implicitRoles = e.getImplicitRolesForUser("alice");

GetImplicitUsersForRole()

GetImplicitUsersForRole gets all users inheriting the role. Compared to GetUsersForRole(), this function retrieves indirect users.

For example:

g, alice, role:admin  
g, role:admin, role:user  

GetUsersForRole("role:user") can only get: ["role:admin"].\ But GetImplicitUesrsForRole("role:user") will get: ["role:admin", "alice"].

For example:

Go

users := e.GetImplicitUsersForRole("role:user")

Node.js

const users = e.getImplicitUsersForRole("role:user");

Java

List<String> users = e.getImplicitUsersForRole("role:user");

GetImplicitPermissionsForUser()

GetImplicitPermissionsForUser gets implicit permissions for a user or role.\ Compared to GetPermissionsForUser(), this function retrieves permissions for inherited roles.

For example:

p, admin, data1, read  
p, alice, data2, read  
g, alice, admin 

GetPermissionsForUser("alice") can only get: [["alice", "data2", "read"]].\ But GetImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].

For example:

Go

e.GetImplicitPermissionsForUser("alice")

Node.js

await e.getImplicitPermissionsForUser("alice")

PHP

$e->getImplicitPermissionsForUser("alice");

Python

e.get_implicit_permissions_for_user("alice")

.NET

var implicitPermissions = e.GetImplicitPermissionsForUser("alice");

Rust

e.get_implicit_permissions_for_user("alice", None); // No domain

Java

List<List<String>> implicitPermissions = e.getImplicitPermissionsForUser("alice");

GetNamedImplicitPermissionsForUser()

GetNamedImplicitPermissionsForUser gets implicit permissions for a user or role by named policy Compared to GetImplicitPermissionsForUser(), this function allow you to specify the policy name.

For example:

p, admin, data1, read
p2, admin, create
g, alice, admin

GetImplicitPermissionsForUser("alice") only get: [["admin", "data1", "read"]], whose policy is default "p"

But you can specify the policy as "p2" to get: [["admin", "create"]] by GetNamedImplicitPermissionsForUser("p2","alice")

For example:

Go

e.GetNamedImplicitPermissionsForUser("p2","alice")

Python

e.get_named_implicit_permissions_for_user("p2", "alice")

GetDomainsForUser()

GetDomainsForUser gets all domains which a user has.

For example:

p, admin, domain1, data1, read
p, admin, domain2, data2, read
p, admin, domain2, data2, write
g, alice, admin, domain1
g, alice, admin, domain2

GetDomainsForUser("alice") could get ["domain1", "domain2"]

For example:

Go

result, err := e.GetDomainsForUser("alice")

GetImplicitResourcesForUser()

GetImplicitResourcesForUser returns all policies that should be true for user.

For example:

p, alice, data1, read
p, bob, data2, write
p, data2_admin, data2, read
p, data2_admin, data2, write

g, alice, data2_admin

GetImplicitResourcesForUser("alice") will return [[alice data1 read] [alice data2 read] [alice data2 write]]

Go

resources, err := e.GetImplicitResourcesForUser("alice")

GetImplicitUsersForPermission()

GetImplicitUsersForPermission gets implicit users for a permission.

For example:

p, admin, data1, read
p, bob, data1, read
g, alice, admin

GetImplicitUsersForPermission("data1", "read") will return: ["alice", "bob"].

Note: only users will be returned, roles (2nd arg in "g") will be excluded.

Go

users, err := e.GetImplicitUsersForPermission("data1", "read")

GetAllowedObjectConditions()

GetAllowedObjectConditions returns a string array of object conditions that the user can access.

For example:

p, alice, r.obj.price < 25, read
p, admin, r.obj.category_id = 2, read
p, bob, r.obj.author = bob, write

g, alice, admin

e.GetAllowedObjectConditions("alice", "read", "r.obj.") will return ["price < 25", "category_id = 2"], nil

Note:

0. prefix: You can customize the prefix of the object conditions, and "r.obj." is commonly used as a prefix. After removing the prefix, the remaining part is the condition of the object. If there is an obj policy that does not meet the prefix requirement, an errors.ERR_OBJ_CONDITION will be returned.

1. If the 'objectConditions' array is empty, return errors.ERR_EMPTY_CONDITION This error is returned because some data adapters' ORM return full table data by default when they receive an empty condition, which tends to behave contrary to expectations.(e.g. GORM) If you are using an adapter that does not behave like this, you can choose to ignore this error.

Go

conditions, err := e.GetAllowedObjectConditions("alice", "read", "r.obj.")

GetImplicitUsersForResource()

GetImplicitUsersForResource return implicit user based on resource.

For example:

p, alice, data1, read
p, bob, data2, write
p, data2_admin, data2, read
p, data2_admin, data2, write
g, alice, data2_admin

GetImplicitUsersForResource("data2") will return [["bob", "data2", "write"], ["alice", "data2", "read"] ["alice", "data2", "write"]], nil.

GetImplicitUsersForResource("data1") will return [["alice", "data1", "read"]], nil.

Go

ImplicitUsers, err := e.GetImplicitUsersForResource("data2")

หมายเหตุ

Only users will be returned, roles (2nd arg in "g") will be excluded.