README

Casbin

Go Report Card Build Status Godoc Release Gitter

News: still worry about how to write the correct Casbin policy? Casbin online editor is coming to help! Try it at: http://casbin.org/editor/

casbin Logo

Casbin is a powerful and efficient open-source access control library for Golang projects. It provides support for enforcing authorization based on various access control models.

All the languages supported by Casbin:

golang java nodejs php
Casbin jCasbin node-Casbin PHP-Casbin
production-ready production-ready production-ready production-ready
python dotnet delphi rust
PyCasbin Casbin.NET Casbin4D Casbin-RS
production-ready production-ready experimental WIP

Table of contents

Supported models

  1. ACL (Access Control List)
  2. ACL with superuser
  3. ACL without users: especially useful for systems that don't have authentication or user log-ins.
  4. ACL without resources: some scenarios may target for a type of resources instead of an individual resource by using permissions like write-article, read-log. It doesn't control the access to a specific article or log.
  5. RBAC (Role-Based Access Control)
  6. RBAC with resource roles: both users and resources can have roles (or groups) at the same time.
  7. RBAC with domains/tenants: users can have different role sets for different domains/tenants.
  8. ABAC (Attribute-Based Access Control): syntax sugar like resource.Owner can be used to get the attribute for a resource.
  9. RESTful: supports paths like /res/*, /res/:id and HTTP methods like GET, POST, PUT, DELETE.
  10. Deny-override: both allow and deny authorizations are supported, deny overrides the allow.
  11. Priority: the policy rules can be prioritized like firewall rules.

How it works?

In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.

The most basic and simplest model in Casbin is ACL. ACL's model CONF is:

# Request definition
[request_definition]
r = sub, obj, act

# Policy definition
[policy_definition]
p = sub, obj, act

# Policy effect
[policy_effect]
e = some(where (p.eft == allow))

# Matchers
[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act

An example policy for ACL model is like:

p, alice, data1, read
p, bob, data2, write

It means:

  • alice can read data1
  • bob can write data2

We also support multi-line mode by appending '\' in the end:

# Matchers
[matchers]
m = r.sub == p.sub && r.obj == p.obj \ 
  && r.act == p.act

Further more, if you are using ABAC, you can try operator in like following in Casbin golang edition (jCasbin and Node-Casbin are not supported yet):

# Matchers
[matchers]
m = r.obj == p.obj && r.act == p.act || r.obj in ('data2', 'data3')

But you SHOULD make sure that the length of the array is MORE than 1, otherwise there will cause it to panic.

For more operators, you may take a look at govaluate

Features

What Casbin does:

  1. enforce the policy in the classic {subject, object, action} form or a customized form as you defined, both allow and deny authorizations are supported.
  2. handle the storage of the access control model and its policy.
  3. manage the role-user mappings and role-role mappings (aka role hierarchy in RBAC).
  4. support built-in superuser like root or administrator. A superuser can do anything without explict permissions.
  5. multiple built-in operators to support the rule matching. For example, keyMatch can map a resource key /foo/bar to the pattern /foo*.

What Casbin does NOT do:

  1. authentication (aka verify username and password when a user logs in)
  2. manage the list of users or roles. I believe it's more convenient for the project itself to manage these entities. Users usually have their passwords, and Casbin is not designed as a password container. However, Casbin stores the user-role mapping for the RBAC scenario.

Installation

go get github.com/casbin/casbin

Documentation

https://casbin.org/docs/en/overview

Online editor

You can also use the online editor (http://casbin.org/editor/) to write your Casbin model and policy in your web browser. It provides functionality such as syntax highlighting and code completion, just like an IDE for a programming language.

Tutorials

https://casbin.org/docs/en/tutorials

Get started

  1. New a Casbin enforcer with a model file and a policy file:

    e := casbin.NewEnforcer("path/to/model.conf", "path/to/policy.csv")
    

Note: you can also initialize an enforcer with policy in DB instead of file, see Persistence section for details.

  1. Add an enforcement hook into your code right before the access happens:

    sub := "alice" // the user that wants to access a resource.
    obj := "data1" // the resource that is going to be accessed.
    act := "read" // the operation that the user performs on the resource.
    
    if e.Enforce(sub, obj, act) == true {
        // permit alice to read data1
    } else {
        // deny the request, show an error
    }
    
  2. Besides the static policy file, Casbin also provides API for permission management at run-time. For example, You can get all the roles assigned to a user as below:

    roles := e.GetImplicitRolesForUser(sub)
    

See Policy management APIs for more usage.

  1. Please refer to the _test.go files for more usage.

Policy management

Casbin provides two sets of APIs to manage permissions:

  • Management API: the primitive API that provides full support for Casbin policy management. See here for examples.
  • RBAC API: a more friendly API for RBAC. This API is a subset of Management API. The RBAC users could use this API to simplify the code. See here for examples.

