开始使用

安装

Go

go get github.com/casbin/casbin/v2

Java

对于Maven：

<!-- https://mvnrepository.com/artifact/org.casbin/jcasbin -->
<dependency>
    <groupId>org.casbin</groupId>
    <artifactId>jcasbin</artifactId>
    <version>1.x.y</version>
</dependency>

Node.js

# NPM
npm install casbin --save

# Yarn
yarn add casbin

PHP

Require this package in the composer.json of your project to download the package:

composer require casbin/casbin

Python

pip install casbin

.NET

dotnet add package Casbin.NET

C++

# Download source
git clone https://github.com/casbin/casbin-cpp.git

# Generate project files
cd casbin-cpp && mkdir build && cd build && cmake .. -DCMAKE_BUILD_TYPE=Release

# Build and install casbin
cmake --build . --config Release --target casbin install -j 10

Rust

cargo install cargo-edit
cargo add casbin

// If you use async-std as async executor
cargo add async-std

// If you use tokio as async executor, make sure you activate its `macros` feature
cargo add tokio

Delphi

Casbins4D 以包的形式提供（目前为 Delphi 10.3 Rio），您可以在 IDE 中安装它。 然而，没有可视化组件，意味着你可以在包外独立使用这些 unit。 只需在你的项目中导入 unit 即可（如果你不介意它们的数量）。

Lua

luarocks install casbin  

If you receive an error message: "Your user does not have write permissions in /usr/local/lib/luarocks/rocks", you may want to run the command as a privileged user or use your local tree with --local. To fix the error, you can add --local behind your command like this:

luarocks install casbin --local

新建一个Casbin enforcer

Casbin uses configuration files to define the access control model.

There are two configuration files: model.conf and policy.csv. model.conf stores the access model, while policy.csv stores the specific user permission configuration. The usage of Casbin is very straightforward. We only need to create one main structure: enforcer. 当构造这个结构的时候， model.conf 和 policy.csv 将会被加载。

In other words, to create a Casbin enforcer, you need to provide a Model and an Adapter.

Casbin provides a FileAdapter that you can use. See Adapter for more information.

• Example of using the Model file and the default FileAdapter:

Go

import "github.com/casbin/casbin/v2"

e, err := casbin.NewEnforcer("path/to/model.conf", "path/to/policy.csv")

Java

import org.casbin.jcasbin.main.Enforcer;

Enforcer e = new Enforcer("path/to/model.conf", "path/to/policy.csv");

Node.js

import { newEnforcer } from 'casbin';

const e = await newEnforcer('path/to/model.conf', 'path/to/policy.csv');

PHP

require_once './vendor/autoload.php';

use Casbin\Enforcer;

$e = new Enforcer("path/to/model.conf", "path/to/policy.csv");

Python

import casbin

e = casbin.Enforcer("path/to/model.conf", "path/to/policy.csv")

.NET

using NetCasbin; 

var e = new Enforcer("path/to/model.conf", "path/to/policy.csv");

C++

#include <iostream>
#include <casbin/casbin.h>

int main() {
    // 创建一个执行者
    casbin::Enforcer e("path/to/model.conf", "path/to/policy.csv");

    // 你的代码 ..
}

Delphi

var
  casbin: ICasbin;
begin
  casbin := TCasbin.Create('path/to/model.conf', 'path/to/policy.csv');
  ...
end

Rust

use casbin::prelude::*;

// 如果你使用 async_td 作为异步执行器
#[cfg(feature = "runtime-async-std")]
#[async_std::main]
async fn main() -> Result<()> {
    let mut e = Enforcer::new("path/to/model.conf", "path/to/policy.csv").await?;
    Ok(())
}

// 如果你使用 tokio 作为异步执行器
#[cfg(feature = "runtime-tokio")]
#[tokio::main]
async fn main() -> Result<()> {
    let mut e = Enforcer::new("path/to/model.conf", "path/to/policy.csv").await?;
    Ok(())
}

Lua

local Enforcer = require("casbin")
local e = Enforcer:new("path/to/model.conf", "path/to/policy.csv") -- The Casbin Enforcer

• 与其他Adapter一起使用Model text

Go

import (
    "log"

    "github.com/casbin/casbin/v2"
    "github.com/casbin/casbin/v2/model"
    xormadapter "github.com/casbin/xorm-adapter/v2"
    _ "github.com/go-sql-driver/mysql"
)

// 使用MySQL数据库初始化一个Xorm适配器
a, err := xormadapter.NewAdapter("mysql", "mysql_username:mysql_password@tcp(127.0.0.1:3306)/")
if err != nil {
    log.Fatalf("error: adapter: %s", err)
}

m, err := model.NewModelFromString(`
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
`)
if err != nil {
    log.Fatalf("error: model: %s", err)
}

e, err := casbin.NewEnforcer(m, a)
if err != nil {
    log.Fatalf("error: enforcer: %s", err)
}

