Management API
The primitive API that provides full support for Casbin policy management.
Filtered API
Almost all filtered api has the same parameters (fieldIndex int, fieldValues ...string). fieldIndex is the index where matching start, fieldValues denotes the values result should have. Note that empty string in fieldValues could be any word.
Example:
p, alice, book, read
p, bob, book, read
p, bob, book, write
p, alice, pen, get
p, bob, pen ,get
e.GetFilteredPolicy(1, "book") // will return: [[alice book read] [bob book read] [bob book write]]
e.GetFilteredPolicy(1, "book", "read") // will return: [[alice book read] [bob book read]]
e.GetFilteredPolicy(0, "alice", "", "read") // will return: [[alice book read]]
e.GetFilteredPolicy(0, "alice") // will return: [[alice book read] [alice pen get]]
Reference
global variable e is Enforcer instance.
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
e, err := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
const e = await newEnforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')
$e = new Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv');
e = casbin.Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
var e = new Enforcer("path/to/model.conf", "path/to/policy.csv");
let mut e = Enforce::new("examples/rbac_model.conf", "examples/rbac_policy.csv").await?;
Enforcer e = new Enforcer("examples/rbac_model.conf", "examples/rbac_policy.csv");
Enforce()
Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).
For example:
- Go
- Node.js
- PHP
- Python
- Java
ok, err := e.Enforce(request)
const ok = await e.enforce(request);
$ok = $e->enforcer($request);
ok = e.enforcer(request)
boolean ok = e.enforce(request);
EnforceWithMatcher()
EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "".
For example:
- Go
- PHP
- Python
- Java
ok, err := e.EnforceWithMatcher(matcher, request)
$ok = $e->enforceWithMatcher($matcher, $request);
ok = e.enforce_with_matcher(matcher, request)
boolean ok = e.enforceWithMatcher(matcher, request);
EnforceEx()
EnforceEx explain enforcement by informing matched rules.
For example:
- Go
- Node.js
- PHP
- Python
ok, reason, err := e.EnforceEx(request)
const ok = await e.enforceEx(request);
list($ok, $reason) = $e->enforceEx($request);
ok, reason = e.enforce_ex(request)
EnforceExWithMatcher()
EnforceExWithMatcher use a custom matcher and explain enforcement by informing matched rules.
For example:
- Go
ok, reason, err := e.EnforceExWithMatcher(matcher, request)
BatchEnforce()
BatchEnforce enforces each request and returns result in a bool array
For example:
- Go
- Node.js
- Java
boolArray, err := e.BatchEnforce(requests)
const boolArray = await e.batchEnforce(requests);
List<Boolean> boolArray = e.batchEnforce(requests);
GetAllSubjects()
GetAllSubjects gets the list of subjects that show up in the current policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
allSubjects := e.GetAllSubjects()
const allSubjects = await e.getAllSubjects()
$allSubjects = $e->getAllSubjects();
all_subjects = e.get_all_subjects()
var allSubjects = e.GetAllSubjects();
let all_subjects = e.get_all_subjects();
List<String> allSubjects = e.getAllSubjects();
GetAllNamedSubjects()
GetAllNamedSubjects gets the list of subjects that show up in the current named policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
allNamedSubjects := e.GetAllNamedSubjects("p")
const allNamedSubjects = await e.getAllNamedSubjects('p')
$allNamedSubjects = $e->getAllNamedSubjects("p");
all_named_subjects = e.get_all_named_subjects("p")
var allNamedSubjects = e.GetAllNamedSubjects("p");
let all_named_subjects = e.get_all_named_subjects("p");
List<String> allNamedSubjects = e.getAllNamedSubjects("p");
GetAllObjects()
GetAllObjects gets the list of objects that show up in the current policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
allObjects := e.GetAllObjects()
const allObjects = await e.getAllObjects()
$allObjects = $e->getAllObjects();
all_objects = e.get_all_objects()
var allObjects = e.GetAllObjects();
let all_objects = e.get_all_objects();
List<String> allObjects = e.getAllObjects();
GetAllNamedObjects()
GetAllNamedObjects gets the list of objects that show up in the current named policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
allNamedObjects := e.GetAllNamedObjects("p")