We also provide a web-based UI for model management and policy management:

model editor

policy editor

Policy persistence

https://casbin.org/docs/en/adapters

Policy consistence between multiple nodes

https://casbin.org/docs/en/watchers

Role manager

https://casbin.org/docs/en/role-managers

Benchmarks

https://casbin.org/docs/en/benchmark

Examples

Model Model file Policy file
ACL basic_model.conf basic_policy.csv
ACL with superuser basic_model_with_root.conf basic_policy.csv
ACL without users basic_model_without_users.conf basic_policy_without_users.csv
ACL without resources basic_model_without_resources.conf basic_policy_without_resources.csv
RBAC rbac_model.conf rbac_policy.csv
RBAC with resource roles rbac_model_with_resource_roles.conf rbac_policy_with_resource_roles.csv
RBAC with domains/tenants rbac_model_with_domains.conf rbac_policy_with_domains.csv
ABAC abac_model.conf N/A
RESTful keymatch_model.conf keymatch_policy.csv
Deny-override rbac_model_with_deny.conf rbac_policy_with_deny.csv
Priority priority_model.conf priority_policy.csv

Middlewares

Authz middlewares for web frameworks: https://casbin.org/docs/en/middlewares

Our adopters

https://casbin.org/docs/en/adopters

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

License

This project is licensed under the Apache 2.0 license.

Contact

If you have any issues or feature requests, please contact us. PR is welcomed.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewModel

func NewModel(text ...string) model.Model

    NewModel creates a model.

    Types

    type CachedEnforcer

    type CachedEnforcer struct {
    	*Enforcer
    	// contains filtered or unexported fields
    }

      CachedEnforcer wraps Enforcer and provides decision cache

      func NewCachedEnforcer

      func NewCachedEnforcer(params ...interface{}) *CachedEnforcer

        NewCachedEnforcer creates a cached enforcer via file or DB.

        func (*CachedEnforcer) EnableCache

        func (e *CachedEnforcer) EnableCache(enableCache bool)

          EnableCache determines whether to enable cache on Enforce(). When enableCache is enabled, cached result (true | false) will be returned for previous decisions.

          func (*CachedEnforcer) Enforce

          func (e *CachedEnforcer) Enforce(rvals ...interface{}) bool

            Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). if rvals is not string , ingore the cache

            func (*CachedEnforcer) InvalidateCache

            func (e *CachedEnforcer) InvalidateCache()

              InvalidateCache deletes all the existing cached decisions.

              type Enforcer

              type Enforcer struct {
              	// contains filtered or unexported fields
              }

                Enforcer is the main interface for authorization enforcement and policy management.

                func NewEnforcer

                func NewEnforcer(params ...interface{}) *Enforcer

                  NewEnforcer creates an enforcer via file or DB. File: e := casbin.NewEnforcer("path/to/basic_model.conf", "path/to/basic_policy.csv") MySQL DB: a := mysqladapter.NewDBAdapter("mysql", "mysql_username:mysql_password@tcp(127.0.0.1:3306)/") e := casbin.NewEnforcer("path/to/basic_model.conf", a)

                  func NewEnforcerSafe

                  func NewEnforcerSafe(params ...interface{}) (e *Enforcer, err error)

                    NewEnforcerSafe calls NewEnforcer in a safe way, returns error instead of causing panic.

                    func (*Enforcer) AddFunction

                    func (e *Enforcer) AddFunction(name string, function func(args ...interface{}) (interface{}, error))

                      AddFunction adds a customized function.

                      func (*Enforcer) AddGroupingPolicy

                      func (e *Enforcer) AddGroupingPolicy(params ...interface{}) bool

                        AddGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

                        func (*Enforcer) AddGroupingPolicySafe

                        func (e *Enforcer) AddGroupingPolicySafe(params ...interface{}) (result bool, err error)

                          AddGroupingPolicySafe calls AddGroupingPolicy in a safe way, returns error instead of causing panic.

                          func (*Enforcer) AddNamedGroupingPolicy

                          func (e *Enforcer) AddNamedGroupingPolicy(ptype string, params ...interface{}) bool

                            AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

                            func (*Enforcer) AddNamedGroupingPolicySafe

                            func (e *Enforcer) AddNamedGroupingPolicySafe(ptype string, params ...interface{}) (result bool, err error)

                              AddNamedGroupingPolicySafe calls AddNamedGroupingPolicy in a safe way, returns error instead of causing panic.

                              func (*Enforcer) AddNamedPolicy

                              func (e *Enforcer) AddNamedPolicy(ptype string, params ...interface{}) bool

                                AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

                                func (*Enforcer) AddNamedPolicySafe

                                func (e *Enforcer) AddNamedPolicySafe(ptype string, params ...interface{}) (result bool, err error)

                                  AddNamedPolicySafe calls AddNamedPolicy in a safe way, returns error instead of causing panic.

                                  func (*Enforcer) AddPermissionForUser

                                  func (e *Enforcer) AddPermissionForUser(user string, permission ...string) bool

                                    AddPermissionForUser adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).

                                    func (*Enforcer) AddPolicy

                                    func (e *Enforcer) AddPolicy(params ...interface{}) bool

                                      AddPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

                                      func (*Enforcer) AddPolicySafe

                                      func (e *Enforcer) AddPolicySafe(params ...interface{}) (result bool, err error)

                                        AddPolicySafe calls AddPolicy in a safe way, returns error instead of causing panic.

                                        func (*Enforcer) AddRoleForUser

                                        func (e *Enforcer) AddRoleForUser(user string, role string) bool

                                          AddRoleForUser adds a role for a user. Returns false if the user already has the role (aka not affected).

