RBAC API
一个更友好的RBAC API。 这个API是Management API的子集。 RBAC用户可以使用这个API来简化代码。
参考
全局变量 e
是实施者实例。
e, err := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')
$e = new Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv');
var e = new Enforcer("path/to/model.conf", "path/to/policy.csv");
let mut e = Enforcer::new("examples/rbac_model.conf", "examples/rbac_policy.csv").await?;
GetRolesForUser()
GetRolesForUser 获取用户具有的角色。
例如:
GoNode.jsPHP.NETRustres := e.GetRolesForUser("alice")
const res = await e.getRolesForUser('alice')
$res = $e->getRolesForUser("alice");
var res = e.GetRolesForUser("alice");
let roles = e.get_roles_for_user("alice", None); // 无域
GetUsersForRole()
GetUsersForRole 获取具有角色的用户。
例如:
GoNode.jsPHP.NETRustres := e.GetUsersForRole("data1_admin")
const res = await e.getUsersForRole('data1_admin')
$res = $e->getUsersForRole("data1_admin");
var res = e.GetUsersForRole("data1_admin");
let users = e.get_users_for_role("data1_admin", None); // No domain
HasRoleForUser()
HasRoleForUser 确定用户是否具有角色。
例如:
GoNode.jsPHP.NETRustres := e.HasRoleForUser("alice", "data1_admin")
const res = await e.hasRoleForUser('alice', 'data1_admin')
$res = $e->hasRoleForUser("alice", "data1_admin");
var res = e.HasRoleForUser("alice", "data1_admin");
let has = e.has_role_for_user("alice", "data1_admin", None); // No domain
AddRoleForUser()
AddRoleForUser 为用户添加角色。 如果用户已经拥有该角色(aka不受影响),则返回false。
例如:
GoNode.jsPHP.NETRuste.AddRoleForUser("alice", "data2_admin")
await e.addRoleForUser('alice', 'data2_admin')
$e->addRoleForUser("alice", "data2_admin");
var added = e.AddRoleForUser("alice", "data2_admin");
or
var added = await e.AddRoleForUserAsync("alice", "data2_admin");
let added = e.add_role_for_user("alice", "data2_admin", None).await?; // No domain
AddRolesForUser()
AddRolesForUser 为用户添加多个角色。 如果用户已经拥有该角色,则返回false。(不会受影响)
例如:
Rustlet roles = vec!["data1_admin".to_owned(), "data2_admin".to_owned()];
let all_added = e.add_roles_for_user("alice", roles, None).await?; // 无域
DeleteRoleForUser()
DeleteRoleForUser 删除用户的角色。 如果用户没有该角色,则返回false。(不会产生影响)
例如:
GoNode.jsPHP.NETRuste.DeleteRoleForUser("alice", "data1_admin")
await e.deleteRoleForUser('alice', 'data1_admin')
$e->deleteRoleForUser("alice", "data1_admin");
var deleted = e.DeleteRoleForUser("alice", "data1_admin");
or
var deleted = await e.DeleteRoleForUser("alice", "data1_admin");
let deleted = e.delete_role_for_user("alice", "data1_admin", None).await?; // No domain
DeleteRolesForUser()
DeleteRolesForUser 删除用户的所有角色。 如果用户没有任何角色,则返回false。(不会受到影响)
例如:
GoNode.jsPHP.NETRuste.DeleteRolesForUser("alice")
await e.deleteRolesForUser('alice')
$e->deleteRolesForUser("alice");
var deletedAtLeastOne = e.DeleteRolesForUser("alice");
或
var deletedAtLeastOne = await e.DeleteRolesForUserAsync("alice");
let deleted_at_least_one = e.delete_roles_for_user("alice", None).await?; // 无域
DeleteUser()
DeleteUser 删除一个用户。 如果用户不存在,则返回false(也就是说不受影响)。
例如:
GoNode.jsPHP.NETRuste.DeleteUser("alice")
await e.deleteUser('alice')
$e->deleteUser("alice");
var deleted = e.DeleteUser("alice");
or
var deleted = await e.DeleteUserAsync("alice");
let deleted = e.delete_user("alice").await?;
DeleteRole()
DeleteRole 删除一个角色。
例如:
GoNode.jsPHP.NETRuste.DeleteRole("data2_admin")
await e.deleteRole("data2_admin")
$e->deleteRole("data2_admin");
var deleted = e.DeleteRole("data2_admin");
or
var deleted = await e.DeleteRoleAsync("data2_admin");
let deleted = e.delete_role("data2_admin").await?;
DeletePermission()
DeletePermission 删除权限。 如果权限不存在,则返回false(也就是说不受影响)。
例如:
GoNode.jsPHP.NETRuste.DeletePermission("read")
await e.deletePermission('read')
$e->deletePermission("read");
var deleted = e.DeletePermission("read");
或
var deleted = await e.DeletePermissionAsync("read");
let deleted = e.delete_permission(vec!["read".to_owned()]).await?;
AddPermissionForUser()
AddPermissionForUser 为用户或角色添加权限。 如果用户或角色已经拥有该权限(也就是不受影响),则返回false。
例如:
GoNode.jsPHP.NETRuste.AddPermissionForUser("bob", "read")
await e.addPermissionForUser('bob', 'read')
$e->addPermissionForUser("bob", "read");
var added = e.AddPermissionForUser("bob", "read");
或