const allNamedObjects = await e.getAllNamedObjects('p')
$allNamedObjects = $e->getAllNamedObjects("p");
all_named_objects = e.get_all_named_objects("p")
var allNamedObjects = e.GetAllNamedObjects("p");
let all_named_objects = e.get_all_named_objects("p");
List<String> allNamedObjects = e.getAllNamedObjects("p");
GetAllActions()
GetAllActions gets the list of actions that show up in the current policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
allActions := e.GetAllActions()
const allActions = await e.getAllActions()
$allActions = $e->getAllActions();
all_actions = e.get_all_actions()
var allActions = e.GetAllActions();
let all_actions = e.get_all_actions();
List<String> allActions = e.getAllActions();
GetAllNamedActions()
GetAllNamedActions gets the list of actions that show up in the current named policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
allNamedActions := e.GetAllNamedActions("p")
const allNamedActions = await e.getAllNamedActions('p')
$allNamedActions = $e->getAllNamedActions("p");
all_named_actions = e.get_all_named_actions("p")
var allNamedActions = e.GetAllNamedActions("p");
let all_named_actions = e.get_all_named_actions("p");
List<String> allNamedActions = e.getAllNamedActions("p");
GetAllRoles()
GetAllRoles gets the list of roles that show up in the current policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
allRoles = e.GetAllRoles()
const allRoles = await e.getAllRoles()
$allRoles = $e->getAllRoles();
all_roles = e.get_all_roles()
var allRoles = e.GetAllRoles();
let all_roles = e.get_all_roles();
List<String> allRoles = e.getAllRoles();
GetAllNamedRoles()
GetAllNamedRoles gets the list of roles that show up in the current named policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
allNamedRoles := e.GetAllNamedRoles("g")
const allNamedRoles = await e.getAllNamedRoles('g')
$allNamedRoles = $e->getAllNamedRoles('g');
all_named_roles = e.get_all_named_roles("g")
var allNamedRoles = e.GetAllNamedRoles("g");
let all_named_roles = e.get_all_named_roles("g");
List<String> allNamedRoles = e.getAllNamedRoles("g");
GetPolicy()
GetPolicy gets all the authorization rules in the policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
policy = e.GetPolicy()
const policy = await e.getPolicy()
$policy = $e->getPolicy();
policy = e.get_policy()
var policy = e.GetPolicy();
let policy = e.get_policy();
List<List<String>> policy = e.getPolicy();
GetFilteredPolicy()
GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
filteredPolicy := e.GetFilteredPolicy(0, "alice")
const filteredPolicy = await e.getFilteredPolicy(0, 'alice')
$filteredPolicy = $e->getFilteredPolicy(0, "alice");
filtered_policy = e.get_filtered_policy(0, "alice")
var filteredPolicy = e.GetFilteredPolicy(0, "alice");
let filtered_policy = e.get_filtered_policy(0, vec!["alice".to_owned()]);
List<List<String>> filteredPolicy = e.getFilteredPolicy(0, "alice");
GetNamedPolicy()
GetNamedPolicy gets all the authorization rules in the named policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
namedPolicy := e.GetNamedPolicy("p")
const namedPolicy = await e.getNamedPolicy('p')
$namedPolicy = $e->getNamedPolicy("p");
named_policy = e.get_named_policy("p")
var namedPolicy = e.GetNamedPolicy("p");
let named_policy = e.get_named_policy("p");
List<List<String>> namedPolicy = e.getNamedPolicy("p");
GetFilteredNamedPolicy()
GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
filteredNamedPolicy = e.GetFilteredNamedPolicy("p", 0, "bob")
const filteredNamedPolicy = await e.getFilteredNamedPolicy('p', 0, 'bob')
$filteredNamedPolicy = $e->getFilteredNamedPolicy("p", 0, "bob");
filtered_named_policy = e.get_filtered_named_policy("p", 0, "alice")
var filteredNamedPolicy = e.GetFilteredNamedPolicy("p", 0, "alice");
let filtered_named_policy = e.get_filtered_named_policy("p", 0, vec!["bob".to_owned()]);
List<List<String>> filteredNamedPolicy = e.getFilteredNamedPolicy("p", 0, "bob");
GetGroupingPolicy()
GetGroupingPolicy gets all the role inheritance rules in the policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
groupingPolicy := e.GetGroupingPolicy()
const groupingPolicy = await e.getGroupingPolicy()
$groupingPolicy = $e->getGroupingPolicy();
grouping_policy = e.get_grouping_policy()
var groupingPolicy = e.GetGroupingPolicy();
let grouping_policy = e.get_grouping_policy();