                                          func (*Enforcer) AddRoleForUserInDomain

                                          func (e *Enforcer) AddRoleForUserInDomain(user string, role string, domain string) bool

                                            AddRoleForUserInDomain adds a role for a user inside a domain. Returns false if the user already has the role (aka not affected).

                                            func (e *Enforcer) BuildRoleLinks()

                                              BuildRoleLinks manually rebuild the role inheritance relations.

                                              func (*Enforcer) ClearPolicy

                                              func (e *Enforcer) ClearPolicy()

                                                ClearPolicy clears all policy.

                                                func (*Enforcer) DeletePermission

                                                func (e *Enforcer) DeletePermission(permission ...string) bool

                                                  DeletePermission deletes a permission. Returns false if the permission does not exist (aka not affected).

                                                  func (*Enforcer) DeletePermissionForUser

                                                  func (e *Enforcer) DeletePermissionForUser(user string, permission ...string) bool

                                                    DeletePermissionForUser deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected).

                                                    func (*Enforcer) DeletePermissionsForUser

                                                    func (e *Enforcer) DeletePermissionsForUser(user string) bool

                                                      DeletePermissionsForUser deletes permissions for a user or role. Returns false if the user or role does not have any permissions (aka not affected).

                                                      func (*Enforcer) DeleteRole

                                                      func (e *Enforcer) DeleteRole(role string)

                                                        DeleteRole deletes a role.

                                                        func (*Enforcer) DeleteRoleForUser

                                                        func (e *Enforcer) DeleteRoleForUser(user string, role string) bool

                                                          DeleteRoleForUser deletes a role for a user. Returns false if the user does not have the role (aka not affected).

                                                          func (*Enforcer) DeleteRoleForUserInDomain

                                                          func (e *Enforcer) DeleteRoleForUserInDomain(user string, role string, domain string) bool

                                                            DeleteRoleForUserInDomain deletes a role for a user inside a domain. Returns false if the user does not have the role (aka not affected).

                                                            func (*Enforcer) DeleteRolesForUser

                                                            func (e *Enforcer) DeleteRolesForUser(user string) bool

                                                              DeleteRolesForUser deletes all roles for a user. Returns false if the user does not have any roles (aka not affected).

                                                              func (*Enforcer) DeleteUser

                                                              func (e *Enforcer) DeleteUser(user string) bool

                                                                DeleteUser deletes a user. Returns false if the user does not exist (aka not affected).

                                                                func (e *Enforcer) EnableAutoBuildRoleLinks(autoBuildRoleLinks bool)

                                                                  EnableAutoBuildRoleLinks controls whether to rebuild the role inheritance relations when a role is added or deleted.

                                                                  func (*Enforcer) EnableAutoSave

                                                                  func (e *Enforcer) EnableAutoSave(autoSave bool)

                                                                    EnableAutoSave controls whether to save a policy rule automatically to the adapter when it is added or removed.

                                                                    func (*Enforcer) EnableEnforce

                                                                    func (e *Enforcer) EnableEnforce(enable bool)

                                                                      EnableEnforce changes the enforcing state of Casbin, when Casbin is disabled, all access will be allowed by the Enforce() function.

                                                                      func (*Enforcer) EnableLog

                                                                      func (e *Enforcer) EnableLog(enable bool)

                                                                        EnableLog changes whether Casbin will log messages to the Logger.

                                                                        func (*Enforcer) Enforce

                                                                        func (e *Enforcer) Enforce(rvals ...interface{}) bool

                                                                          Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).

                                                                          func (*Enforcer) EnforceSafe

                                                                          func (e *Enforcer) EnforceSafe(rvals ...interface{}) (result bool, err error)

                                                                            EnforceSafe calls Enforce in a safe way, returns error instead of causing panic.

                                                                            func (*Enforcer) GetAdapter

                                                                            func (e *Enforcer) GetAdapter() persist.Adapter

                                                                              GetAdapter gets the current adapter.

                                                                              func (*Enforcer) GetAllActions

                                                                              func (e *Enforcer) GetAllActions() []string

                                                                                GetAllActions gets the list of actions that show up in the current policy.

                                                                                func (*Enforcer) GetAllNamedActions

                                                                                func (e *Enforcer) GetAllNamedActions(ptype string) []string

                                                                                  GetAllNamedActions gets the list of actions that show up in the current named policy.

                                                                                  func (*Enforcer) GetAllNamedObjects

                                                                                  func (e *Enforcer) GetAllNamedObjects(ptype string) []string

                                                                                    GetAllNamedObjects gets the list of objects that show up in the current named policy.

                                                                                    func (*Enforcer) GetAllNamedRoles

                                                                                    func (e *Enforcer) GetAllNamedRoles(ptype string) []string

                                                                                      GetAllNamedRoles gets the list of roles that show up in the current named policy.

                                                                                      func (*Enforcer) GetAllNamedSubjects

                                                                                      func (e *Enforcer) GetAllNamedSubjects(ptype string) []string

                                                                                        GetAllNamedSubjects gets the list of subjects that show up in the current named policy.

                                                                                        func (*Enforcer) GetAllObjects

                                                                                        func (e *Enforcer) GetAllObjects() []string

                                                                                          GetAllObjects gets the list of objects that show up in the current policy.

