casbin_enforcers

package module
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

README

Casbin Enforcers

Introduction

This repository contains an extension to the casbin framework allowing the user to chain an arbitrary number of custom enforcers. This allows functionality to be layered on top of the default casbin enforcer.

Any object which implements the BasicEnforcer or FullEnforcer interface can be used in building a chain. This enables powerful dynamic chaining which can be configured dynamically at runtime. There are currently two enforcers provided by this package: cached and synced.

The synced enforcer is a thread safe wrapper to provide safe access to the enforcer when accessing the API from multiple concurrent goroutines.

The cached enforcer implements basic request caching to speed up common queries. It optionally implements an automatic cache invalidation on policy updates. More granular control over cache invalidation will be added in the future.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrorUnsupported = errors.New("unsupported function")

ErrorUnsupported is returned to indicate that a specific function is not supported by an enforcer wrapper.

Functions

func GetRootEnforcer 

func GetRootEnforcer(e BasicEnforcer) *casbin.Enforcer

GetRootEnforcer locates and returns the root instance of Enforcer from a arbitrarily wrapped instance

Types

type APIEnforcer 

type APIEnforcer interface {
	GetRolesForUser(name string, domains ...string) ([]string, error)
	GetUsersForRole(name string, domains ...string) ([]string, error)
	HasRoleForUser(name string, role string, domain ...string) (bool, error)
	AddRoleForUser(user string, role string, domain ...string) (bool, error)
	DeleteRoleForUser(user string, role string, domain ...string) (bool, error)
	DeleteRolesForUser(user string, domain ...string) (bool, error)
	DeleteUser(user string) (bool, error)
	DeleteRole(role string) (bool, error)
	DeletePermission(permission ...string) (bool, error)
	AddPermissionForUser(user string, permission ...string) (bool, error)
	DeletePermissionForUser(user string, permission ...string) (bool, error)
	DeletePermissionsForUser(user string) (bool, error)
	GetPermissionsForUser(user string, domain ...string) ([][]string, error)
	HasPermissionForUser(user string, permission ...string) (bool, error)
	GetImplicitRolesForUser(name string, domain ...string) ([]string, error)
	GetImplicitPermissionsForUser(user string, domain ...string) ([][]string, error)
	GetImplicitUsersForPermission(permission ...string) ([]string, error)
	GetUsersForRoleInDomain(name string, domain string) []string
	GetRolesForUserInDomain(name string, domain string) []string
	GetPermissionsForUserInDomain(user string, domain string) [][]string
	AddRoleForUserInDomain(user string, role string, domain string) (bool, error)
	DeleteRoleForUserInDomain(user string, role string, domain string) (bool, error)
	GetAllSubjects() ([]string, error)
	GetAllNamedSubjects(ptype string) ([]string, error)
	GetAllObjects() ([]string, error)
	GetAllNamedObjects(ptype string) ([]string, error)
	GetAllActions() ([]string, error)
	GetAllNamedActions(ptype string) ([]string, error)
	GetAllRoles() ([]string, error)
	GetAllNamedRoles(ptype string) ([]string, error)
	GetPolicy() ([][]string, error)
	GetFilteredPolicy(fieldIndex int, fieldValues ...string) ([][]string, error)
	GetNamedPolicy(ptype string) ([][]string, error)
	GetFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) ([][]string, error)
	GetGroupingPolicy() ([][]string, error)
	GetFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) ([][]string, error)
	GetNamedGroupingPolicy(ptype string) ([][]string, error)
	GetFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) ([][]string, error)
	HasPolicy(params ...interface{}) (bool, error)
	HasNamedPolicy(ptype string, params ...interface{}) (bool, error)
	AddPolicy(params ...interface{}) (bool, error)
	AddNamedPolicy(ptype string, params ...interface{}) (bool, error)
	RemovePolicy(params ...interface{}) (bool, error)
	RemoveFilteredPolicy(fieldIndex int, fieldValues ...string) (bool, error)
	RemoveNamedPolicy(ptype string, params ...interface{}) (bool, error)
	RemoveFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) (bool, error)
	HasGroupingPolicy(params ...interface{}) (bool, error)
	HasNamedGroupingPolicy(ptype string, params ...interface{}) (bool, error)
	AddGroupingPolicy(params ...interface{}) (bool, error)
	AddNamedGroupingPolicy(ptype string, params ...interface{}) (bool, error)
	RemoveGroupingPolicy(params ...interface{}) (bool, error)
	RemoveFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) (bool, error)
	RemoveNamedGroupingPolicy(ptype string, params ...interface{}) (bool, error)
	RemoveFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) (bool, error)
	AddFunction(name string, function govaluate.ExpressionFunction)
}

APIEnforcer is the interface which provides the management and RBAC API functions

Enforcer wrappers must implement this interface in order to expose the RBAC and management APIs from lower level wrappers or the root Enforcer.

type BasicEnforcer 

type BasicEnforcer interface {
	InitWithFile(modelPath string, policyPath string) error
	InitWithAdapter(modelPath string, adapter persist.Adapter) error
	InitWithModelAndAdapter(m model.Model, adapter persist.Adapter) error
	LoadModel() error
	GetModel() model.Model
	SetModel(m model.Model)
	GetAdapter() persist.Adapter
	SetAdapter(adapter persist.Adapter)
	SetWatcher(watcher persist.Watcher) error
	GetRoleManager() rbac.RoleManager
	SetRoleManager(rm rbac.RoleManager)
	SetEffector(eft effector.Effector)
	ClearPolicy()
	LoadPolicy() error
	LoadFilteredPolicy(filter interface{}) error
	IsFiltered() bool
	SavePolicy() error
	EnableEnforce(enable bool)
	EnableLog(enable bool)
	EnableAutoSave(autoSave bool)
	EnableAutoBuildRoleLinks(autoBuildRoleLinks bool)
	BuildRoleLinks() error
	Enforce(rvals ...interface{}) (bool, error)
	EnforceWithMatcher(matcher string, rvals ...interface{}) (bool, error)
}

BasicEnforcer is the interface that describes the minimal set of functions required for an enforcer

An object implements BasicEnforcer to enable it to be used as a wrapper around Enforcer.

type CachedEnforcer 

type CachedEnforcer struct {
	// contains filtered or unexported fields
}

CachedEnforcer wraps Enforcer and provides decision cache.