List<List<String>> groupingPolicy = e.getGroupingPolicy();
GetFilteredGroupingPolicy()
GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
filteredGroupingPolicy := e.GetFilteredGroupingPolicy(0, "alice")
const filteredGroupingPolicy = await e.getFilteredGroupingPolicy(0, 'alice')
$filteredGroupingPolicy = $e->getFilteredGroupingPolicy(0, "alice");
filtered_grouping_policy = e.get_filtered_grouping_policy(0, "alice")
var filteredGroupingPolicy = e.GetFilteredGroupingPolicy(0, "alice");
let filtered_grouping_policy = e.get_filtered_grouping_policy(0, vec!["alice".to_owned()]);
List<List<String>> filteredGroupingPolicy = e.getFilteredGroupingPolicy(0, "alice");
GetNamedGroupingPolicy()
GetNamedGroupingPolicy gets all the role inheritance rules in the policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
namedGroupingPolicy := e.GetNamedGroupingPolicy("g")
const namedGroupingPolicy = await e.getNamedGroupingPolicy('g')
$namedGroupingPolicy = $e->getNamedGroupingPolicy("g");
named_grouping_policy = e.get_named_grouping_policy("g")
var namedGroupingPolicy = e.GetNamedGroupingPolicy("g");
let named_grouping_policy = e.get_named_grouping_policy("g");
List<List<String>> namedGroupingPolicy = e.getNamedGroupingPolicy("g");
GetFilteredNamedGroupingPolicy()
GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
namedGroupingPolicy := e.GetFilteredNamedGroupingPolicy("g", 0, "alice")
const namedGroupingPolicy = await e.getFilteredNamedGroupingPolicy('g', 0, 'alice')
$namedGroupingPolicy = $e->getFilteredNamedGroupingPolicy("g", 0, "alice");
named_grouping_policy = e.get_filtered_named_grouping_policy("g", 0, "alice")
var namedGroupingPolicy = e.GetFilteredNamedGroupingPolicy("g", 0, "alice");
let named_grouping_policy = e.get_filtered_named_groupingPolicy("g", 0, vec!["alice".to_owned()]);
List<List<String>> filteredNamedGroupingPolicy = e.getFilteredNamedGroupingPolicy("g", 0, "alice");
HasPolicy()
HasPolicy determines whether an authorization rule exists.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
hasPolicy := e.HasPolicy("data2_admin", "data2", "read")
const hasPolicy = await e.hasPolicy('data2_admin', 'data2', 'read')
$hasPolicy = $e->hasPolicy('data2_admin', 'data2', 'read');
has_policy = e.has_policy("data2_admin", "data2", "read")
var hasPolicy = e.HasPolicy("data2_admin", "data2", "read");
let has_policy = e.has_policy(vec!["data2_admin".to_owned(), "data2".to_owned(), "read".to_owned()]);
boolean hasPolicy = e.hasPolicy("data2_admin", "data2", "read");
HasNamedPolicy()
HasNamedPolicy determines whether a named authorization rule exists.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
hasNamedPolicy := e.HasNamedPolicy("p", "data2_admin", "data2", "read")
const hasNamedPolicy = await e.hasNamedPolicy('p', 'data2_admin', 'data2', 'read')
$hasNamedPolicy = $e->hasNamedPolicy("p", "data2_admin", "data2", "read");
has_named_policy = e.has_named_policy("p", "data2_admin", "data2", "read")
var hasNamedPolicy = e.HasNamedPolicy("p", "data2_admin", "data2", "read");
let has_named_policy = e.has_named_policy("p", vec!["data2_admin".to_owned(), "data2".to_owned(), "read".to_owned()]);
boolean hasNamedPolicy = e.hasNamedPolicy("p", "data2_admin", "data2", "read");
AddPolicy()
AddPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
added := e.AddPolicy('eve', 'data3', 'read')
const p = ['eve', 'data3', 'read']
const added = await e.addPolicy(...p)
$added = $e->addPolicy('eve', 'data3', 'read');
added = e.add_policy("eve", "data3", "read")
var added = e.AddPolicy("eve", "data3", "read");
or
var added = await e.AddPolicyAsync("eve", "data3", "read");
let added = e.add_policy(vec!["eve".to_owned(), "data3".to_owned(), "read".to_owned()]);
boolean added = e.addPolicy("eve", "data3", "read");
AddPolicies()
AddPolicies adds authorization rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
For example:
- Go
- Node.js
- Python
- Rust
- Java
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddPolicies(rules)
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesAdded = await e.addPolicies(rules);
rules = [
["jack", "data4", "read"],
["katy", "data4", "write"],
["leyo", "data4", "read"],
["ham", "data4", "write"]
]
are_rules_added = e.add_policies(rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_added = e.add_policies(rules).await?