                                                                                          func (*Enforcer) GetAllRoles

                                                                                          func (e *Enforcer) GetAllRoles() []string

                                                                                            GetAllRoles gets the list of roles that show up in the current policy.

                                                                                            func (*Enforcer) GetAllSubjects

                                                                                            func (e *Enforcer) GetAllSubjects() []string

                                                                                              GetAllSubjects gets the list of subjects that show up in the current policy.

                                                                                              func (*Enforcer) GetFilteredGroupingPolicy

                                                                                              func (e *Enforcer) GetFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) [][]string

                                                                                                GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.

                                                                                                func (*Enforcer) GetFilteredNamedGroupingPolicy

                                                                                                func (e *Enforcer) GetFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) [][]string

                                                                                                  GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.

                                                                                                  func (*Enforcer) GetFilteredNamedPolicy

                                                                                                  func (e *Enforcer) GetFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) [][]string

                                                                                                    GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.

                                                                                                    func (*Enforcer) GetFilteredPolicy

                                                                                                    func (e *Enforcer) GetFilteredPolicy(fieldIndex int, fieldValues ...string) [][]string

                                                                                                      GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.

                                                                                                      func (*Enforcer) GetGroupingPolicy

                                                                                                      func (e *Enforcer) GetGroupingPolicy() [][]string

                                                                                                        GetGroupingPolicy gets all the role inheritance rules in the policy.

                                                                                                        func (*Enforcer) GetImplicitPermissionsForUser

                                                                                                        func (e *Enforcer) GetImplicitPermissionsForUser(user string, domain ...string) [][]string

                                                                                                          GetImplicitPermissionsForUser gets implicit permissions for a user or role. Compared to GetPermissionsForUser(), this function retrieves permissions for inherited roles. For example: p, admin, data1, read p, alice, data2, read g, alice, admin

                                                                                                          GetPermissionsForUser("alice") can only get: [["alice", "data2", "read"]]. But GetImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].

                                                                                                          func (*Enforcer) GetImplicitRolesForUser

                                                                                                          func (e *Enforcer) GetImplicitRolesForUser(name string, domain ...string) []string

                                                                                                            GetImplicitRolesForUser gets implicit roles that a user has. Compared to GetRolesForUser(), this function retrieves indirect roles besides direct roles. For example: g, alice, role:admin g, role:admin, role:user

                                                                                                            GetRolesForUser("alice") can only get: ["role:admin"]. But GetImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].

                                                                                                            func (*Enforcer) GetImplicitUsersForPermission

                                                                                                            func (e *Enforcer) GetImplicitUsersForPermission(permission ...string) []string

                                                                                                              GetImplicitUsersForPermission gets implicit users for a permission. For example: p, admin, data1, read p, bob, data1, read g, alice, admin

                                                                                                              GetImplicitUsersForPermission("data1", "read") will get: ["alice", "bob"]. Note: only users will be returned, roles (2nd arg in "g") will be excluded.

                                                                                                              func (*Enforcer) GetModel

                                                                                                              func (e *Enforcer) GetModel() model.Model

                                                                                                                GetModel gets the current model.

                                                                                                                func (*Enforcer) GetNamedGroupingPolicy

                                                                                                                func (e *Enforcer) GetNamedGroupingPolicy(ptype string) [][]string

                                                                                                                  GetNamedGroupingPolicy gets all the role inheritance rules in the policy.

                                                                                                                  func (*Enforcer) GetNamedPolicy

                                                                                                                  func (e *Enforcer) GetNamedPolicy(ptype string) [][]string

                                                                                                                    GetNamedPolicy gets all the authorization rules in the named policy.

                                                                                                                    func (*Enforcer) GetPermissionsForUser

                                                                                                                    func (e *Enforcer) GetPermissionsForUser(user string) [][]string

                                                                                                                      GetPermissionsForUser gets permissions for a user or role.

                                                                                                                      func (*Enforcer) GetPermissionsForUserInDomain

                                                                                                                      func (e *Enforcer) GetPermissionsForUserInDomain(user string, domain string) [][]string

                                                                                                                        GetPermissionsForUserInDomain gets permissions for a user or role inside a domain.

                                                                                                                        func (*Enforcer) GetPolicy

                                                                                                                        func (e *Enforcer) GetPolicy() [][]string

                                                                                                                          GetPolicy gets all the authorization rules in the policy.

                                                                                                                          func (*Enforcer) GetRolesForUser

                                                                                                                          func (e *Enforcer) GetRolesForUser(name string) ([]string, error)

                                                                                                                            GetRolesForUser gets the roles that a user has.

                                                                                                                            func (*Enforcer) GetRolesForUserInDomain

                                                                                                                            func (e *Enforcer) GetRolesForUserInDomain(name string, domain string) []string

                                                                                                                              GetRolesForUserInDomain gets the roles that a user has inside a domain.

                                                                                                                              func (*Enforcer) GetUsersForRole

                                                                                                                              func (e *Enforcer) GetUsersForRole(name string) ([]string, error)

                                                                                                                                GetUsersForRole gets the users that has a role.

