casbin

package module
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 17, 2017 License: Apache-2.0 Imports: 10 Imported by: 0

README

casbin

Go Report Card Build Status Coverage Status Godoc Release Gitter

casbin is a powerful and efficient open-source access control library for Golang projects. It provides support for enforcing authorization based on various models like ACL, RBAC, ABAC.

In casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. A model CONF can be as simple as:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act

A simple policy for this model is a CSV like:

p, alice, data1, read
p, bob, data2, write

Features

What casbin does:

  1. enforce the policy in the classic {subject, object, action} form or a customized form as you defined.
  2. handle the storage of the access control model and its policy.
  3. manage the role-user mappings and role-role mappings (aka role hierarchy in RBAC).
  4. support built-in superuser like root or administrator. A superuser can do anything without explict permissions.
  5. multiple built-in operators to support the rule matching. For example, keyMatch can map a resource key /foo/bar to the pattern /foo*.

What casbin does NOT do:

  1. authentication (aka verify username and password when a user logs in)
  2. manage the list of users or roles. I believe it's more convenient for the project itself to manage these entities. Users usually have their passwords, and casbin is not designed as a password container. However, casbin stores the user-role mapping for the RBAC scenario.

Installation

go get github.com/hsluoyz/casbin/...

Get started

  1. Initialize an enforcer by specifying a model CONF file and the policy file.
e := &Enforcer{}
e.Init("examples/basic_model.conf", "examples/basic_policy.csv")
  1. Add the enforcement hook into your code before the access happens.
sub := "alice"
obj := "data1"
act := "read"

if e.Enforce(sub, obj, act) == true {
    // permit alice to read data1
} else {
    // deny the request, show an error
}
  1. You can get the roles for a user with our management API.
roles := e.GetRoles("alice")
  1. Please refer to the _test.go files for more usage.

Credits

License

This project is licensed under the Apache 2.0 license.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AssertionMap 

type AssertionMap map[string]*assertion

AssertionMap is the collection of assertions, can be "r", "p", "g", "e", "m".

type Enforcer 

type Enforcer struct {
	// contains filtered or unexported fields
}

Enforcer is the main interface for authorization enforcement and policy management.

func (*Enforcer) AddGroupingPolicy added in v0.0.2 

func (enforcer *Enforcer) AddGroupingPolicy(policy []string)

Add a role inheritance rule to the current policy.

func (*Enforcer) AddGroupingPolicyForPolicyType added in v0.0.2 

func (enforcer *Enforcer) AddGroupingPolicyForPolicyType(ptype string, policy []string)

Add a role inheritance rule to the current policy, policy type can be specified.

func (*Enforcer) AddObjectAttributeFunction added in v0.0.2 

func (enforcer *Enforcer) AddObjectAttributeFunction(function Function)

Add the function that gets attributes for a object in ABAC.

func (*Enforcer) AddPolicy added in v0.0.2 

func (enforcer *Enforcer) AddPolicy(policy []string)

Add an authorization rule to the current policy.

func (*Enforcer) AddPolicyForPolicyType added in v0.0.2 

func (enforcer *Enforcer) AddPolicyForPolicyType(ptype string, policy []string)

Add an authorization rule to the current policy, policy type can be specified.

func (*Enforcer) AddSubjectAttributeFunction added in v0.0.2 

func (enforcer *Enforcer) AddSubjectAttributeFunction(function Function)

Add the function that gets attributes for a subject in ABAC.

func (*Enforcer) Enable added in v0.0.2 

func (enforcer *Enforcer) Enable(enable bool)

Change the enforcing state of casbin, when casbin is disabled, all access will be allowed by the Enforce() function.

func (*Enforcer) Enforce added in v0.0.2 

func (enforcer *Enforcer) Enforce(rvals ...string) bool

Decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).

func (*Enforcer) GetAllActions added in v0.0.2 

func (enforcer *Enforcer) GetAllActions() []string

Get the list of actions that show up in the current policy.

func (*Enforcer) GetAllObjects added in v0.0.2 

func (enforcer *Enforcer) GetAllObjects() []string

Get the list of objects that show up in the current policy.

func (*Enforcer) GetAllRoles added in v0.0.2 

func (enforcer *Enforcer) GetAllRoles() []string

Get the list of roles that show up in the current policy.