String[][] rules = {
{"jack", "data4", "read"},
{"katy", "data4", "write"},
{"leyo", "data4", "read"},
{"ham", "data4", "write"},
};
boolean areRulesAdded = e.addPolicies(rules);
AddPoliciesEx()
AddPoliciesEx adds authorization rules to the current policy. If the rule already exists, the rule will not be added. But unlike AddPolicies, other non-existent rules are added instead of returning false directly
For example:
- Go
ok, err := e.AddPoliciesEx([][]string{{"user1", "data1", "read"}, {"user2", "data2", "read"}})
AddNamedPolicy()
AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
added := e.AddNamedPolicy("p", "eve", "data3", "read")
const p = ['eve', 'data3', 'read']
const added = await e.addNamedPolicy('p', ...p)
$added = $e->addNamedPolicy("p", "eve", "data3", "read");
added = e.add_named_policy("p", "eve", "data3", "read")
var added = e.AddNamedPolicy("p", "eve", "data3", "read");
or
var added = await e.AddNamedPolicyAsync("p", "eve", "data3", "read");
let added = e.add_named_policy("p", vec!["eve".to_owned(), "data3".to_owned(), "read".to_owned()]).await?;
boolean added = e.addNamedPolicy("p", "eve", "data3", "read");
AddNamedPolicies()
AddNamedPolicies adds authorization rules to the current named policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
For example:
- Go
- Node.js
- Python
- Rust
- Java
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesAdded := e.AddNamedPolicies("p", rules)
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesAdded = await e.addNamedPolicies('p', rules);
rules = [
["jack", "data4", "read"],
["katy", "data4", "write"],
["leyo", "data4", "read"],
["ham", "data4", "write"]
]
are_rules_added = e.add_named_policies("p", rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_added := e.add_named_policies("p", rules).await?;
List<List<String>> rules = Arrays.asList(
Arrays.asList("jack", "data4", "read"),
Arrays.asList("katy", "data4", "write"),
Arrays.asList("leyo", "data4", "read"),
Arrays.asList("ham", "data4", "write")
);
boolean areRulesAdded = e.addNamedPolicies("p", rules);
AddNamedPoliciesEx()
AddNamedPoliciesEx adds authorization rules to the current named policy. If the rule already exists, the rule will not be added. But unlike AddNamedPolicies, other non-existent rules are added instead of returning false directly
For example:
- Go
ok, err := e.AddNamedPoliciesEx("p", [][]string{{"user1", "data1", "read"}, {"user2", "data2", "read"}})
SelfAddPoliciesEx()
SelfAddPoliciesEx adds authorization rules to the current named policy with autoNotifyWatcher disabled. If the rule already exists, the rule will not be added. But unlike SelfAddPolicies, other non-existent rules are added instead of returning false directly
For example:
- Go
ok, err := e.SelfAddPoliciesEx("p", "p", [][]string{{"user1", "data1", "read"}, {"user2", "data2", "read"}})
RemovePolicy()
RemovePolicy removes an authorization rule from the current policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
removed := e.RemovePolicy("alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removePolicy(...p)
$removed = $e->removePolicy("alice", "data1", "read");
removed = e.remove_policy("alice", "data1", "read")
var removed = e.RemovePolicy("alice", "data1", "read");
or
var removed = await e.RemovePolicyAsync("alice", "data1", "read");
let removed = e.remove_policy(vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
boolean removed = e.removePolicy("alice", "data1", "read");
RemovePolicies()
RemovePolicies removes authorization rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
For example:
- Go
- Node.js
- Python
- Rust
- Java
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemovePolicies(rules)
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesRemoved = await e.removePolicies(rules);
rules = [
["jack", "data4", "read"],
["katy", "data4", "write"],
["leyo", "data4", "read"],
["ham", "data4", "write"]
]
are_rules_removed = e.remove_policies(rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let are_rules_removed = e.remove_policies(rules).await?;
String[][] rules = {
{"jack", "data4", "read"},
{"katy", "data4", "write"},
{"leyo", "data4", "read"},
{"ham", "data4", "write"},
};
boolean areRulesRemoved = e.removePolicies(rules);
RemoveFilteredPolicy()
RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. RemovePolicy removes an authorization rule from the current policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
removed := e.RemoveFilteredPolicy(0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredPolicy(0, ...p)
$removed = $e->removeFilteredPolicy(0, "alice", "data1", "read");
removed = e.remove_filtered_policy(0, "alice", "data1", "read")
var removed = e.RemoveFilteredPolicy("alice", "data1", "read");