Python

import casbin
import casbin_sqlalchemy_adapter


# 将SQLAlchemy Casbin适配器与SQLLite DB一起使用
adapter = casbin_sqlalchemy_adapter.Adapter('sqlite:///test.db')

# 创建配置模型策略
with open("rbac_example_model.conf", "w") as f:
    f.write("""
    [request_definition]
    r = sub, obj, act

    [policy_definition]
    p = sub, obj, act

    [policy_effect]
    e = some(where (p.eft == allow))

    [matchers]
    m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
    """)

# 从适配器和配置策略创建执行器
e = casbin.Enforcer('rbac_example_model.conf', adapter)

检查权限

在访问发生之前, 在代码中添加强制挂钩:

Go

sub := "alice" // 想要访问资源的用户。
obj := "data1" // 将被访问的资源。
act := "read" // 用户对资源执行的操作。

ok, err := e.Enforce(sub, obj, act)

if err != nil {
    // 处理err
}

if ok == true {
    // 允许alice读取data1
} else {
    // 拒绝请求，抛出异常
}

// 您可以使用BatchEnforce()来批量执行一些请求
// 这个方法返回布尔切片，此切片的索引对应于二维数组的行索引。
// 例如results[0] 是{"alice", "data1", "read"}的结果
results, err := e.BatchEnforce([][]interface{}{{"alice", "data1", "read"}, {"bob", "data2", "write"}, {"jack", "data3", "read"}})

Java

String sub = "alice"; // 想要访问资源的用户
String obj = "data1"; // 将要被访问的资源
String act = "read"; // 用户对资源进行的操作

if (e.enforce(sub, obj, act) == true) {
    // 允许alice读取data1
} else {
    // 拒绝请求，抛出异常
}

Node.js

const sub = 'alice'; // 想要访问资源的用户
const obj = 'data1'; // 将要被访问的资源
const act = 'read'; // 用户对资源进行的操作

if ((await e.enforce(sub, obj, act)) === true) {
    // 允许alice读取data1
} else {
    // 拒绝请求，抛出异常
}

PHP

$sub = "alice"; // 想要访问资源的用户
$obj = "data1"; // 将要被访问的资源
$act = "read"; // 用户对资源进行的操作

if ($e->enforce($sub, $obj, $act) === true) {
    // 允许alice读取data1
} else {
    // 拒绝请求，抛出异常
}

Python

sub = "alice"  # 想要访问资源的用户
obj = "data1"  # 将要被访问的资源
act = "read"  # 用户对资源进行的操作

if e.enforce(sub, obj, act):
    # 允许alice读取data1
    pass
else:
    # 拒绝请求，抛出异常
    pass

.NET

var sub = "alice";  # 想要访问资源的用户
var obj = "data1";  # 将要被访问的资源
var act = "read";  # 用户对资源进行的操作

if (await e.EnforceAsync(sub, obj, act)) 
{
    // 允许alice读取data1
}
else
{
    // 拒绝请求，抛出异常
}

C++

    casbin::Enforcer e("../assets/model.conf", "../assets/policy.csv");

    if (e.Enforce({"alice", "/alice_data/hello", "GET"})) {
        std::cout << "Enforce OK" << std::endl;
    } else {
        std::cout << "Enforce NOT Good" << std::endl;
    }

    if (e.Enforce({"alice", "/alice_data/hello", "POST"})) {
        std::cout << "Enforce OK" << std::endl;
    } else {
        std::cout << "Enforce NOT Good" << std::endl;
    }

Delphi

if casbin.enforce(['alice,data1,read']) then
  // Alice很开兴它能够读取data1了
else
  // Alice很伤心

Rust

  let sub = "alice"; // 想要访问资源的用户
  let obj = "data1"; // 将会被访问的资源
  let act = "read"; // 用户对资源的操作

  if e.enforce((sub, obj, act)).await? {
      // 允许alice读取data1
  } else {
      // 发生错误
  }

Lua

if e:enforce("alice", "data1", "read") then
   -- 允许alice读取data1
else
   -- 拒绝请求，抛出异常
end

Casbin还提供了在运行时进行权限管理的API。 例如，你可以获得分配给一个用户的所有角色，如下所示：

Go

roles, err := e.GetRolesForUser("alice")

Java

List<String> roles = e.getRolesForUser("alice");

Node.js

const roles = await e.getRolesForUser('alice');

PHP

$roles = $e->getRolesForUser("alice");

Python

roles = e.get_roles_for_user("alice")

.NET

var roles = e.GetRolesForUser("alice");

Delphi

roles = e.rolesForEntity("alice")

Rust

let roles = e.get_roles_for_user("alice");

Lua

local roles = e:GetRolesForUser("alice")

更多使用方法见 Management API和 RBAC API。

请查看测试用例以获取更多使用方式。