RBAC with Domains API

This simplified API is designed for RBAC with domains. It is a subset of the Management API, making it easier for RBAC users to work with domain-based policies.

อ้างอิง

ตัวแปร global e แทน instance ของ Enforcer

e, err := NewEnforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv")

const e = await newEnforcer('examples/rbac_with_domains_model.conf', 'examples/rbac_with_domains_policy.csv')

$e = new Enforcer('examples/rbac_with_domains_model.conf', 'examples/rbac_with_domains_policy.csv');

e = casbin.Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv")

var e = new Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv");

let mut e = Enforcer::new("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv").await?;

Enforcer e = new Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv");

`GetUsersForRoleInDomain()`

GetUsersForRoleInDomain() retrieves all users assigned to a specific role within a domain.

ตัวอย่าง:

res := e.GetUsersForRoleInDomain("admin", "domain1")

const res = e.getUsersForRoleInDomain("admin", "domain1")

res = e.get_users_for_role_in_domain("admin", "domain1")

`GetRolesForUserInDomain()`

GetRolesForUserInDomain() retrieves all roles assigned to a user within a domain.

ตัวอย่าง:

res := e.GetRolesForUserInDomain("admin", "domain1")

const res = e.getRolesForUserInDomain("alice", "domain1")

res = e.get_roles_for_user_in_domain("alice", "domain1")

List<String> res = e.getRolesForUserInDomain("admin", "domain1");

`GetPermissionsForUserInDomain()`

GetPermissionsForUserInDomain() retrieves all permissions for a user or role within a domain.

ตัวอย่าง:

res := e.GetPermissionsForUserInDomain("alice", "domain1")

List<List<String>> res = e.getPermissionsForUserInDomain("alice", "domain1");

`AddRoleForUserInDomain()`

AddRoleForUserInDomain() assigns a role to a user within a domain. Returns false if the user already has the role (no changes made).

ตัวอย่าง:

ok, err := e.AddRoleForUserInDomain("alice", "admin", "domain1")

ok = e.add_role_for_user_in_domain("alice", "admin", "domain1")

boolean ok = e.addRoleForUserInDomain("alice", "admin", "domain1");

`DeleteRoleForUserInDomain()`

DeleteRoleForUserInDomain() removes a role from a user within a domain. Returns false if the user does not have the role (no changes made).

ตัวอย่าง:

ok, err := e.DeleteRoleForUserInDomain("alice", "admin", "domain1")

boolean ok = e.deleteRoleForUserInDomain("alice", "admin", "domain1");

`DeleteRolesForUserInDomain()`

DeleteRolesForUserInDomain() removes all roles from a user within a domain. Returns false if the user has no roles (no changes made).

ตัวอย่าง:

ok, err := e.DeleteRolesForUserInDomain("alice", "domain1")

`GetAllUsersByDomain()`

GetAllUsersByDomain() retrieves all users associated with the specified domain. Returns an empty string array if no domain is defined in the model.

ตัวอย่าง:

res := e.GetAllUsersByDomain("domain1")

`DeleteAllUsersByDomain()`

DeleteAllUsersByDomain() removes all users associated with the specified domain. Returns false if no domain is defined in the model.

ตัวอย่าง:

ok, err := e.DeleteAllUsersByDomain("domain1")

`DeleteDomains()`

DeleteDomains() removes all associated users and roles for the specified domains. If no parameters are provided, all domains are deleted.

ตัวอย่าง:

ok, err := e.DeleteDomains("domain1", "domain2")

`GetAllDomains()`

GetAllDomains() retrieves all domains.

ตัวอย่าง:

res, _ := e.GetAllDomains()

หมายเหตุ

When handling domain names that contain ::, unexpected behavior may occur. In Casbin, :: is a reserved keyword, similar to for or if in programming languages. Never use :: within a domain name.

`GetAllRolesByDomain()`

GetAllRolesByDomain() retrieves all roles associated with the specified domain.

ตัวอย่าง:

res := e.GetAllRolesByDomain("domain1")

หมายเหตุ

วิธีนี้ไม่ใช้กับโดเมนที่มีความสัมพันธ์แบบสืบทอด หรือที่เรียกว่าบทบาทแบบ implicit

`GetImplicitUsersForResourceByDomain()`

GetImplicitUsersForResourceByDomain() returns implicit users based on resource and domain.

ตัวอย่าง:

p, admin, domain1, data1, read
p, admin, domain1, data1, write
p, admin, domain2, data2, read
p, admin, domain2, data2, write
g, alice, admin, domain1
g, bob, admin, domain2

GetImplicitUsersForResourceByDomain("data1", "domain1") จะคืนค่า ["alice", "domain1", "data1", "read"],["alice", "domain1", "data1", "write"]], nil

ImplicitUsers, err := e.GetImplicitUsersForResourceByDomain("data1", "domain1")

หมายเหตุ

จะคืนค่าเฉพาะผู้ใช้เท่านั้น บทบาท (อาร์กิวเมนต์ที่ 2 ใน "g") จะถูกแยกออก

อ้างอิง​

GetUsersForRoleInDomain()​

GetRolesForUserInDomain()​

GetPermissionsForUserInDomain()​

AddRoleForUserInDomain()​

DeleteRoleForUserInDomain()​

DeleteRolesForUserInDomain()​

GetAllUsersByDomain()​

DeleteAllUsersByDomain()​

DeleteDomains()​

GetAllDomains()​

GetAllRolesByDomain()​

GetImplicitUsersForResourceByDomain()​

อ้างอิง

`GetUsersForRoleInDomain()`

`GetRolesForUserInDomain()`

`GetPermissionsForUserInDomain()`

`AddRoleForUserInDomain()`

`DeleteRoleForUserInDomain()`

`DeleteRolesForUserInDomain()`

`GetAllUsersByDomain()`

`DeleteAllUsersByDomain()`

`DeleteDomains()`

`GetAllDomains()`

`GetAllRolesByDomain()`

`GetImplicitUsersForResourceByDomain()`