or
var removed = await e.RemoveFilteredPolicyAsync("alice", "data1", "read");
let removed = e.remove_filtered_policy(0, vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
boolean removed = e.removeFilteredPolicy(0, "alice", "data1", "read");
RemoveNamedPolicy()
RemoveNamedPolicy removes an authorization rule from the current named policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
removed := e.RemoveNamedPolicy("p", "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeNamedPolicy('p', ...p)
$removed = $e->removeNamedPolicy("p", "alice", "data1", "read");
removed = e.remove_named_policy("p", "alice", "data1", "read")
var removed = e.RemoveNamedPolicy("p", "alice", "data1", "read");
or
var removed = await e.RemoveNamedPolicyAsync("p", "alice", "data1", "read");
let removed = e.remove_named_policy("p", vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
boolean removed = e.removeNamedPolicy("p", "alice", "data1", "read");
RemoveNamedPolicies()
RemoveNamedPolicies removes authorization rules from the current named policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
For example:
- Go
- Node.js
- Python
- Rust
- Java
rules := [][] string {
[]string {"jack", "data4", "read"},
[]string {"katy", "data4", "write"},
[]string {"leyo", "data4", "read"},
[]string {"ham", "data4", "write"},
}
areRulesRemoved := e.RemoveNamedPolicies("p", rules)
const rules = [
['jack', 'data4', 'read'],
['katy', 'data4', 'write'],
['leyo', 'data4', 'read'],
['ham', 'data4', 'write']
];
const areRulesRemoved = await e.removeNamedPolicies('p', rules);
rules = [
["jack", "data4", "read"],
["katy", "data4", "write"],
["leyo", "data4", "read"],
["ham", "data4", "write"]
]
are_rules_removed = e.remove_named_policies("p", rules)
let rules = vec![
vec!["jack".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["katy".to_owned(), "data4".to_owned(), "write".to_owned()],
vec!["leyo".to_owned(), "data4".to_owned(), "read".to_owned()],
vec!["ham".to_owned(), "data4".to_owned(), "write".to_owned()],
];
let areRulesRemoved = e.remove_named_policies("p", rules).await?;
List<List<String>> rules = Arrays.asList(
Arrays.asList("jack", "data4", "read"),
Arrays.asList("katy", "data4", "write"),
Arrays.asList("leyo", "data4", "read"),
Arrays.asList("ham", "data4", "write")
);
boolean areRulesRemoved = e.removeNamedPolicies("p", rules);
RemoveFilteredNamedPolicy()
RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
removed := e.RemoveFilteredNamedPolicy("p", 0, "alice", "data1", "read")
const p = ['alice', 'data1', 'read']
const removed = await e.removeFilteredNamedPolicy('p', 0, ...p)
$removed = $e->removeFilteredNamedPolicy("p", 0, "alice", "data1", "read");
removed = e.remove_filtered_named_policy("p", 0, "alice", "data1", "read")
var removed = e.RemoveFilteredNamedPolicy("p", 0, "alice", "data1", "read");
or
var removed = e.RemoveFilteredNamedPolicyAync("p", 0, "alice", "data1", "read");
let removed = e.remove_filtered_named_policy("p", 0, vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()]).await?;
boolean removed = e.removeFilteredNamedPolicy("p", 0, "alice", "data1", "read");
HasGroupingPolicy()
HasGroupingPolicy determines whether a role inheritance rule exists.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
has := e.HasGroupingPolicy("alice", "data2_admin")
const has = await e.hasGroupingPolicy('alice', 'data2_admin')
$has = $e->hasGroupingPolicy("alice", "data2_admin");
has = e.has_grouping_policy("alice", "data2_admin")
var has = e.HasGroupingPolicy("alice", "data2_admin");
let has = e.has_grouping_policy(vec!["alice".to_owned(), "data2_admin".to_owned()]);
boolean has = e.hasGroupingPolicy("alice", "data2_admin");
HasNamedGroupingPolicy()
HasNamedGroupingPolicy determines whether a named role inheritance rule exists.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
has := e.HasNamedGroupingPolicy("g", "alice", "data2_admin")
const has = await e.hasNamedGroupingPolicy('g', 'alice', 'data2_admin')
$has = $e->hasNamedGroupingPolicy("g", "alice", "data2_admin");
has = e.has_named_grouping_policy("g", "alice", "data2_admin")
var has = e.HasNamedGroupingPolicy("g", "alice", "data2_admin");
let has = e.has_named_grouping_policy("g", vec!["alice".to_owned(), "data2_admin".to_owned()]);
boolean has = e.hasNamedGroupingPolicy("g", "alice", "data2_admin");
AddGroupingPolicy()
AddGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
added := e.AddGroupingPolicy("group1", "data2_admin")
const added = await e.addGroupingPolicy('group1', 'data2_admin')
$added = $e->addGroupingPolicy("group1", "data2_admin");
added = e.add_grouping_policy("group1", "data2_admin")
var added = e.AddGroupingPolicy("group1", "data2_admin");
or