                                                                                                                                func (*Enforcer) GetUsersForRoleInDomain

                                                                                                                                func (e *Enforcer) GetUsersForRoleInDomain(name string, domain string) []string

                                                                                                                                  GetUsersForRoleInDomain gets the users that has a role inside a domain. Add by Gordon

                                                                                                                                  func (*Enforcer) HasGroupingPolicy

                                                                                                                                  func (e *Enforcer) HasGroupingPolicy(params ...interface{}) bool

                                                                                                                                    HasGroupingPolicy determines whether a role inheritance rule exists.

                                                                                                                                    func (*Enforcer) HasNamedGroupingPolicy

                                                                                                                                    func (e *Enforcer) HasNamedGroupingPolicy(ptype string, params ...interface{}) bool

                                                                                                                                      HasNamedGroupingPolicy determines whether a named role inheritance rule exists.

                                                                                                                                      func (*Enforcer) HasNamedPolicy

                                                                                                                                      func (e *Enforcer) HasNamedPolicy(ptype string, params ...interface{}) bool

                                                                                                                                        HasNamedPolicy determines whether a named authorization rule exists.

                                                                                                                                        func (*Enforcer) HasPermissionForUser

                                                                                                                                        func (e *Enforcer) HasPermissionForUser(user string, permission ...string) bool

                                                                                                                                          HasPermissionForUser determines whether a user has a permission.

                                                                                                                                          func (*Enforcer) HasPolicy

                                                                                                                                          func (e *Enforcer) HasPolicy(params ...interface{}) bool

                                                                                                                                            HasPolicy determines whether an authorization rule exists.

                                                                                                                                            func (*Enforcer) HasRoleForUser

                                                                                                                                            func (e *Enforcer) HasRoleForUser(name string, role string) (bool, error)

                                                                                                                                              HasRoleForUser determines whether a user has a role.

                                                                                                                                              func (*Enforcer) InitWithAdapter

                                                                                                                                              func (e *Enforcer) InitWithAdapter(modelPath string, adapter persist.Adapter)

                                                                                                                                                InitWithAdapter initializes an enforcer with a database adapter.

                                                                                                                                                func (*Enforcer) InitWithFile

                                                                                                                                                func (e *Enforcer) InitWithFile(modelPath string, policyPath string)

                                                                                                                                                  InitWithFile initializes an enforcer with a model file and a policy file.

                                                                                                                                                  func (*Enforcer) InitWithModelAndAdapter

                                                                                                                                                  func (e *Enforcer) InitWithModelAndAdapter(m model.Model, adapter persist.Adapter)

                                                                                                                                                    InitWithModelAndAdapter initializes an enforcer with a model and a database adapter.

                                                                                                                                                    func (*Enforcer) IsFiltered

                                                                                                                                                    func (e *Enforcer) IsFiltered() bool

                                                                                                                                                      IsFiltered returns true if the loaded policy has been filtered.

                                                                                                                                                      func (*Enforcer) LoadFilteredPolicy

                                                                                                                                                      func (e *Enforcer) LoadFilteredPolicy(filter interface{}) error

                                                                                                                                                        LoadFilteredPolicy reloads a filtered policy from file/database.

                                                                                                                                                        func (*Enforcer) LoadModel

                                                                                                                                                        func (e *Enforcer) LoadModel()

                                                                                                                                                          LoadModel reloads the model from the model CONF file. Because the policy is attached to a model, so the policy is invalidated and needs to be reloaded by calling LoadPolicy().

                                                                                                                                                          func (*Enforcer) LoadModelSafe

                                                                                                                                                          func (e *Enforcer) LoadModelSafe() (err error)

                                                                                                                                                            LoadModelSafe calls LoadModel in a safe way, returns error instead of causing panic.

                                                                                                                                                            func (*Enforcer) LoadPolicy

                                                                                                                                                            func (e *Enforcer) LoadPolicy() error

                                                                                                                                                              LoadPolicy reloads the policy from file/database.

                                                                                                                                                              func (*Enforcer) RemoveFilteredGroupingPolicy

                                                                                                                                                              func (e *Enforcer) RemoveFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) bool

                                                                                                                                                                RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.

                                                                                                                                                                func (*Enforcer) RemoveFilteredGroupingPolicySafe

                                                                                                                                                                func (e *Enforcer) RemoveFilteredGroupingPolicySafe(fieldIndex int, fieldValues ...string) (result bool, err error)

                                                                                                                                                                  RemoveFilteredGroupingPolicySafe calls RemoveFilteredGroupingPolicy in a safe way, returns error instead of causing panic.

                                                                                                                                                                  func (*Enforcer) RemoveFilteredNamedGroupingPolicy

                                                                                                                                                                  func (e *Enforcer) RemoveFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) bool

                                                                                                                                                                    RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.

                                                                                                                                                                    func (*Enforcer) RemoveFilteredNamedGroupingPolicySafe

                                                                                                                                                                    func (e *Enforcer) RemoveFilteredNamedGroupingPolicySafe(ptype string, fieldIndex int, fieldValues ...string) (result bool, err error)

                                                                                                                                                                      RemoveFilteredNamedGroupingPolicySafe calls RemoveFilteredNamedGroupingPolicy in a safe way, returns error instead of causing panic.

                                                                                                                                                                      func (*Enforcer) RemoveFilteredNamedPolicy

                                                                                                                                                                      func (e *Enforcer) RemoveFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) bool

                                                                                                                                                                        RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.