func NewCachedEnforcer 

func NewCachedEnforcer(params ...interface{}) (*CachedEnforcer, error)

NewCachedEnforcer creates a cached enforcer from an existing enforcer or via file or DB.

func (*CachedEnforcer) AddFunction 

func (e *CachedEnforcer) AddFunction(name string, function govaluate.ExpressionFunction)

AddFunction adds a customized function.

func (*CachedEnforcer) AddGroupingPolicy 

func (e *CachedEnforcer) AddGroupingPolicy(params ...interface{}) (bool, error)

AddGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

func (*CachedEnforcer) AddNamedGroupingPolicy 

func (e *CachedEnforcer) AddNamedGroupingPolicy(ptype string, params ...interface{}) (bool, error)

AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

func (*CachedEnforcer) AddNamedPolicy 

func (e *CachedEnforcer) AddNamedPolicy(ptype string, params ...interface{}) (bool, error)

AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

func (*CachedEnforcer) AddPermissionForUser added in v0.2.0 

func (e *CachedEnforcer) AddPermissionForUser(user string, permission ...string) (bool, error)

func (*CachedEnforcer) AddPolicy 

func (e *CachedEnforcer) AddPolicy(params ...interface{}) (bool, error)

AddPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

func (*CachedEnforcer) AddRoleForUser added in v0.2.0 

func (e *CachedEnforcer) AddRoleForUser(user string, role string, domain ...string) (bool, error)

func (*CachedEnforcer) AddRoleForUserInDomain 

func (e *CachedEnforcer) AddRoleForUserInDomain(user string, role string, domain string) (bool, error)

AddRoleForUserInDomain adds a role for a user inside a domain. Returns false if the user already has the role (aka not affected). 

func (e *CachedEnforcer) BuildRoleLinks() error

BuildRoleLinks manually rebuild the role inheritance relations.

func (*CachedEnforcer) ClearPolicy 

func (e *CachedEnforcer) ClearPolicy()

ClearPolicy clears all policy.

func (*CachedEnforcer) DeletePermission added in v0.2.0 

func (e *CachedEnforcer) DeletePermission(permission ...string) (bool, error)

func (*CachedEnforcer) DeletePermissionForUser added in v0.2.0 

func (e *CachedEnforcer) DeletePermissionForUser(user string, permission ...string) (bool, error)

func (*CachedEnforcer) DeletePermissionsForUser added in v0.2.0 

func (e *CachedEnforcer) DeletePermissionsForUser(user string) (bool, error)

func (*CachedEnforcer) DeleteRole added in v0.2.0 

func (e *CachedEnforcer) DeleteRole(role string) (bool, error)

func (*CachedEnforcer) DeleteRoleForUser added in v0.2.0 

func (e *CachedEnforcer) DeleteRoleForUser(user string, role string, domain ...string) (bool, error)

func (*CachedEnforcer) DeleteRoleForUserInDomain 

func (e *CachedEnforcer) DeleteRoleForUserInDomain(user string, role string, domain string) (bool, error)

DeleteRoleForUserInDomain deletes a role for a user inside a domain. Returns false if the user does not have the role (aka not affected).

func (*CachedEnforcer) DeleteRolesForUser added in v0.2.0 

func (e *CachedEnforcer) DeleteRolesForUser(user string, domain ...string) (bool, error)

func (*CachedEnforcer) DeleteUser added in v0.2.0 

func (e *CachedEnforcer) DeleteUser(user string) (bool, error)
func (e *CachedEnforcer) EnableAutoBuildRoleLinks(autoBuildRoleLinks bool)

EnableAutoBuildRoleLinks controls whether to rebuild the role inheritance relations when a role is added or deleted.

func (*CachedEnforcer) EnableAutoClear 

func (e *CachedEnforcer) EnableAutoClear(enableAuto bool)

EnableAutoCLear determines whether to automatically invalidate the cache when the policy is changed.

func (*CachedEnforcer) EnableAutoSave 

func (e *CachedEnforcer) EnableAutoSave(autoSave bool)

EnableAutoSave controls whether to save a policy rule automatically to the adapter when it is added or removed.

func (*CachedEnforcer) EnableCache 

func (e *CachedEnforcer) EnableCache(enableCache bool)

EnableCache determines whether to enable cache on Enforce(). When enableCache is enabled, cached result (true | false) will be returned for previous decisions.

func (*CachedEnforcer) EnableEnforce 

func (e *CachedEnforcer) EnableEnforce(enable bool)

EnableEnforce changes the enforcing state of Casbin, when Casbin is disabled, all access will be allowed by the Enforce() function.

func (*CachedEnforcer) EnableLog 

func (e *CachedEnforcer) EnableLog(enable bool)

EnableLog changes whether Casbin will log messages to the Logger.

func (*CachedEnforcer) Enforce 

func (e *CachedEnforcer) Enforce(rvals ...interface{}) (bool, error)

Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). if rvals is not string , ignore the cache.

func (*CachedEnforcer) EnforceWithMatcher 

func (e *CachedEnforcer) EnforceWithMatcher(matcher string, rvals ...interface{}) (bool, error)

EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "".

func (*CachedEnforcer) GetAdapter 

func (e *CachedEnforcer) GetAdapter() persist.Adapter

GetAdapter gets the current adapter.

func (*CachedEnforcer) GetAllActions 

func (e *CachedEnforcer) GetAllActions() ([]string, error)

GetAllActions gets the list of actions that show up in the current policy.

func (*CachedEnforcer) GetAllNamedActions 

func (e *CachedEnforcer) GetAllNamedActions(ptype string) ([]string, error)

GetAllNamedActions gets the list of actions that show up in the current named policy.

func (*CachedEnforcer) GetAllNamedObjects 

func (e *CachedEnforcer) GetAllNamedObjects(ptype string) ([]string, error)

GetAllNamedObjects gets the list of objects that show up in the current named policy.

func (*CachedEnforcer) GetAllNamedRoles 

func (e *CachedEnforcer) GetAllNamedRoles(ptype string) ([]string, error)

GetAllNamedRoles gets the list of roles that show up in the current named policy.

func (*CachedEnforcer) GetAllNamedSubjects 

func (e *CachedEnforcer) GetAllNamedSubjects(ptype string) ([]string, error)

GetAllNamedSubjects gets the list of subjects that show up in the current named policy.

