跳转至主要内容

域内基于角色的访问控制 API

A more user-friendly API for RBAC with domains. This API is a subset of the Management API. RBAC users can use this API to simplify their code.

参考

The global variable e represents the Enforcer instance.

e, err := NewEnforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv")

GetUsersForRoleInDomain()

The GetUsersForRoleInDomain() function retrieves the users that have a role within a domain.

例如:

res := e.GetUsersForRoleInDomain("admin", "domain1")

GetRolesForUserInDomain()

The GetRolesForUserInDomain() function retrieves the roles that a user has within a domain.

例如:

res := e.GetRolesForUserInDomain("admin", "domain1")

GetPermissionsForUserInDomain()

The GetPermissionsForUserInDomain() function retrieves the permissions for a user or role within a domain.

例如:

res := e.GetPermissionsForUserInDomain("alice", "domain1")

AddRoleForUserInDomain()

The AddRoleForUserInDomain() function adds a role for a user within a domain. It returns false if the user already has the role (no changes made).

例如:

ok, err := e.AddRoleForUserInDomain("alice", "admin", "domain1")

DeleteRoleForUserInDomain()

The DeleteRoleForUserInDomain() function removes a role for a user within a domain. It returns false if the user does not have the role (no changes made).

例如:

ok, err := e.DeleteRoleForUserInDomain("alice", "admin", "domain1")

DeleteRolesForUserInDomain()

The DeleteRolesForUserInDomain() function removes all roles for a user within a domain. It returns false if the user does not have any roles (no changes made).

例如:

ok, err := e.DeleteRolesForUserInDomain("alice", "domain1")

GetAllUsersByDomain()

The GetAllUsersByDomain() function retrieves all users associated with the given domain. It returns an empty string array if no domain is defined in the model.

例如:

res := e.GetAllUsersByDomain("domain1")

DeleteAllUsersByDomain()

The DeleteAllUsersByDomain() function deletes all users associated with the given domain. It returns false if no domain is defined in the model.

例如:

ok, err := e.DeleteAllUsersByDomain("domain1")

DeleteDomains()

DeleteDomains 将删除所有相关的用户和角色。 如果没有提供参数,它会删除所有域。

例如:

ok, err := e.DeleteDomains("domain1", "domain2")

GetAllDomains()

GetAllDomains 将获得所有域。

例如:

res, _ := e.GetAllDomains()
备注

如果您正在处理类似 name::domain的域,这可能会导致意外的行为。 In Casbin, :: is a reserved keyword, just like for, if in a programming language, we should never put :: in a domain.

GetImplicitUsersForResourceByDomain()

GetImplicitUsersForResourceByDomain return implicit user based on resource and domain.

For example:

p, admin, domain1, data1, read
p, admin, domain1, data1, write
p, admin, domain2, data2, read
p, admin, domain2, data2, write
g, alice, admin, domain1
g, bob, admin, domain2

GetImplicitUsersForResourceByDomain("data1", "domain1") will return [["alice", "domain1", "data1", "read"],["alice", "domain1", "data1", "write"]], nil

ImplicitUsers, err := e.GetImplicitUsersForResourceByDomain("data1", "domain1")
备注

Only users will be returned, roles (2nd arg in "g") will be excluded.