                                                                                                                                                                        func (*Enforcer) RemoveFilteredPolicy

                                                                                                                                                                        func (e *Enforcer) RemoveFilteredPolicy(fieldIndex int, fieldValues ...string) bool

                                                                                                                                                                          RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified.

                                                                                                                                                                          func (*Enforcer) RemoveFilteredPolicySafe

                                                                                                                                                                          func (e *Enforcer) RemoveFilteredPolicySafe(fieldIndex int, fieldValues ...string) (result bool, err error)

                                                                                                                                                                            RemoveFilteredPolicySafe calls RemoveFilteredPolicy in a safe way, returns error instead of causing panic.

                                                                                                                                                                            func (*Enforcer) RemoveGroupingPolicy

                                                                                                                                                                            func (e *Enforcer) RemoveGroupingPolicy(params ...interface{}) bool

                                                                                                                                                                              RemoveGroupingPolicy removes a role inheritance rule from the current policy.

                                                                                                                                                                              func (*Enforcer) RemoveGroupingPolicySafe

                                                                                                                                                                              func (e *Enforcer) RemoveGroupingPolicySafe(params ...interface{}) (result bool, err error)

                                                                                                                                                                                RemoveGroupingPolicySafe calls RemoveGroupingPolicy in a safe way, returns error instead of causing panic.

                                                                                                                                                                                func (*Enforcer) RemoveNamedGroupingPolicy

                                                                                                                                                                                func (e *Enforcer) RemoveNamedGroupingPolicy(ptype string, params ...interface{}) bool

                                                                                                                                                                                  RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy.

                                                                                                                                                                                  func (*Enforcer) RemoveNamedGroupingPolicySafe

                                                                                                                                                                                  func (e *Enforcer) RemoveNamedGroupingPolicySafe(ptype string, params ...interface{}) (result bool, err error)

                                                                                                                                                                                    RemoveNamedGroupingPolicySafe calls RemoveNamedGroupingPolicy in a safe way, returns error instead of causing panic.

                                                                                                                                                                                    func (*Enforcer) RemoveNamedPolicy

                                                                                                                                                                                    func (e *Enforcer) RemoveNamedPolicy(ptype string, params ...interface{}) bool

                                                                                                                                                                                      RemoveNamedPolicy removes an authorization rule from the current named policy.

                                                                                                                                                                                      func (*Enforcer) RemovePolicy

                                                                                                                                                                                      func (e *Enforcer) RemovePolicy(params ...interface{}) bool

                                                                                                                                                                                        RemovePolicy removes an authorization rule from the current policy.

                                                                                                                                                                                        func (*Enforcer) RemovePolicySafe

                                                                                                                                                                                        func (e *Enforcer) RemovePolicySafe(params ...interface{}) (result bool, err error)

                                                                                                                                                                                          RemovePolicySafe calls RemovePolicy in a safe way, returns error instead of causing panic.

                                                                                                                                                                                          func (*Enforcer) SavePolicy

                                                                                                                                                                                          func (e *Enforcer) SavePolicy() error

                                                                                                                                                                                            SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database.

                                                                                                                                                                                            func (*Enforcer) SetAdapter

                                                                                                                                                                                            func (e *Enforcer) SetAdapter(adapter persist.Adapter)

                                                                                                                                                                                              SetAdapter sets the current adapter.

                                                                                                                                                                                              func (*Enforcer) SetEffector

                                                                                                                                                                                              func (e *Enforcer) SetEffector(eft effect.Effector)

                                                                                                                                                                                                SetEffector sets the current effector.

                                                                                                                                                                                                func (*Enforcer) SetModel

                                                                                                                                                                                                func (e *Enforcer) SetModel(m model.Model)

                                                                                                                                                                                                  SetModel sets the current model.

                                                                                                                                                                                                  func (*Enforcer) SetRoleManager

                                                                                                                                                                                                  func (e *Enforcer) SetRoleManager(rm rbac.RoleManager)

                                                                                                                                                                                                    SetRoleManager sets the current role manager.

                                                                                                                                                                                                    func (*Enforcer) SetWatcher

                                                                                                                                                                                                    func (e *Enforcer) SetWatcher(watcher persist.Watcher)

                                                                                                                                                                                                      SetWatcher sets the current watcher.

                                                                                                                                                                                                      type SyncedEnforcer

                                                                                                                                                                                                      type SyncedEnforcer struct {
                                                                                                                                                                                                      	*Enforcer
                                                                                                                                                                                                      	// contains filtered or unexported fields
                                                                                                                                                                                                      }

                                                                                                                                                                                                        SyncedEnforcer wraps Enforcer and provides synchronized access

                                                                                                                                                                                                        func NewSyncedEnforcer

                                                                                                                                                                                                        func NewSyncedEnforcer(params ...interface{}) *SyncedEnforcer

                                                                                                                                                                                                          NewSyncedEnforcer creates a synchronized enforcer via file or DB.

                                                                                                                                                                                                          func NewSyncedEnforcerSafe

                                                                                                                                                                                                          func NewSyncedEnforcerSafe(params ...interface{}) (enforcer *SyncedEnforcer, err error)

                                                                                                                                                                                                            NewSyncedEnforcerSafe creates a synchronized enforcer via file or DB.