func (*CachedEnforcer) GetAllObjects 

func (e *CachedEnforcer) GetAllObjects() ([]string, error)

GetAllObjects gets the list of objects that show up in the current policy.

func (*CachedEnforcer) GetAllRoles 

func (e *CachedEnforcer) GetAllRoles() ([]string, error)

GetAllRoles gets the list of roles that show up in the current policy.

func (*CachedEnforcer) GetAllSubjects 

func (e *CachedEnforcer) GetAllSubjects() ([]string, error)

GetAllSubjects gets the list of subjects that show up in the current policy.

func (*CachedEnforcer) GetFilteredGroupingPolicy 

func (e *CachedEnforcer) GetFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) ([][]string, error)

GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.

func (*CachedEnforcer) GetFilteredNamedGroupingPolicy 

func (e *CachedEnforcer) GetFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) ([][]string, error)

GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.

func (*CachedEnforcer) GetFilteredNamedPolicy 

func (e *CachedEnforcer) GetFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) ([][]string, error)

GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.

func (*CachedEnforcer) GetFilteredPolicy 

func (e *CachedEnforcer) GetFilteredPolicy(fieldIndex int, fieldValues ...string) ([][]string, error)

GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.

func (*CachedEnforcer) GetGroupingPolicy 

func (e *CachedEnforcer) GetGroupingPolicy() ([][]string, error)

GetGroupingPolicy gets all the role inheritance rules in the policy.

func (*CachedEnforcer) GetImplicitPermissionsForUser 

func (e *CachedEnforcer) GetImplicitPermissionsForUser(user string, domain ...string) ([][]string, error)

GetImplicitPermissionsForUser gets implicit permissions for a user or role. Compared to GetPermissionsForUser(), this function retrieves permissions for inherited roles. For example: p, admin, data1, read p, alice, data2, read g, alice, admin

GetPermissionsForUser("alice") can only get: [["alice", "data2", "read"]]. But GetImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].

func (*CachedEnforcer) GetImplicitRolesForUser 

func (e *CachedEnforcer) GetImplicitRolesForUser(user string, domain ...string) ([]string, error)

GetImplicitRolesForUser gets implicit roles that a user has. Compared to GetRolesForUser(), this function retrieves indirect roles besides direct roles. For example: g, alice, role:admin g, role:admin, role:user

GetRolesForUser("alice") can only get: ["role:admin"]. But GetImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].

func (*CachedEnforcer) GetImplicitUsersForPermission 

func (e *CachedEnforcer) GetImplicitUsersForPermission(permission ...string) ([]string, error)

GetImplicitUsersForPermission gets implicit users for a permission. For example: p, admin, data1, read p, bob, data1, read g, alice, admin

GetImplicitUsersForPermission("data1", "read") will get: ["alice", "bob"]. Note: only users will be returned, roles (2nd arg in "g") will be excluded.

func (*CachedEnforcer) GetModel 

func (e *CachedEnforcer) GetModel() model.Model

GetModel gets the current model.

func (*CachedEnforcer) GetNamedGroupingPolicy 

func (e *CachedEnforcer) GetNamedGroupingPolicy(ptype string) ([][]string, error)

GetNamedGroupingPolicy gets all the role inheritance rules in the policy.

func (*CachedEnforcer) GetNamedPolicy 

func (e *CachedEnforcer) GetNamedPolicy(ptype string) ([][]string, error)

GetNamedPolicy gets all the authorization rules in the named policy.

func (*CachedEnforcer) GetParentEnforcer 

func (e *CachedEnforcer) GetParentEnforcer() BasicEnforcer

GetParentEnforcer returns the parent enforcer wrapped by this instance.

func (*CachedEnforcer) GetPermissionsForUser added in v0.2.0 

func (e *CachedEnforcer) GetPermissionsForUser(user string, domain ...string) ([][]string, error)

func (*CachedEnforcer) GetPermissionsForUserInDomain 

func (e *CachedEnforcer) GetPermissionsForUserInDomain(user string, domain string) [][]string

GetPermissionsForUserInDomain gets permissions for a user or role inside a domain.

func (*CachedEnforcer) GetPolicy 

func (e *CachedEnforcer) GetPolicy() ([][]string, error)

GetPolicy gets all the authorization rules in the policy.

func (*CachedEnforcer) GetRoleManager 

func (e *CachedEnforcer) GetRoleManager() rbac.RoleManager

GetRoleManager gets the current role manager.

func (*CachedEnforcer) GetRolesForUser added in v0.2.0 

func (e *CachedEnforcer) GetRolesForUser(name string, domains ...string) ([]string, error)

func (*CachedEnforcer) GetRolesForUserInDomain 

func (e *CachedEnforcer) GetRolesForUserInDomain(name string, domain string) []string

GetRolesForUserInDomain gets the roles that a user has inside a domain.

func (*CachedEnforcer) GetUsersForRole added in v0.2.0 

func (e *CachedEnforcer) GetUsersForRole(name string, domains ...string) ([]string, error)

func (*CachedEnforcer) GetUsersForRoleInDomain 

func (e *CachedEnforcer) GetUsersForRoleInDomain(name string, domain string) []string

GetUsersForRoleInDomain gets the users that has a role inside a domain. Add by Gordon

func (*CachedEnforcer) HasGroupingPolicy 

func (e *CachedEnforcer) HasGroupingPolicy(params ...interface{}) (bool, error)

HasGroupingPolicy determines whether a role inheritance rule exists.

func (*CachedEnforcer) HasNamedGroupingPolicy 

func (e *CachedEnforcer) HasNamedGroupingPolicy(ptype string, params ...interface{}) (bool, error)

HasNamedGroupingPolicy determines whether a named role inheritance rule exists.

func (*CachedEnforcer) HasNamedPolicy 

func (e *CachedEnforcer) HasNamedPolicy(ptype string, params ...interface{}) (bool, error)

HasNamedPolicy determines whether a named authorization rule exists.

func (*CachedEnforcer) HasPermissionForUser added in v0.2.0 

func (e *CachedEnforcer) HasPermissionForUser(user string, permission ...string) (bool, error)

func (*CachedEnforcer) HasPolicy 

func (e *CachedEnforcer) HasPolicy(params ...interface{}) (bool, error)

HasPolicy determines whether an authorization rule exists.

