RBAC with Domains API

This simplified API is designed for RBAC with domains. It is a subset of the Management API, making it easier for RBAC users to work with domain-based policies.

Tài liệu tham khảo

Biến toàn cục e đại diện cho thể hiện Enforcer.

e, err := NewEnforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv")

const e = await newEnforcer('examples/rbac_with_domains_model.conf', 'examples/rbac_with_domains_policy.csv')

$e = new Enforcer('examples/rbac_with_domains_model.conf', 'examples/rbac_with_domains_policy.csv');

e = casbin.Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv")

var e = new Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv");

let mut e = Enforcer::new("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv").await?;

Enforcer e = new Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv");

`GetUsersForRoleInDomain()`

GetUsersForRoleInDomain() retrieves all users assigned to a specific role within a domain.

Ví dụ:

res := e.GetUsersForRoleInDomain("admin", "domain1")

const res = e.getUsersForRoleInDomain("admin", "domain1")

res = e.get_users_for_role_in_domain("admin", "domain1")

`GetRolesForUserInDomain()`

GetRolesForUserInDomain() retrieves all roles assigned to a user within a domain.

Ví dụ:

res := e.GetRolesForUserInDomain("admin", "domain1")

const res = e.getRolesForUserInDomain("alice", "domain1")

res = e.get_roles_for_user_in_domain("alice", "domain1")

List<String> res = e.getRolesForUserInDomain("admin", "domain1");

`GetPermissionsForUserInDomain()`

GetPermissionsForUserInDomain() retrieves all permissions for a user or role within a domain.

Ví dụ:

res := e.GetPermissionsForUserInDomain("alice", "domain1")

List<List<String>> res = e.getPermissionsForUserInDomain("alice", "domain1");

`AddRoleForUserInDomain()`

AddRoleForUserInDomain() assigns a role to a user within a domain. Returns false if the user already has the role (no changes made).

Ví dụ:

ok, err := e.AddRoleForUserInDomain("alice", "admin", "domain1")

ok = e.add_role_for_user_in_domain("alice", "admin", "domain1")

boolean ok = e.addRoleForUserInDomain("alice", "admin", "domain1");

`DeleteRoleForUserInDomain()`

DeleteRoleForUserInDomain() removes a role from a user within a domain. Returns false if the user does not have the role (no changes made).

Ví dụ:

ok, err := e.DeleteRoleForUserInDomain("alice", "admin", "domain1")

boolean ok = e.deleteRoleForUserInDomain("alice", "admin", "domain1");

`DeleteRolesForUserInDomain()`

DeleteRolesForUserInDomain() removes all roles from a user within a domain. Returns false if the user has no roles (no changes made).

Ví dụ:

ok, err := e.DeleteRolesForUserInDomain("alice", "domain1")

`GetAllUsersByDomain()`

GetAllUsersByDomain() retrieves all users associated with the specified domain. Returns an empty string array if no domain is defined in the model.

Ví dụ:

res := e.GetAllUsersByDomain("domain1")

`DeleteAllUsersByDomain()`

DeleteAllUsersByDomain() removes all users associated with the specified domain. Returns false if no domain is defined in the model.

Ví dụ:

ok, err := e.DeleteAllUsersByDomain("domain1")

`DeleteDomains()`

DeleteDomains() removes all associated users and roles for the specified domains. If no parameters are provided, all domains are deleted.

Ví dụ:

ok, err := e.DeleteDomains("domain1", "domain2")

`GetAllDomains()`

GetAllDomains() retrieves all domains.

Ví dụ:

res, _ := e.GetAllDomains()

ghi chú

When handling domain names that contain ::, unexpected behavior may occur. In Casbin, :: is a reserved keyword, similar to for or if in programming languages. Never use :: within a domain name.

`GetAllRolesByDomain()`

GetAllRolesByDomain() retrieves all roles associated with the specified domain.

Ví dụ:

res := e.GetAllRolesByDomain("domain1")

ghi chú

Phương pháp này không áp dụng cho các miền có mối quan hệ kế thừa, còn được gọi là vai trò ngầm định.

`GetImplicitUsersForResourceByDomain()`

GetImplicitUsersForResourceByDomain() returns implicit users based on resource and domain.

Ví dụ:

p, admin, domain1, data1, read
p, admin, domain1, data1, write
p, admin, domain2, data2, read
p, admin, domain2, data2, write
g, alice, admin, domain1
g, bob, admin, domain2

GetImplicitUsersForResourceByDomain("data1", "domain1") sẽ trả về [["alice", "domain1", "data1", "read"],["alice", "domain1", "data1", "write"]], nil

ImplicitUsers, err := e.GetImplicitUsersForResourceByDomain("data1", "domain1")

ghi chú

Chỉ người dùng sẽ được trả về, vai trò (đối số thứ 2 trong "g") sẽ bị loại trừ.

Tài liệu tham khảo​

GetUsersForRoleInDomain()​

GetRolesForUserInDomain()​

GetPermissionsForUserInDomain()​

AddRoleForUserInDomain()​

DeleteRoleForUserInDomain()​

DeleteRolesForUserInDomain()​

GetAllUsersByDomain()​

DeleteAllUsersByDomain()​

DeleteDomains()​

GetAllDomains()​

GetAllRolesByDomain()​

GetImplicitUsersForResourceByDomain()​

Tài liệu tham khảo

`GetUsersForRoleInDomain()`

`GetRolesForUserInDomain()`

`GetPermissionsForUserInDomain()`

`AddRoleForUserInDomain()`

`DeleteRoleForUserInDomain()`

`DeleteRolesForUserInDomain()`

`GetAllUsersByDomain()`

`DeleteAllUsersByDomain()`

`DeleteDomains()`

`GetAllDomains()`

`GetAllRolesByDomain()`

`GetImplicitUsersForResourceByDomain()`