                                                                                                                                                                                                            func (*SyncedEnforcer) AddGroupingPolicy

                                                                                                                                                                                                            func (e *SyncedEnforcer) AddGroupingPolicy(params ...interface{}) bool

                                                                                                                                                                                                              AddGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

                                                                                                                                                                                                              func (*SyncedEnforcer) AddPermissionForUser

                                                                                                                                                                                                              func (e *SyncedEnforcer) AddPermissionForUser(user string, permission ...string) bool

                                                                                                                                                                                                                AddPermissionForUser adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).

                                                                                                                                                                                                                func (*SyncedEnforcer) AddPolicy

                                                                                                                                                                                                                func (e *SyncedEnforcer) AddPolicy(params ...interface{}) bool

                                                                                                                                                                                                                  AddPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.

                                                                                                                                                                                                                  func (*SyncedEnforcer) AddPolicySafe

                                                                                                                                                                                                                  func (e *SyncedEnforcer) AddPolicySafe(params ...interface{}) (result bool, err error)

                                                                                                                                                                                                                    AddPolicySafe calls AddPolicy in a safe way, returns error instead of causing panic.

                                                                                                                                                                                                                    func (*SyncedEnforcer) AddRoleForUser

                                                                                                                                                                                                                    func (e *SyncedEnforcer) AddRoleForUser(user string, role string) bool

                                                                                                                                                                                                                      AddRoleForUser adds a role for a user. Returns false if the user already has the role (aka not affected).

                                                                                                                                                                                                                      func (*SyncedEnforcer) AddRoleForUserInDomain

                                                                                                                                                                                                                      func (e *SyncedEnforcer) AddRoleForUserInDomain(user string, role string, domain string) bool

                                                                                                                                                                                                                        AddRoleForUserInDomain adds a role for a user inside a domain. Returns false if the user already has the role (aka not affected).

                                                                                                                                                                                                                        func (e *SyncedEnforcer) BuildRoleLinks()

                                                                                                                                                                                                                          BuildRoleLinks manually rebuild the role inheritance relations.

                                                                                                                                                                                                                          func (*SyncedEnforcer) ClearPolicy

                                                                                                                                                                                                                          func (e *SyncedEnforcer) ClearPolicy()

                                                                                                                                                                                                                            ClearPolicy clears all policy.

                                                                                                                                                                                                                            func (*SyncedEnforcer) DeletePermission

                                                                                                                                                                                                                            func (e *SyncedEnforcer) DeletePermission(permission ...string) bool

                                                                                                                                                                                                                              DeletePermission deletes a permission. Returns false if the permission does not exist (aka not affected).

                                                                                                                                                                                                                              func (*SyncedEnforcer) DeletePermissionForUser

                                                                                                                                                                                                                              func (e *SyncedEnforcer) DeletePermissionForUser(user string, permission ...string) bool

                                                                                                                                                                                                                                DeletePermissionForUser deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected).

                                                                                                                                                                                                                                func (*SyncedEnforcer) DeletePermissionsForUser

                                                                                                                                                                                                                                func (e *SyncedEnforcer) DeletePermissionsForUser(user string) bool

                                                                                                                                                                                                                                  DeletePermissionsForUser deletes permissions for a user or role. Returns false if the user or role does not have any permissions (aka not affected).

                                                                                                                                                                                                                                  func (*SyncedEnforcer) DeleteRole

                                                                                                                                                                                                                                  func (e *SyncedEnforcer) DeleteRole(role string)

                                                                                                                                                                                                                                    DeleteRole deletes a role.

                                                                                                                                                                                                                                    func (*SyncedEnforcer) DeleteRoleForUser

                                                                                                                                                                                                                                    func (e *SyncedEnforcer) DeleteRoleForUser(user string, role string) bool

                                                                                                                                                                                                                                      DeleteRoleForUser deletes a role for a user. Returns false if the user does not have the role (aka not affected).

                                                                                                                                                                                                                                      func (*SyncedEnforcer) DeleteRoleForUserInDomain

                                                                                                                                                                                                                                      func (e *SyncedEnforcer) DeleteRoleForUserInDomain(user string, role string, domain string) bool

                                                                                                                                                                                                                                        DeleteRoleForUserInDomain deletes a role for a user inside a domain. Returns false if the user does not have the role (aka not affected).

                                                                                                                                                                                                                                        func (*SyncedEnforcer) DeleteRolesForUser

                                                                                                                                                                                                                                        func (e *SyncedEnforcer) DeleteRolesForUser(user string) bool

                                                                                                                                                                                                                                          DeleteRolesForUser deletes all roles for a user. Returns false if the user does not have any roles (aka not affected).

                                                                                                                                                                                                                                          func (*SyncedEnforcer) DeleteUser

                                                                                                                                                                                                                                          func (e *SyncedEnforcer) DeleteUser(user string) bool

                                                                                                                                                                                                                                            DeleteUser deletes a user. Returns false if the user does not exist (aka not affected).

                                                                                                                                                                                                                                            func (*SyncedEnforcer) Enforce

                                                                                                                                                                                                                                            func (e *SyncedEnforcer) Enforce(rvals ...interface{}) bool

                                                                                                                                                                                                                                              Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).