func (*CachedEnforcer) HasRoleForUser added in v0.2.0 

func (e *CachedEnforcer) HasRoleForUser(name string, role string, domain ...string) (bool, error)

func (*CachedEnforcer) InitWithAdapter 

func (e *CachedEnforcer) InitWithAdapter(modelPath string, adapter persist.Adapter) error

InitWithAdapter initializes an enforcer with a database adapter.

func (*CachedEnforcer) InitWithFile 

func (e *CachedEnforcer) InitWithFile(modelPath string, policyPath string) error

InitWithFile initializes an enforcer with a model file and a policy file.

func (*CachedEnforcer) InitWithModelAndAdapter 

func (e *CachedEnforcer) InitWithModelAndAdapter(m model.Model, adapter persist.Adapter) error

InitWithModelAndAdapter initializes an enforcer with a model and a database adapter.

func (*CachedEnforcer) InvalidateCache 

func (e *CachedEnforcer) InvalidateCache()

InvalidateCache deletes all the existing cached decisions.

func (*CachedEnforcer) IsFiltered 

func (e *CachedEnforcer) IsFiltered() bool

IsFiltered returns true if the loaded policy has been filtered.

func (*CachedEnforcer) LoadFilteredPolicy 

func (e *CachedEnforcer) LoadFilteredPolicy(filter interface{}) error

LoadFilteredPolicy reloads a filtered policy from file/database.

func (*CachedEnforcer) LoadModel 

func (e *CachedEnforcer) LoadModel() error

LoadModel reloads the model from the model CONF file. Because the policy is attached to a model, so the policy is invalidated and needs to be reloaded by calling LoadPolicy().

func (*CachedEnforcer) LoadPolicy 

func (e *CachedEnforcer) LoadPolicy() error

LoadPolicy reloads the policy from file/database.

func (*CachedEnforcer) RemoveFilteredGroupingPolicy 

func (e *CachedEnforcer) RemoveFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) (bool, error)

RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.

func (*CachedEnforcer) RemoveFilteredNamedGroupingPolicy 

func (e *CachedEnforcer) RemoveFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) (bool, error)

RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.

func (*CachedEnforcer) RemoveFilteredNamedPolicy 

func (e *CachedEnforcer) RemoveFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) (bool, error)

RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.

func (*CachedEnforcer) RemoveFilteredPolicy 

func (e *CachedEnforcer) RemoveFilteredPolicy(fieldIndex int, fieldValues ...string) (bool, error)

RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified.

func (*CachedEnforcer) RemoveGroupingPolicy 

func (e *CachedEnforcer) RemoveGroupingPolicy(params ...interface{}) (bool, error)

RemoveGroupingPolicy removes a role inheritance rule from the current policy.

func (*CachedEnforcer) RemoveNamedGroupingPolicy 

func (e *CachedEnforcer) RemoveNamedGroupingPolicy(ptype string, params ...interface{}) (bool, error)

RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy.

func (*CachedEnforcer) RemoveNamedPolicy 

func (e *CachedEnforcer) RemoveNamedPolicy(ptype string, params ...interface{}) (bool, error)

RemoveNamedPolicy removes an authorization rule from the current named policy.

func (*CachedEnforcer) RemovePolicy 

func (e *CachedEnforcer) RemovePolicy(params ...interface{}) (bool, error)

RemovePolicy removes an authorization rule from the current policy.

func (*CachedEnforcer) SavePolicy 

func (e *CachedEnforcer) SavePolicy() error

SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database.

func (*CachedEnforcer) SetAdapter 

func (e *CachedEnforcer) SetAdapter(adapter persist.Adapter)

SetAdapter sets the current adapter.

func (*CachedEnforcer) SetEffector 

func (e *CachedEnforcer) SetEffector(eft effector.Effector)

SetEffector sets the current effector.

func (*CachedEnforcer) SetModel 

func (e *CachedEnforcer) SetModel(m model.Model)

SetModel sets the current model.

func (*CachedEnforcer) SetRoleManager 

func (e *CachedEnforcer) SetRoleManager(rm rbac.RoleManager)

SetRoleManager sets the current role manager.

func (*CachedEnforcer) SetWatcher 

func (e *CachedEnforcer) SetWatcher(watcher persist.Watcher) error

SetWatcher sets the current watcher.

type ChainedEnforcer 

type ChainedEnforcer interface {
	BasicEnforcer
	GetParentEnforcer() ChainedEnforcer
	GetRootEnforcer() *casbin.Enforcer
}

type DummyEnforcer 

type DummyEnforcer struct {
}

DummyEnforcer is a dummy implementation of APIEnforcer which simply returns either nil or ErrorUnsupported on all function calls. DummyEnforcer is used to provide functionality to enforcer wrappers which do not implement APIEnforcer.

func (*DummyEnforcer) AddFunction 

func (e *DummyEnforcer) AddFunction(name string, function govaluate.ExpressionFunction)

AddFunction does nothing.

func (*DummyEnforcer) AddGroupingPolicy 

func (e *DummyEnforcer) AddGroupingPolicy(params ...interface{}) (bool, error)

AddGroupingPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) AddNamedGroupingPolicy 

func (e *DummyEnforcer) AddNamedGroupingPolicy(ptype string, params ...interface{}) (bool, error)

AddNamedGroupingPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) AddNamedPolicy 

func (e *DummyEnforcer) AddNamedPolicy(ptype string, params ...interface{}) (bool, error)

AddNamedPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) AddPermissionForUser 

func (e *DummyEnforcer) AddPermissionForUser(user string, permission ...string) (bool, error)

AddPermissionForUser returns false and ErrorUnsupported.

func (*DummyEnforcer) AddPolicy 

func (e *DummyEnforcer) AddPolicy(params ...interface{}) (bool, error)

AddPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) AddRoleForUser 

func (e *DummyEnforcer) AddRoleForUser(user string, role string, domain ...string) (bool, error)

AddRoleForUser returns false and ErrorUnsupported.

func (*DummyEnforcer) AddRoleForUserInDomain 

func (e *DummyEnforcer) AddRoleForUserInDomain(user string, role string, domain string) (bool, error)

AddRoleForUserInDomain returns false and ErrorUnsupported.

func (*DummyEnforcer) DeletePermission 

func (e *DummyEnforcer) DeletePermission(permission ...string) (bool, error)

DeletePermission returns false and ErrorUnsupported.