func (*Enforcer) GetAllSubjects added in v0.0.2 

func (enforcer *Enforcer) GetAllSubjects() []string

Get the list of subjects that show up in the current policy.

func (*Enforcer) GetFilteredPolicy added in v0.0.2 

func (enforcer *Enforcer) GetFilteredPolicy(fieldIndex int, fieldValue string) [][]string

Get all the authorization rules in the policy, a field filter can be specified.

func (*Enforcer) GetFilteredPolicyForPolicyType added in v0.0.2 

func (enforcer *Enforcer) GetFilteredPolicyForPolicyType(ptype string, fieldIndex int, fieldValue string) [][]string

Get all the authorization rules in the policy, a field filter can be specified, policy type can be specified.

func (*Enforcer) GetGroupingPolicy added in v0.0.2 

func (enforcer *Enforcer) GetGroupingPolicy() [][]string

Get all the role inheritance rules in the policy.

func (*Enforcer) GetGroupingPolicyForPolicyType added in v0.0.2 

func (enforcer *Enforcer) GetGroupingPolicyForPolicyType(ptype string) [][]string

Get all the role inheritance rules in the policy, policy type can be specified.

func (*Enforcer) GetPolicy added in v0.0.2 

func (enforcer *Enforcer) GetPolicy() [][]string

Get all the authorization rules in the policy.

func (*Enforcer) GetPolicyForPolicyType added in v0.0.2 

func (enforcer *Enforcer) GetPolicyForPolicyType(ptype string) [][]string

Get all the authorization rules in the policy, policy type can be specified.

func (*Enforcer) GetRoles added in v0.0.2 

func (enforcer *Enforcer) GetRoles(name string) []string

Get the roles assigned to a subject.

func (*Enforcer) GetRolesForPolicyType added in v0.0.2 

func (enforcer *Enforcer) GetRolesForPolicyType(ptype string, name string) []string

Get the roles assigned to a subject, policy type can be specified.

func (*Enforcer) Init added in v0.0.2 

func (enforcer *Enforcer) Init(modelPath string, policyPath string)

Initialize an enforcer with a model file and a policy file.

func (*Enforcer) LoadAll added in v0.0.2 

func (enforcer *Enforcer) LoadAll()

Reload the model file and policy file, usually used when those files have been changed.

func (*Enforcer) LoadPolicy added in v0.0.2 

func (enforcer *Enforcer) LoadPolicy()

Reload the policy file only.

func (*Enforcer) RemoveGroupingPolicy added in v0.0.2 

func (enforcer *Enforcer) RemoveGroupingPolicy(policy []string)

Remove a role inheritance rule from the current policy.

func (*Enforcer) RemoveGroupingPolicyForPolicyType added in v0.0.2 

func (enforcer *Enforcer) RemoveGroupingPolicyForPolicyType(ptype string, policy []string)

Remove a role inheritance rule from the current policy, policy type can be specified.

func (*Enforcer) RemovePolicy added in v0.0.2 

func (enforcer *Enforcer) RemovePolicy(policy []string)

Remove an authorization rule from the current policy.

func (*Enforcer) RemovePolicyForPolicyType added in v0.0.2 

func (enforcer *Enforcer) RemovePolicyForPolicyType(ptype string, policy []string)

Remove an authorization rule from the current policy, policy type can be specified.

func (*Enforcer) SavePolicy added in v0.0.2 

func (enforcer *Enforcer) SavePolicy()

Save the current policy (usually changed with casbin API) back to the policy file.

type Function added in v0.0.2 

type Function func(args ...interface{}) (interface{}, error)

Function represents a function that is used in the matchers, used to get attributes in ABAC.

type FunctionMap added in v0.0.2 

type FunctionMap map[string]func(args ...interface{}) (interface{}, error)

FunctionMap represents the collection of Function.

type Model 

type Model map[string]AssertionMap

Model represents the whole access control model.

type Role 

type Role struct {
	// contains filtered or unexported fields
}

Role is the data structure for a role in RBAC.

type RoleManager 

type RoleManager struct {
	// contains filtered or unexported fields
}

RoleManager is the interface to manage the roles in RBAC.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.