var added = await e.AddGroupingPolicyAsync("group1", "data2_admin");
let added = e.add_grouping_policy(vec!["group1".to_owned(), "data2_admin".to_owned()]).await?;
boolean added = e.addGroupingPolicy("group1", "data2_admin");
AddGroupingPolicies()
AddGroupingPolicies adds role inheritance rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all authorization the rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
For example:
- Go
- Node.js
- Python
- Rust
- Java
rules := [][] string {
[]string {"ham", "data4_admin"},
[]string {"jack", "data5_admin"},
}
areRulesAdded := e.AddGroupingPolicies(rules)
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesAdded = await e.addGroupingPolicies(groupingRules);
rules = [
["ham", "data4_admin"],
["jack", "data5_admin"]
]
are_rules_added = e.add_grouping_policies(rules)
let rules = vec![
vec!["ham".to_owned(), "data4_admin".to_owned()],
vec!["jack".to_owned(), "data5_admin".to_owned()],
];
let areRulesAdded = e.add_grouping_policies(rules).await?;
String[][] groupingRules = {
{"ham", "data4_admin"},
{"jack", "data5_admin"}
};
boolean areRulesAdded = e.addGroupingPolicies(groupingRules);
AddGroupingPoliciesEx()
AddGroupingPoliciesEx adds role inheritance rules to the current policy. If the rule already exists, the rule will not be added. But unlike AddGroupingPolicies, other non-existent rules are added instead of returning false directly
For example:
- Go
ok, err := e.AddGroupingPoliciesEx([][]string{{"user1", "member"}, {"user2", "member"}})
AddNamedGroupingPolicy()
AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
added := e.AddNamedGroupingPolicy("g", "group1", "data2_admin")
const added = await e.addNamedGroupingPolicy('g', 'group1', 'data2_admin')
$added = $e->addNamedGroupingPolicy("g", "group1", "data2_admin");
added = e.add_named_grouping_policy("g", "group1", "data2_admin")
var added = e.AddNamedGroupingPolicy("g", "group1", "data2_admin");
or
var added = await e.AddNamedGroupingPolicyAsync("g", "group1", "data2_admin");
let added = e.add_named_grouping_policy("g", vec!["group1".to_owned(), "data2_admin".to_owned()]).await?;
boolean added = e.addNamedGroupingPolicy("g", "group1", "data2_admin");
AddNamedGroupingPolicies()
AddNamedGroupingPolicies adds named role inheritance rules to the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is added to the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is added to the current policy.
For example:
- Go
- Node.js
- Python
- Rust
- Java
rules := [][] string {
[]string {"ham", "data4_admin"},
[]string {"jack", "data5_admin"},
}
areRulesAdded := e.AddNamedGroupingPolicies("g", rules)
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesAdded = await e.addNamedGroupingPolicies('g', groupingRules);
rules = [
["ham", "data4_admin"],
["jack", "data5_admin"]
]
are_rules_added = e.add_named_grouping_policies("g", rules)
let rules = vec![
vec!["ham".to_owned(), "data4_admin".to_owned()],
vec!["jack".to_owned(), "data5_admin".to_owned()],
];
let are_rules_added = e.add_named_grouping_policies("g", rules).await?;
String[][] groupingRules = {
{"ham", "data4_admin"},
{"jack", "data5_admin"}
};
boolean areRulesAdded = e.addNamedGroupingPolicies("g", groupingRules);
AddNamedGroupingPoliciesEx()
AddNamedGroupingPoliciesEx adds named role inheritance rules to the current policy. If the rule already exists, the rule will not be added. But unlike AddNamedGroupingPolicies, other non-existent rules are added instead of returning false directly
For example:
- Go
ok, err := e.AddNamedGroupingPoliciesEx("g", [][]string{{"user1", "member"}, {"user2", "member"}})
RemoveGroupingPolicy()
RemoveGroupingPolicy removes a role inheritance rule from the current policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
removed := e.RemoveGroupingPolicy("alice", "data2_admin")
const removed = await e.removeGroupingPolicy('alice', 'data2_admin')
$removed = $e->removeGroupingPolicy("alice", "data2_admin");
removed = e.remove_grouping_policy("alice", "data2_admin")
var removed = e.RemoveGroupingPolicy("alice", "data2_admin");
or
var removed = await e.RemoveGroupingPolicyAsync("alice", "data2_admin");
let removed = e.remove_grouping_policy(vec!["alice".to_owned(), "data2_admin".to_owned()]).await?;
boolean removed = e.removeGroupingPolicy("alice", "data2_admin");
RemoveGroupingPolicies()
RemoveGroupingPolicies removes role inheritance rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
For example:
- Go
- Node.js
- Rust
- Python
- Java
rules := [][] string {
[]string {"ham", "data4_admin"},
[]string {"jack", "data5_admin"},
}
areRulesRemoved := e.RemoveGroupingPolicies(rules)
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesRemoved = await e.removeGroupingPolicies(groupingRules);