func (*DummyEnforcer) DeletePermissionForUser 

func (e *DummyEnforcer) DeletePermissionForUser(user string, permission ...string) (bool, error)

DeletePermissionForUser returns false and ErrorUnsupported.

func (*DummyEnforcer) DeletePermissionsForUser 

func (e *DummyEnforcer) DeletePermissionsForUser(user string) (bool, error)

DeletePermissionsForUser returns false and ErrorUnsupported.

func (*DummyEnforcer) DeleteRole 

func (e *DummyEnforcer) DeleteRole(role string) (bool, error)

DeleteRole returns false and ErrorUnsupported.

func (*DummyEnforcer) DeleteRoleForUser 

func (e *DummyEnforcer) DeleteRoleForUser(user string, role string, domain ...string) (bool, error)

DeleteRoleForUser returns false and ErrorUnsupported.

func (*DummyEnforcer) DeleteRoleForUserInDomain 

func (e *DummyEnforcer) DeleteRoleForUserInDomain(user string, role string, domain string) (bool, error)

DeleteRoleForUserInDomain returns false and ErrorUnsupported.

func (*DummyEnforcer) DeleteRolesForUser 

func (e *DummyEnforcer) DeleteRolesForUser(user string, domain ...string) (bool, error)

DeleteRolesForUser returns false and ErrorUnsupported.

func (*DummyEnforcer) DeleteUser 

func (e *DummyEnforcer) DeleteUser(user string) (bool, error)

DeleteUser returns false and ErrorUnsupported.

func (*DummyEnforcer) GetAllActions 

func (e *DummyEnforcer) GetAllActions() ([]string, error)

GetAllActions returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetAllNamedActions 

func (e *DummyEnforcer) GetAllNamedActions(ptype string) ([]string, error)

GetAllNamedActions returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetAllNamedObjects 

func (e *DummyEnforcer) GetAllNamedObjects(ptype string) ([]string, error)

GetAllNamedObjects returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetAllNamedRoles 

func (e *DummyEnforcer) GetAllNamedRoles(ptype string) ([]string, error)

GetAllNamedRoles returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetAllNamedSubjects 

func (e *DummyEnforcer) GetAllNamedSubjects(ptype string) ([]string, error)

GetAllNamedSubjects returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetAllObjects 

func (e *DummyEnforcer) GetAllObjects() ([]string, error)

GetAllObjects returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetAllRoles 

func (e *DummyEnforcer) GetAllRoles() ([]string, error)

GetAllRoles returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetAllSubjects 

func (e *DummyEnforcer) GetAllSubjects() ([]string, error)

GetAllSubjects returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetFilteredGroupingPolicy 

func (e *DummyEnforcer) GetFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) ([][]string, error)

GetFilteredGroupingPolicy returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetFilteredNamedGroupingPolicy 

func (e *DummyEnforcer) GetFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) ([][]string, error)

GetFilteredNamedGroupingPolicy returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetFilteredNamedPolicy 

func (e *DummyEnforcer) GetFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) ([][]string, error)

GetFilteredNamedPolicy returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetFilteredPolicy 

func (e *DummyEnforcer) GetFilteredPolicy(fieldIndex int, fieldValues ...string) ([][]string, error)

GetFilteredPolicy returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetGroupingPolicy 

func (e *DummyEnforcer) GetGroupingPolicy() ([][]string, error)

GetGroupingPolicy returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetImplicitPermissionsForUser 

func (e *DummyEnforcer) GetImplicitPermissionsForUser(user string, domain ...string) ([][]string, error)

GetImplicitPermissionsForUser returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetImplicitRolesForUser 

func (e *DummyEnforcer) GetImplicitRolesForUser(name string, domain ...string) ([]string, error)

GetImplicitRolesForUser returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetImplicitUsersForPermission 

func (e *DummyEnforcer) GetImplicitUsersForPermission(permission ...string) ([]string, error)

GetImplicitUsersForPermission returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetNamedGroupingPolicy 

func (e *DummyEnforcer) GetNamedGroupingPolicy(ptype string) ([][]string, error)

GetNamedGroupingPolicy returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetNamedPolicy 

func (e *DummyEnforcer) GetNamedPolicy(ptype string) ([][]string, error)

GetNamedPolicy returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetPermissionsForUser 

func (e *DummyEnforcer) GetPermissionsForUser(user string, domain ...string) ([][]string, error)

GetPermissionsForUser returns nil.

func (*DummyEnforcer) GetPermissionsForUserInDomain 

func (e *DummyEnforcer) GetPermissionsForUserInDomain(user string, domain string) [][]string

GetPermissionsForUserInDomain returns nil.

func (*DummyEnforcer) GetPolicy 

func (e *DummyEnforcer) GetPolicy() ([][]string, error)

GetPolicy returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetRolesForUser 

func (e *DummyEnforcer) GetRolesForUser(name string, domains ...string) ([]string, error)

GetRolesForUser returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetRolesForUserInDomain 

func (e *DummyEnforcer) GetRolesForUserInDomain(name string, domain string) []string

GetRolesForUserInDomain returns nil.

func (*DummyEnforcer) GetUsersForRole 

func (e *DummyEnforcer) GetUsersForRole(name string, domains ...string) ([]string, error)

GetUsersForRole returns nil and ErrorUnsupported.

func (*DummyEnforcer) GetUsersForRoleInDomain 

func (e *DummyEnforcer) GetUsersForRoleInDomain(name string, domain string) []string

GetUsersForRoleInDomain returns nil.

func (*DummyEnforcer) HasGroupingPolicy 

func (e *DummyEnforcer) HasGroupingPolicy(params ...interface{}) (bool, error)

HasGroupingPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) HasNamedGroupingPolicy 

func (e *DummyEnforcer) HasNamedGroupingPolicy(ptype string, params ...interface{}) (bool, error)

HasNamedGroupingPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) HasNamedPolicy 

func (e *DummyEnforcer) HasNamedPolicy(ptype string, params ...interface{}) (bool, error)

HasNamedPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) HasPermissionForUser 

func (e *DummyEnforcer) HasPermissionForUser(user string, permission ...string) (bool, error)

HasPermissionForUser returns false and ErrorUnsupported.

func (*DummyEnforcer) HasPolicy 

func (e *DummyEnforcer) HasPolicy(params ...interface{}) (bool, error)

HasPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) HasRoleForUser 

func (e *DummyEnforcer) HasRoleForUser(name string, role string, domain ...string) (bool, error)

HasRoleForUser returns false and ErrorUnsupported

func (*DummyEnforcer) RemoveFilteredGroupingPolicy 

func (e *DummyEnforcer) RemoveFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) (bool, error)

RemoveFilteredGroupingPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) RemoveFilteredNamedGroupingPolicy 

func (e *DummyEnforcer) RemoveFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) (bool, error)

RemoveFilteredNamedGroupingPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) RemoveFilteredNamedPolicy 

func (e *DummyEnforcer) RemoveFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) (bool, error)

RemoveFilteredNamedPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) RemoveFilteredPolicy 

func (e *DummyEnforcer) RemoveFilteredPolicy(fieldIndex int, fieldValues ...string) (bool, error)

RemoveFilteredPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) RemoveGroupingPolicy 

func (e *DummyEnforcer) RemoveGroupingPolicy(params ...interface{}) (bool, error)

RemoveGroupingPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) RemoveNamedGroupingPolicy 

func (e *DummyEnforcer) RemoveNamedGroupingPolicy(ptype string, params ...interface{}) (bool, error)

RemoveNamedGroupingPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) RemoveNamedPolicy 

func (e *DummyEnforcer) RemoveNamedPolicy(ptype string, params ...interface{}) (bool, error)

RemoveNamedPolicy returns false and ErrorUnsupported.

func (*DummyEnforcer) RemovePolicy 

func (e *DummyEnforcer) RemovePolicy(params ...interface{}) (bool, error)

RemovePolicy returns false and ErrorUnsupported.

type FullEnforcer 

type FullEnforcer interface {
	BasicEnforcer
	APIEnforcer
}

FullEnforcer is the interface which describes the full featured Enforcer interface

type SyncedEnforcer 

type SyncedEnforcer struct {
	// contains filtered or unexported fields
}

SyncedEnforcer wraps Enforcer and provides synchronized access

func NewSyncedEnforcer 

func NewSyncedEnforcer(params ...interface{}) (*SyncedEnforcer, error)

NewSyncedEnforcer creates a synchronized enforcer via file or DB.

func (*SyncedEnforcer) AddFunction 

func (e *SyncedEnforcer) AddFunction(name string, function govaluate.ExpressionFunction)

AddFunction adds a customized function.

func (*SyncedEnforcer) AddGroupingPolicy 

func (e *SyncedEnforcer) AddGroupingPolicy(params ...interface{}) (bool, error)

AddGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

func (*SyncedEnforcer) AddNamedGroupingPolicy 

func (e *SyncedEnforcer) AddNamedGroupingPolicy(ptype string, params ...interface{}) (bool, error)

AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

func (*SyncedEnforcer) AddNamedPolicy 

func (e *SyncedEnforcer) AddNamedPolicy(ptype string, params ...interface{}) (bool, error)

AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

func (*SyncedEnforcer) AddPermissionForUser added in v0.2.0 

func (e *SyncedEnforcer) AddPermissionForUser(user string, permission ...string) (bool, error)

func (*SyncedEnforcer) AddPolicy 

func (e *SyncedEnforcer) AddPolicy(params ...interface{}) (bool, error)

AddPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

func (*SyncedEnforcer) AddRoleForUser added in v0.2.0 

func (e *SyncedEnforcer) AddRoleForUser(user string, role string, domain ...string) (bool, error)

func (*SyncedEnforcer) AddRoleForUserInDomain 

func (e *SyncedEnforcer) AddRoleForUserInDomain(user string, role string, domain string) (bool, error)

AddRoleForUserInDomain adds a role for a user inside a domain. Returns false if the user already has the role (aka not affected). 

func (e *SyncedEnforcer) BuildRoleLinks() error

BuildRoleLinks manually rebuild the role inheritance relations.

func (*SyncedEnforcer) ClearPolicy 

func (e *SyncedEnforcer) ClearPolicy()

ClearPolicy clears all policy.

func (*SyncedEnforcer) DeletePermission added in v0.2.0 

func (e *SyncedEnforcer) DeletePermission(permission ...string) (bool, error)

func (*SyncedEnforcer) DeletePermissionForUser added in v0.2.0 

func (e *SyncedEnforcer) DeletePermissionForUser(user string, permission ...string) (bool, error)

func (*SyncedEnforcer) DeletePermissionsForUser added in v0.2.0 

func (e *SyncedEnforcer) DeletePermissionsForUser(user string) (bool, error)

func (*SyncedEnforcer) DeleteRole added in v0.2.0 

func (e *SyncedEnforcer) DeleteRole(role string) (bool, error)

func (*SyncedEnforcer) DeleteRoleForUser added in v0.2.0 

func (e *SyncedEnforcer) DeleteRoleForUser(user string, role string, domain ...string) (bool, error)

func (*SyncedEnforcer) DeleteRoleForUserInDomain 

func (e *SyncedEnforcer) DeleteRoleForUserInDomain(user string, role string, domain string) (bool, error)

DeleteRoleForUserInDomain deletes a role for a user inside a domain. Returns false if the user does not have the role (aka not affected).

func (*SyncedEnforcer) DeleteRolesForUser added in v0.2.0 

func (e *SyncedEnforcer) DeleteRolesForUser(user string, domain ...string) (bool, error)

func (*SyncedEnforcer) DeleteUser added in v0.2.0 

func (e *SyncedEnforcer) DeleteUser(user string) (bool, error)
func (e *SyncedEnforcer) EnableAutoBuildRoleLinks(autoBuildRoleLinks bool)

EnableAutoBuildRoleLinks controls whether to rebuild the role inheritance relations when a role is added or deleted.

func (*SyncedEnforcer) EnableAutoSave 

func (e *SyncedEnforcer) EnableAutoSave(autoSave bool)

EnableAutoSave controls whether to save a policy rule automatically to the adapter when it is added or removed.

func (*SyncedEnforcer) EnableEnforce 

func (e *SyncedEnforcer) EnableEnforce(enable bool)

EnableEnforce changes the enforcing state of Casbin, when Casbin is disabled, all access will be allowed by the Enforce() function.

func (*SyncedEnforcer) EnableLog 

func (e *SyncedEnforcer) EnableLog(enable bool)

EnableLog changes whether Casbin will log messages to the Logger.

