The highest tagged major version is
README
¶
Session Role Manager 
Session Role Manager is the Session-based role manager for Casbin. With this library, Casbin can load session-based role hierarchy (user-role mapping) from Casbin policy or save role hierarchy to it. The session is only active in the specified time range.
Installation
go get github.com/casbin/session-role-manager
Simple Example
package main
import (
"github.com/casbin/casbin"
"github.com/casbin/casbin/file-adapter"
"github.com/casbin/session-role-manager"
)
func main() {
// NewEnforcer(modelPath, policyPath) automatically uses the default
// role manager when loading policy. So if we want to use a custom
// role manager, and this role manager relies on Casbin policy,
// we should manually set the role manager before loading policy.
e := casbin.NewEnforcer("examples/rbac_model_with_sessions.conf")
// Manually set an adapter.
a := fileadapter.NewAdapter("examples/rbac_policy_with_sessions.csv")
e.SetAdapter(a)
// Use our role manager.
rm := sessionrolemanager.NewRoleManager(10)
e.SetRoleManager(rm)
// If our role manager relies on Casbin policy (like reading "g"
// policy rules), then we have to set the role manager before loading
// policy.
//
// Otherwise, we can set the role manager at any time, because role
// manager has nothing to do with the adapter.
e.LoadPolicy()
// Check the permission.
// the 4th arg is the querying time in UNIX time format.
e.Enforce("alice", "data1", "read", "1508503308708987131")
}
Getting Help
License
This project is under Apache 2.0 License. See the LICENSE file for the full license text.
Documentation
¶
Index ¶
- func NewRoleManager(maxHierarchyLevel int) rbac.RoleManager
- type RoleManager
- func (rm *RoleManager) AddLink(name1 string, name2 string, timeRange ...string) error
- func (rm *RoleManager) Clear() error
- func (rm *RoleManager) DeleteLink(name1 string, name2 string, unused ...string) error
- func (rm *RoleManager) GetRoles(name string, currentTime ...string) ([]string, error)
- func (rm *RoleManager) GetUsers(name string, currentTime ...string) ([]string, error)
- func (rm *RoleManager) HasLink(name1 string, name2 string, requestTime ...string) (bool, error)
- func (rm *RoleManager) PrintRoles() error
- type Session
- type SessionRole
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewRoleManager ¶
func NewRoleManager(maxHierarchyLevel int) rbac.RoleManager
NewRoleManager is the constructor for creating an instance of the SessionRoleManager implementation.
Types ¶
type RoleManager ¶
type RoleManager struct {
// contains filtered or unexported fields
}
func (*RoleManager) AddLink ¶
func (rm *RoleManager) AddLink(name1 string, name2 string, timeRange ...string) error
AddLink adds the inheritance link between role: name1 and role: name2. aka role: name1 inherits role: name2. timeRange is the time range when the role inheritance link is active.
func (*RoleManager) Clear ¶
func (rm *RoleManager) Clear() error
Clear clears all stored data and resets the role manager to the initial state.
func (*RoleManager) DeleteLink ¶
func (rm *RoleManager) DeleteLink(name1 string, name2 string, unused ...string) error
DeleteLink deletes the inheritance link between role: name1 and role: name2. aka role: name1 does not inherit role: name2 any more. unused is not used.
func (*RoleManager) GetRoles ¶
func (rm *RoleManager) GetRoles(name string, currentTime ...string) ([]string, error)
GetRoles gets the roles that a subject inherits. currentTime is the querying time for the role inheritance link.
func (*RoleManager) GetUsers ¶
func (rm *RoleManager) GetUsers(name string, currentTime ...string) ([]string, error)
GetUsers gets the users that inherits a subject. currentTime is the querying time for the role inheritance link.
func (*RoleManager) HasLink ¶
HasLink determines whether role: name1 inherits role: name2. requestTime is the querying time for the role inheritance link.
func (*RoleManager) PrintRoles ¶
func (rm *RoleManager) PrintRoles() error
PrintRoles prints all the roles to log.
type Session ¶
type Session struct {
// contains filtered or unexported fields
}
Session represents the activation of a role inheritance for a specified time. A role inheritance is always bound to its temporal validity. As soon as a session loses its validity, the corresponding role inheritance becomes invalid too.
type SessionRole ¶
type SessionRole struct {
// contains filtered or unexported fields
}
SessionRole is a modified version of the default role. A SessionRole not only has a name, but also a list of sessions.
Source Files