var added = await e.AddPermissionForUserAsync("bob", "read");
let added = e.add_permission_for_user("bob", vec!["read".to_owned()]).await?;
AddPermissionsForUser()
AddPermissionForUser 为用户或角色添加多个权限。 如果用户或角色已经有一个权限,则返回 false (不会受影响)。
例如:
Rustlet permissions = vec![
vec!["data1".to_owned(), "read".to_owned()],
vec!["data2".to_owned(), "write".to_owned()],
];
let all_added = e.add_permissions_for_user("bob", permissions).await?;
DeletePermissionForUser()
DeletePermissionForUser 删除用户或角色的权限。 如果用户或角色没有权限则返回 false(不会受影响)。
例如:
GoNode.jsPHP.NETRuste.DeletePermissionForUser("bob", "read")
await e.deletePermissionForUser("bob", "read")
$e->deletePermissionForUser("bob", "read");
var deleted = e.DeletePermissionForUser("bob", "read");
or
var deleted = await e.DeletePermissionForUserAsync("bob", "read");
let deleted = e.delete_permission_for_user("bob", vec!["read".to_owned()]).await?;
DeletePermissionsForUser()
DeletePermissionsForUser 删除用户或角色的权限。 如果用户或角色没有任何权限(也就是不受影响),则返回false。
例如:
GoNode.jsPHP.NETRuste.DeletePermissionsForUser("bob")
await e.deletePermissionsForUser('bob')
$e->deletePermissionsForUser("bob");
var deletedAtLeastOne = e.DeletePermissionsForUser("bob");
或
var deletedAtLeastOne = await e.DeletePermissionsForUserAsync("bob");
let deleted_at_least_one = e.delete_permissions_for_user("bob").await?;
GetPermissionsForUser()
GetPermissionsForUser 获取用户或角色的权限。
例如:
GoNode.jsPHP.NETe.GetPermissionsForUser("bob")
await e.getPermissionsForUser('bob')
$e->getPermissionsForUser("bob");
var permissions = e.GetPermissionsForUser("bob");
HasPermissionForUser()
HasPermissionForUser 确定用户是否具有权限。
例如:
GoNode.jsPHP.NETRuste.HasPermissionForUser("alice", []string{"read"})
await e.hasPermissionForUser('alice', 'read')
$e->hasPermissionForUser("alice", []string{"read"});
var has = e.HasPermissionForUser("bob", "read");
let has = e.has_permission_for_user("alice", vec!["data1".to_owned(), "read".to_owned()]);
GetImplicitRolesForUser()
GetImplicitRolesForUser 获取用户具有的隐式角色。 与GetRolesForUser() 相比,该函数除了直接角色外还检索间接角色。
例如:
g, Alice, role:admin
g, role:admin, role:user
GetRolesForUser("Alice") 只能获取:["role:admin"]。
但 GetImplicitRolesForUser("alice") 将获取:["role:admin", "role:user"]。
例如:
GoNode.jsPHP.NETRuste.GetImplicitRolesForUser("alice")
await e.getImplicitRolesForUser("alice")
$e->getImplicitRolesForUser("alice");
var implicitRoles = e.GetImplicitRolesForUser("alice");
e.get_implicit_roles_for_user("alice", None); // No domain
GetImplicitUsersForRole()
GetImplicitUsersForRole 获取所有继承该角色的用户 与GetUsersForRole() 相比,这个函数检索间接用户。
例如:
g, alice, role:admin
g, role:admin, role:user
GetRolesForUser("Alice") 只能获取:["role:admin"]。
但 GetImplicitUsersForRole("role:alice") 将获取:["role:admin", "alice"]。
例如:
Gousers := e.GetImplicitUsersForRole("role:user")
GetImplicitPermissionsForUser()
GetImplicitPermissionsForUser 获得用户或角色的隐含权限。
与GetPermissionsForUser() 相比,此函数获取继承角色的权限。
例如:
p, admin, data1, read
p, alice, data2, read
g, alice, admin
GetPermissionsForUser("alice") 只能获取:[["alice", "data 2", "read"]]。
但GetImplicitPermissionsForUser("alice") 将获取:[["admin", "data1", "read"], ["alice", "data2", "read"]]。
例如:
GoNode.jsPHP.NETRuste.GetImplicitPermissionsForUser("alice")
await e.getImplicitPermissionsForUser("alice")
$e->getImplicitPermissionsForUser("alice");
var implicitPermissions = e.GetImplicitPermissionsForUser("alice");
e.get_implicit_permissions_for_user("alice", None); // 无域
GetDomainsForUser()
GetDomainsForUser 获取用户拥有的所有域名。
例如: p, admin, domain1, data1, read p, admin, domain2, data2, read p, admin, domain2, data2, write g, alice, admin, domain1 g, alice, admin, domain2
GetDomainsForUser("Alice") 可以获取 ["domain1", "domain2"]
例如:
Goresult, err := e.GetDomainsForUser("alice")
GetImplicitResourcesForUser()
GetImplicitResourcesForUser 返回为true的策略给用户。
例如:
p, alice, data1, read
p, bob, data2, write
p, data2_admin, data2, read
p, data2_admin, data2, write
g, alice, data2_admin
GetImplicitResourcesForUser("alice") 将返回 [[alice data1 read] [alice data2 read] [alice data2 write]]
resources, err := e.GetImplicitResourcesForUser("alice")
← 管理 API域内基于角色的访问控制 API →