func (*SyncedEnforcer) Enforce 

func (e *SyncedEnforcer) Enforce(rvals ...interface{}) (bool, error)

Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).

func (*SyncedEnforcer) EnforceWithMatcher 

func (e *SyncedEnforcer) EnforceWithMatcher(matcher string, rvals ...interface{}) (bool, error)

EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "".

func (*SyncedEnforcer) GetAdapter 

func (e *SyncedEnforcer) GetAdapter() persist.Adapter

GetAdapter gets the current adapter.

func (*SyncedEnforcer) GetAllActions 

func (e *SyncedEnforcer) GetAllActions() ([]string, error)

GetAllActions gets the list of actions that show up in the current policy.

func (*SyncedEnforcer) GetAllNamedActions 

func (e *SyncedEnforcer) GetAllNamedActions(ptype string) ([]string, error)

GetAllNamedActions gets the list of actions that show up in the current named policy.

func (*SyncedEnforcer) GetAllNamedObjects 

func (e *SyncedEnforcer) GetAllNamedObjects(ptype string) ([]string, error)

GetAllNamedObjects gets the list of objects that show up in the current named policy.

func (*SyncedEnforcer) GetAllNamedRoles 

func (e *SyncedEnforcer) GetAllNamedRoles(ptype string) ([]string, error)

GetAllNamedRoles gets the list of roles that show up in the current named policy.

func (*SyncedEnforcer) GetAllNamedSubjects 

func (e *SyncedEnforcer) GetAllNamedSubjects(ptype string) ([]string, error)

GetAllNamedSubjects gets the list of subjects that show up in the current named policy.

func (*SyncedEnforcer) GetAllObjects 

func (e *SyncedEnforcer) GetAllObjects() ([]string, error)

GetAllObjects gets the list of objects that show up in the current policy.

func (*SyncedEnforcer) GetAllRoles 

func (e *SyncedEnforcer) GetAllRoles() ([]string, error)

GetAllRoles gets the list of roles that show up in the current policy.

func (*SyncedEnforcer) GetAllSubjects 

func (e *SyncedEnforcer) GetAllSubjects() ([]string, error)

GetAllSubjects gets the list of subjects that show up in the current policy.

func (*SyncedEnforcer) GetFilteredGroupingPolicy 

func (e *SyncedEnforcer) GetFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) ([][]string, error)

GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.

func (*SyncedEnforcer) GetFilteredNamedGroupingPolicy 

func (e *SyncedEnforcer) GetFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) ([][]string, error)

GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.

func (*SyncedEnforcer) GetFilteredNamedPolicy 

func (e *SyncedEnforcer) GetFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) ([][]string, error)

GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.

func (*SyncedEnforcer) GetFilteredPolicy 

func (e *SyncedEnforcer) GetFilteredPolicy(fieldIndex int, fieldValues ...string) ([][]string, error)

GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.

func (*SyncedEnforcer) GetGroupingPolicy 

func (e *SyncedEnforcer) GetGroupingPolicy() ([][]string, error)

GetGroupingPolicy gets all the role inheritance rules in the policy.

func (*SyncedEnforcer) GetImplicitPermissionsForUser 

func (e *SyncedEnforcer) GetImplicitPermissionsForUser(user string, domain ...string) ([][]string, error)

GetImplicitPermissionsForUser gets implicit permissions for a user or role. Compared to GetPermissionsForUser(), this function retrieves permissions for inherited roles. For example: p, admin, data1, read p, alice, data2, read g, alice, admin

GetPermissionsForUser("alice") can only get: [["alice", "data2", "read"]]. But GetImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].

func (*SyncedEnforcer) GetImplicitRolesForUser 

func (e *SyncedEnforcer) GetImplicitRolesForUser(user string, domain ...string) ([]string, error)

GetImplicitRolesForUser gets implicit roles that a user has. Compared to GetRolesForUser(), this function retrieves indirect roles besides direct roles. For example: g, alice, role:admin g, role:admin, role:user

GetRolesForUser("alice") can only get: ["role:admin"]. But GetImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].

func (*SyncedEnforcer) GetImplicitUsersForPermission 

func (e *SyncedEnforcer) GetImplicitUsersForPermission(permission ...string) ([]string, error)

GetImplicitUsersForPermission gets implicit users for a permission. For example: p, admin, data1, read p, bob, data1, read g, alice, admin

GetImplicitUsersForPermission("data1", "read") will get: ["alice", "bob"]. Note: only users will be returned, roles (2nd arg in "g") will be excluded.

func (*SyncedEnforcer) GetModel 

func (e *SyncedEnforcer) GetModel() model.Model

GetModel gets the current model.

func (*SyncedEnforcer) GetNamedGroupingPolicy 

func (e *SyncedEnforcer) GetNamedGroupingPolicy(ptype string) ([][]string, error)

GetNamedGroupingPolicy gets all the role inheritance rules in the policy.

func (*SyncedEnforcer) GetNamedPolicy 

func (e *SyncedEnforcer) GetNamedPolicy(ptype string) ([][]string, error)

GetNamedPolicy gets all the authorization rules in the named policy.

func (*SyncedEnforcer) GetParentEnforcer 

func (e *SyncedEnforcer) GetParentEnforcer() BasicEnforcer

GetParentEnforcer returns the parent enforcer wrapped by this instance.

func (*SyncedEnforcer) GetPermissionsForUser added in v0.2.0 

func (e *SyncedEnforcer) GetPermissionsForUser(user string, domain ...string) ([][]string, error)

func (*SyncedEnforcer) GetPermissionsForUserInDomain 

func (e *SyncedEnforcer) GetPermissionsForUserInDomain(user string, domain string) [][]string

GetPermissionsForUserInDomain gets permissions for a user or role inside a domain.

func (*SyncedEnforcer) GetPolicy 

func (e *SyncedEnforcer) GetPolicy() ([][]string, error)

GetPolicy gets all the authorization rules in the policy.

func (*SyncedEnforcer) GetRoleManager 

func (e *SyncedEnforcer) GetRoleManager() rbac.RoleManager

GetRoleManager gets the current role manager.

func (*SyncedEnforcer) GetRolesForUser added in v0.2.0 

func (e *SyncedEnforcer) GetRolesForUser(name string, domains ...string) ([]string, error)

func (*SyncedEnforcer) GetRolesForUserInDomain 

func (e *SyncedEnforcer) GetRolesForUserInDomain(name string, domain string) []string