let rules = vec![
vec!["ham".to_owned(), "data4_admin".to_owned()],
vec!["jack".to_owned(), "data5_admin".to_owned()],
];
let are_rules_removed = e.remove_grouping_policies(rules).await?;
rules = [
["ham", "data4_admin"],
["jack", "data5_admin"]
]
are_rules_removed = e.remove_grouping_policies(rules)
String[][] groupingRules = {
{"ham", "data4_admin"},
{"jack", "data5_admin"}
};
boolean areRulesRemoved = e.removeGroupingPolicies(groupingRules);
RemoveFilteredGroupingPolicy()
RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
removed := e.RemoveFilteredGroupingPolicy(0, "alice")
const removed = await e.removeFilteredGroupingPolicy(0, 'alice')
$removed = $e->removeFilteredGroupingPolicy(0, "alice");
removed = e.remove_filtered_grouping_policy(0, "alice")
var removed = e.RemoveFilteredGroupingPolicy(0, "alice");
or
var removed = await e.RemoveFilteredGroupingPolicyAsync(0, "alice");
let removed = e.remove_filtered_grouping_policy(0, vec!["alice".to_owned()]).await?;
boolean removed = e.removeFilteredGroupingPolicy(0, "alice");
RemoveNamedGroupingPolicy()
RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
removed := e.RemoveNamedGroupingPolicy("g", "alice")
const removed = await e.removeNamedGroupingPolicy('g', 'alice')
$removed = $e->removeNamedGroupingPolicy("g", "alice");
removed = e.remove_named_grouping_policy("g", "alice", "data2_admin")
var removed = e.RemoveNamedGroupingPolicy("g", "alice");
or
var removed = await e.RemoveNamedGroupingPolicyAsync("g", "alice");
let removed = e.remove_named_grouping_policy("g", vec!["alice".to_owned()]).await?;
boolean removed = e.removeNamedGroupingPolicy("g", "alice");
RemoveNamedGroupingPolicies()
RemoveNamedGroupingPolicies removes named role inheritance rules from the current policy. The operation is atomic in nature. Hence, if authorization rules consists of rules which are not consistent with the current policy, the function returns false and no policy rule is removed from the current policy. If all the authorization rules are consistent with the policy rules, the function returns true and each policy rule is removed from the current policy.
For example:
- Go
- Node.js
- Python
- Rust
- Java
rules := [][] string {
[]string {"ham", "data4_admin"},
[]string {"jack", "data5_admin"},
}
areRulesRemoved := e.RemoveNamedGroupingPolicies("g", rules)
const groupingRules = [
['ham', 'data4_admin'],
['jack', 'data5_admin']
];
const areRulesRemoved = await e.removeNamedGroupingPolicies('g', groupingRules);
rules = [
["ham", "data4_admin"],
["jack", "data5_admin"]
]
are_rules_removed = e.remove_named_grouping_policies("g", rules)
let rules = vec![
vec!["ham".to_owned(), "data4_admin".to_owned()],
vec!["jack".to_owned(), "data5_admin".to_owned()],
];
let are_rules_removed = e.remove_named_grouping_policies("g", rules).await?;
String[][] groupingRules = {
{"ham", "data4_admin"},
{"jack", "data5_admin"}
};
boolean areRulesRemoved = e.removeNamedGroupingPolicies("g", groupingRules);
RemoveFilteredNamedGroupingPolicy()
RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.
For example:
- Go
- Node.js
- PHP
- Python
- .NET
- Rust
- Java
removed := e.RemoveFilteredNamedGroupingPolicy("g", 0, "alice")
const removed = await e.removeFilteredNamedGroupingPolicy('g', 0, 'alice')
$removed = $e->removeFilteredNamedGroupingPolicy("g", 0, "alice");
removed = e.remove_filtered_named_grouping_policy("g", 0, "alice")
var removed = e.RemoveFilteredNamedGroupingPolicy("g", 0, "alice");
or
var removed = await e.RemoveFilteredNamedGroupingPolicyAsync("g", 0, "alice");
let removed = e.remove_filtered_named_groupingPolicy("g", 0, vec!["alice".to_owned()]).await?;
boolean removed = e.removeFilteredNamedGroupingPolicy("g", 0, "alice");
UpdatePolicy()
UpdatePolicy update a old policy to new policy.
For example:
- Go
- Node.js
- Python
- Java
updated, err := e.UpdatePolicy([]string{"eve", "data3", "read"}, []string{"eve", "data3", "write"})
const update = await e.updatePolicy(["eve", "data3", "read"], ["eve", "data3", "write"]);
updated = e.update_policy(["eve", "data3", "read"], ["eve", "data3", "write"])
boolean updated = e.updatePolicy(Arrays.asList("eve", "data3", "read"), Arrays.asList("eve", "data3", "write"));
UpdatePolicies()
UpdatePolicies updates all old policies to new policies.
For example:
- Go
- Python
updated, err := e.UpdatePolicies([][]string{{"eve", "data3", "read"}, {"jack", "data3", "read"}}, [][]string{{"eve", "data3", "write"}, {"jack", "data3", "write"}})
old_rules = [["eve", "data3", "read"], ["jack", "data3", "read"]]
new_rules = [["eve", "data3", "write"], ["jack", "data3", "write"]]
updated = e.update_policies(old_rules, new_rules)
AddFunction()
AddFunction adds a customized function.
