RBAC with Domains API

This simplified API is designed for RBAC with domains. It is a subset of the Management API, making it easier for RBAC users to work with domain-based policies.

参考

全局变量e代表Enforcer实例。

e, err := NewEnforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv")

const e = await newEnforcer('examples/rbac_with_domains_model.conf', 'examples/rbac_with_domains_policy.csv')

$e = new Enforcer('examples/rbac_with_domains_model.conf', 'examples/rbac_with_domains_policy.csv');

e = casbin.Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv")

var e = new Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv");

let mut e = Enforcer::new("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv").await?;

Enforcer e = new Enforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv");

GetUsersForRoleInDomain()

GetUsersForRoleInDomain() retrieves all users assigned to a specific role within a domain.

例如：

res := e.GetUsersForRoleInDomain("admin", "domain1")

const res = e.getUsersForRoleInDomain("admin", "domain1")

res = e.get_users_for_role_in_domain("admin", "domain1")

GetRolesForUserInDomain()

GetRolesForUserInDomain() retrieves all roles assigned to a user within a domain.

例如：

res := e.GetRolesForUserInDomain("admin", "domain1")

const res = e.getRolesForUserInDomain("alice", "domain1")

res = e.get_roles_for_user_in_domain("alice", "domain1")

List<String> res = e.getRolesForUserInDomain("admin", "domain1");

GetPermissionsForUserInDomain()

GetPermissionsForUserInDomain() retrieves all permissions for a user or role within a domain.

例如：

res := e.GetPermissionsForUserInDomain("alice", "domain1")

List<List<String>> res = e.getPermissionsForUserInDomain("alice", "domain1");

AddRoleForUserInDomain()

AddRoleForUserInDomain() assigns a role to a user within a domain. Returns false if the user already has the role (no changes made).

例如：

ok, err := e.AddRoleForUserInDomain("alice", "admin", "domain1")

ok = e.add_role_for_user_in_domain("alice", "admin", "domain1")

boolean ok = e.addRoleForUserInDomain("alice", "admin", "domain1");

DeleteRoleForUserInDomain()

DeleteRoleForUserInDomain() removes a role from a user within a domain. Returns false if the user does not have the role (no changes made).

例如：

ok, err := e.DeleteRoleForUserInDomain("alice", "admin", "domain1")

boolean ok = e.deleteRoleForUserInDomain("alice", "admin", "domain1");

DeleteRolesForUserInDomain()

DeleteRolesForUserInDomain() removes all roles from a user within a domain. Returns false if the user has no roles (no changes made).

例如：

ok, err := e.DeleteRolesForUserInDomain("alice", "domain1")

GetAllUsersByDomain()

GetAllUsersByDomain() retrieves all users associated with the specified domain. Returns an empty string array if no domain is defined in the model.

例如：

res := e.GetAllUsersByDomain("domain1")

DeleteAllUsersByDomain()

DeleteAllUsersByDomain() removes all users associated with the specified domain. Returns false if no domain is defined in the model.

例如：

ok, err := e.DeleteAllUsersByDomain("domain1")

DeleteDomains()

DeleteDomains() removes all associated users and roles for the specified domains. If no parameters are provided, all domains are deleted.

例如：

ok, err := e.DeleteDomains("domain1", "domain2")

GetAllDomains()

GetAllDomains() retrieves all domains.

例如：

res, _ := e.GetAllDomains()

备注

When handling domain names that contain ::, unexpected behavior may occur. In Casbin, :: is a reserved keyword, similar to for or if in programming languages. Never use :: within a domain name.

GetAllRolesByDomain()

GetAllRolesByDomain() retrieves all roles associated with the specified domain.

例如：

res := e.GetAllRolesByDomain("domain1")

备注

此方法不适用于具有继承关系的域，也称为隐式角色。

GetImplicitUsersForResourceByDomain()

GetImplicitUsersForResourceByDomain() returns implicit users based on resource and domain.

例如：

p, admin, domain1, data1, read
p, admin, domain1, data1, write
p, admin, domain2, data2, read
p, admin, domain2, data2, write
g, alice, admin, domain1
g, bob, admin, domain2

GetImplicitUsersForResourceByDomain("data1", "domain1")将返回[["alice", "domain1", "data1", "read"],["alice", "domain1", "data1", "write"]], nil

ImplicitUsers, err := e.GetImplicitUsersForResourceByDomain("data1", "domain1")

备注

只会返回用户，角色（"g"中的第二个参数）将被排除。

参考​

GetUsersForRoleInDomain()​

GetRolesForUserInDomain()​

GetPermissionsForUserInDomain()​

AddRoleForUserInDomain()​

DeleteRoleForUserInDomain()​

DeleteRolesForUserInDomain()​

GetAllUsersByDomain()​

DeleteAllUsersByDomain()​

DeleteDomains()​

GetAllDomains()​

GetAllRolesByDomain()​

GetImplicitUsersForResourceByDomain()​

参考