GetRolesForUserInDomain gets the roles that a user has inside a domain.

func (*SyncedEnforcer) GetUsersForRole added in v0.2.0 

func (e *SyncedEnforcer) GetUsersForRole(name string, domains ...string) ([]string, error)

func (*SyncedEnforcer) GetUsersForRoleInDomain 

func (e *SyncedEnforcer) GetUsersForRoleInDomain(name string, domain string) []string

GetUsersForRoleInDomain gets the users that has a role inside a domain. Add by Gordon

func (*SyncedEnforcer) HasGroupingPolicy 

func (e *SyncedEnforcer) HasGroupingPolicy(params ...interface{}) (bool, error)

HasGroupingPolicy determines whether a role inheritance rule exists.

func (*SyncedEnforcer) HasNamedGroupingPolicy 

func (e *SyncedEnforcer) HasNamedGroupingPolicy(ptype string, params ...interface{}) (bool, error)

HasNamedGroupingPolicy determines whether a named role inheritance rule exists.

func (*SyncedEnforcer) HasNamedPolicy 

func (e *SyncedEnforcer) HasNamedPolicy(ptype string, params ...interface{}) (bool, error)

HasNamedPolicy determines whether a named authorization rule exists.

func (*SyncedEnforcer) HasPermissionForUser added in v0.2.0 

func (e *SyncedEnforcer) HasPermissionForUser(user string, permission ...string) (bool, error)

func (*SyncedEnforcer) HasPolicy 

func (e *SyncedEnforcer) HasPolicy(params ...interface{}) (bool, error)

HasPolicy determines whether an authorization rule exists.

func (*SyncedEnforcer) HasRoleForUser added in v0.2.0 

func (e *SyncedEnforcer) HasRoleForUser(name string, role string, domain ...string) (bool, error)

func (*SyncedEnforcer) InitWithAdapter 

func (e *SyncedEnforcer) InitWithAdapter(modelPath string, adapter persist.Adapter) error

InitWithAdapter initializes an enforcer with a database adapter.

func (*SyncedEnforcer) InitWithFile 

func (e *SyncedEnforcer) InitWithFile(modelPath string, policyPath string) error

InitWithFile initializes an enforcer with a model file and a policy file.

func (*SyncedEnforcer) InitWithModelAndAdapter 

func (e *SyncedEnforcer) InitWithModelAndAdapter(m model.Model, adapter persist.Adapter) error

InitWithModelAndAdapter initializes an enforcer with a model and a database adapter.

func (*SyncedEnforcer) IsFiltered 

func (e *SyncedEnforcer) IsFiltered() bool

IsFiltered returns true if the loaded policy has been filtered.

func (*SyncedEnforcer) LoadFilteredPolicy 

func (e *SyncedEnforcer) LoadFilteredPolicy(filter interface{}) error

LoadFilteredPolicy reloads a filtered policy from file/database.

func (*SyncedEnforcer) LoadModel 

func (e *SyncedEnforcer) LoadModel() error

LoadModel reloads the model from the model CONF file. Because the policy is attached to a model, so the policy is invalidated and needs to be reloaded by calling LoadPolicy().

func (*SyncedEnforcer) LoadPolicy 

func (e *SyncedEnforcer) LoadPolicy() error

LoadPolicy reloads the policy from file/database.

func (*SyncedEnforcer) RemoveFilteredGroupingPolicy 

func (e *SyncedEnforcer) RemoveFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) (bool, error)

RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.

func (*SyncedEnforcer) RemoveFilteredNamedGroupingPolicy 

func (e *SyncedEnforcer) RemoveFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) (bool, error)

RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.

func (*SyncedEnforcer) RemoveFilteredNamedPolicy 

func (e *SyncedEnforcer) RemoveFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) (bool, error)

RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.

func (*SyncedEnforcer) RemoveFilteredPolicy 

func (e *SyncedEnforcer) RemoveFilteredPolicy(fieldIndex int, fieldValues ...string) (bool, error)

RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified.

func (*SyncedEnforcer) RemoveGroupingPolicy 

func (e *SyncedEnforcer) RemoveGroupingPolicy(params ...interface{}) (bool, error)

RemoveGroupingPolicy removes a role inheritance rule from the current policy.

func (*SyncedEnforcer) RemoveNamedGroupingPolicy 

func (e *SyncedEnforcer) RemoveNamedGroupingPolicy(ptype string, params ...interface{}) (bool, error)

RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy.

func (*SyncedEnforcer) RemoveNamedPolicy 

func (e *SyncedEnforcer) RemoveNamedPolicy(ptype string, params ...interface{}) (bool, error)

RemoveNamedPolicy removes an authorization rule from the current named policy.

func (*SyncedEnforcer) RemovePolicy 

func (e *SyncedEnforcer) RemovePolicy(params ...interface{}) (bool, error)

RemovePolicy removes an authorization rule from the current policy.

func (*SyncedEnforcer) SavePolicy 

func (e *SyncedEnforcer) SavePolicy() error

SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database.

func (*SyncedEnforcer) SetAdapter 

func (e *SyncedEnforcer) SetAdapter(adapter persist.Adapter)

SetAdapter sets the current adapter.

func (*SyncedEnforcer) SetEffector 

func (e *SyncedEnforcer) SetEffector(eft effector.Effector)

SetEffector sets the current effector.

func (*SyncedEnforcer) SetModel 

func (e *SyncedEnforcer) SetModel(m model.Model)

SetModel sets the current model.

func (*SyncedEnforcer) SetRoleManager 

func (e *SyncedEnforcer) SetRoleManager(rm rbac.RoleManager)

SetRoleManager sets the current role manager.

func (*SyncedEnforcer) SetWatcher 

func (e *SyncedEnforcer) SetWatcher(watcher persist.Watcher) error

SetWatcher sets the current watcher.

func (*SyncedEnforcer) StartAutoLoadPolicy 

func (e *SyncedEnforcer) StartAutoLoadPolicy(d time.Duration)

StartAutoLoadPolicy starts a go routine that will every specified duration call LoadPolicy

func (*SyncedEnforcer) StopAutoLoadPolicy 

func (e *SyncedEnforcer) StopAutoLoadPolicy()

StopAutoLoadPolicy causes the go routine to exit.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.