For example:
- Go
- Node.js
- PHP
- Python
- Rust
- Java
func CustomFunction(key1 string, key2 string) bool {
if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" {
return true
} else if key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId" {
return true
} else {
return false
}
}
func CustomFunctionWrapper(args ...interface{}) (interface{}, error) {
key1 := args[0].(string)
key2 := args[1].(string)
return bool(CustomFunction(key1, key2)), nil
}
e.AddFunction("keyMatchCustom", CustomFunctionWrapper)
function customFunction(key1, key2){
if(key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource") {
return true
} else if(key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId") {
return true
} else {
return false
}
}
e.addFunction("keyMatchCustom", customFunction);
func customFunction($key1, $key2) {
if ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data/:resource") {
return true;
} elseif ($key1 == "/alice_data2/myid/using/res_id" && $key2 == "/alice_data2/:id/using/:resId") {
return true;
} else {
return false;
}
}
func customFunctionWrapper(...$args){
$key1 := $args[0];
$key2 := $args[1];
return customFunction($key1, $key2);
}
$e->addFunction("keyMatchCustom", customFunctionWrapper);
def custom_function(key1, key2):
return ((key1 == "/alice_data2/myid/using/res_id" and key2 == "/alice_data/:resource") or (key1 == "/alice_data2/myid/using/res_id" and key2 == "/alice_data2/:id/using/:resId"))
e.add_function("keyMatchCustom", custom_function)
fn custom_function(key1: STring, key2: String) {
key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data/:resource" || key1 == "/alice_data2/myid/using/res_id" && key2 == "/alice_data2/:id/using/:resId"
}
e.add_function("keyMatchCustom", custom_function);
public static class CustomFunc extends CustomFunction {
@Override
public AviatorObject call(Map<String, Object> env, AviatorObject arg1, AviatorObject arg2) {
String key1 = FunctionUtils.getStringValue(arg1, env);
String key2 = FunctionUtils.getStringValue(arg2, env);
if (key1.equals("/alice_data2/myid/using/res_id") && key2.equals("/alice_data/:resource")) {
return AviatorBoolean.valueOf(true);
} else if (key1.equals("/alice_data2/myid/using/res_id") && key2.equals("/alice_data2/:id/using/:resId")) {
return AviatorBoolean.valueOf(true);
} else {
return AviatorBoolean.valueOf(false);
}
}
@Override
public String getName() {
return "keyMatchCustom";
}
}
FunctionTest.CustomFunc customFunc = new FunctionTest.CustomFunc();
e.addFunction(customFunc.getName(), customFunc);
LoadFilteredPolicy()
LoadFilteredPolicy loads filtered policies from file/database.
For example:
- Go
- Node.js
- Python
- Java
err := e.LoadFilteredPolicy()
const ok = await e.loadFilteredPolicy();
class Filter:
P = []
G = []
adapter = casbin.persist.adapters.FilteredAdapter("rbac_with_domains_policy.csv")
e = casbin.Enforcer("rbac_with_domains_model.conf", adapter)
filter = Filter()
filter.P = ["", "domain1"]
filter.G = ["", "", "domain1"]
e.load_filtered_policy(filter)
e.loadFilteredPolicy(new String[] { "", "domain1" });
LoadIncrementalFilteredPolicy()
LoadIncrementalFilteredPolicy append a filtered policy from file/database.
For example:
- Go
- Node.js
- Python
err := e.LoadIncrementalFilteredPolicy()
const ok = await e.loadIncrementalFilteredPolicy();
adapter = casbin.persist.adapters.FilteredAdapter("rbac_with_domains_policy.csv")
e = casbin.Enforcer("rbac_with_domains_model.conf", adapter)
filter = Filter()
filter.P = ["", "domain1"]
filter.G = ["", "", "domain1"]
e.load_increment_filtered_policy(filter)
UpdateGroupingPolicy()
UpdateGroupingPolicy updates oldRule to newRulein g section
For example:
- Go
- Java
succeed, err : = e.UpdateGroupingPolicy([]string{"data3_admin", "data4_admin"}, []string{"admin", "data4_admin"})
boolean succeed = e.updateGroupingPolicy(Arrays.asList("data3_admin", "data4_admin"), Arrays.asList("admin", "data4_admin"));
UpdateNamedGroupingPolicy()
UpdateNamedGroupingPolicy updates oldRule named ptype to newRulein g section
For example:
- Go
- Java
succeed, err : = e.UpdateGroupingPolicy("g1",[]string{"data3_admin", "data4_admin"}, []string{"admin", "data4_admin"})
boolean succeed = e.updateNamedGroupingPolicy("g1", Arrays.asList("data3_admin", "data4_admin"), Arrays.asList("admin", "data4_admin"));
SetFieldIndex()
SetFieldIndex suport customization of conventional name and position of sub, obj, domain and priority.
[policy_definition]
p = customized_priority, obj, act, eft, subject
For example:
- Go
e.SetFieldIndex("p", constant.PriorityIndex, 0)
e.SetFieldIndex("p", constant.SubjectIndex, 4)