                                                                                                                                                                                                                                              func (*SyncedEnforcer) EnforceSafe

                                                                                                                                                                                                                                              func (e *SyncedEnforcer) EnforceSafe(rvals ...interface{}) (result bool, err error)

                                                                                                                                                                                                                                                EnforceSafe calls Enforce in a safe way, returns error instead of causing panic.

                                                                                                                                                                                                                                                func (*SyncedEnforcer) GetAllActions

                                                                                                                                                                                                                                                func (e *SyncedEnforcer) GetAllActions() []string

                                                                                                                                                                                                                                                  GetAllActions gets the list of actions that show up in the current policy.

                                                                                                                                                                                                                                                  func (*SyncedEnforcer) GetAllObjects

                                                                                                                                                                                                                                                  func (e *SyncedEnforcer) GetAllObjects() []string

                                                                                                                                                                                                                                                    GetAllObjects gets the list of objects that show up in the current policy.

                                                                                                                                                                                                                                                    func (*SyncedEnforcer) GetAllRoles

                                                                                                                                                                                                                                                    func (e *SyncedEnforcer) GetAllRoles() []string

                                                                                                                                                                                                                                                      GetAllRoles gets the list of roles that show up in the current policy.

                                                                                                                                                                                                                                                      func (*SyncedEnforcer) GetAllSubjects

                                                                                                                                                                                                                                                      func (e *SyncedEnforcer) GetAllSubjects() []string

                                                                                                                                                                                                                                                        GetAllSubjects gets the list of subjects that show up in the current policy.

                                                                                                                                                                                                                                                        func (*SyncedEnforcer) GetFilteredGroupingPolicy

                                                                                                                                                                                                                                                        func (e *SyncedEnforcer) GetFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) [][]string

                                                                                                                                                                                                                                                          GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.

                                                                                                                                                                                                                                                          func (*SyncedEnforcer) GetFilteredPolicy

                                                                                                                                                                                                                                                          func (e *SyncedEnforcer) GetFilteredPolicy(fieldIndex int, fieldValues ...string) [][]string

                                                                                                                                                                                                                                                            GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.

                                                                                                                                                                                                                                                            func (*SyncedEnforcer) GetGroupingPolicy

                                                                                                                                                                                                                                                            func (e *SyncedEnforcer) GetGroupingPolicy() [][]string

                                                                                                                                                                                                                                                              GetGroupingPolicy gets all the role inheritance rules in the policy.

                                                                                                                                                                                                                                                              func (*SyncedEnforcer) GetPermissionsForUser

                                                                                                                                                                                                                                                              func (e *SyncedEnforcer) GetPermissionsForUser(user string) [][]string

                                                                                                                                                                                                                                                                GetPermissionsForUser gets permissions for a user or role.

                                                                                                                                                                                                                                                                func (*SyncedEnforcer) GetPermissionsForUserInDomain

                                                                                                                                                                                                                                                                func (e *SyncedEnforcer) GetPermissionsForUserInDomain(user string, domain string) [][]string

                                                                                                                                                                                                                                                                  GetPermissionsForUserInDomain gets permissions for a user or role inside a domain.

                                                                                                                                                                                                                                                                  func (*SyncedEnforcer) GetPolicy

                                                                                                                                                                                                                                                                  func (e *SyncedEnforcer) GetPolicy() [][]string

                                                                                                                                                                                                                                                                    GetPolicy gets all the authorization rules in the policy.

                                                                                                                                                                                                                                                                    func (*SyncedEnforcer) GetRolesForUser

                                                                                                                                                                                                                                                                    func (e *SyncedEnforcer) GetRolesForUser(name string) ([]string, error)

                                                                                                                                                                                                                                                                      GetRolesForUser gets the roles that a user has.

                                                                                                                                                                                                                                                                      func (*SyncedEnforcer) GetRolesForUserInDomain

                                                                                                                                                                                                                                                                      func (e *SyncedEnforcer) GetRolesForUserInDomain(name string, domain string) []string

                                                                                                                                                                                                                                                                        GetRolesForUserInDomain gets the roles that a user has inside a domain.

                                                                                                                                                                                                                                                                        func (*SyncedEnforcer) GetUsersForRole

                                                                                                                                                                                                                                                                        func (e *SyncedEnforcer) GetUsersForRole(name string) ([]string, error)

                                                                                                                                                                                                                                                                          GetUsersForRole gets the users that has a role.

                                                                                                                                                                                                                                                                          func (*SyncedEnforcer) GetUsersForRoleInDomain

                                                                                                                                                                                                                                                                          func (e *SyncedEnforcer) GetUsersForRoleInDomain(name string, domain string) []string

                                                                                                                                                                                                                                                                            GetUsersForRoleInDomain gets the users that has a role inside a domain. Add by Gordon

                                                                                                                                                                                                                                                                            func (*SyncedEnforcer) HasGroupingPolicy

                                                                                                                                                                                                                                                                            func (e *SyncedEnforcer) HasGroupingPolicy(params ...interface{}) bool

                                                                                                                                                                                                                                                                              HasGroupingPolicy determines whether a role inheritance rule exists.

                                                                                                                                                                                                                                                                              func (*SyncedEnforcer) HasPermissionForUser

                                                                                                                                                                                                                                                                              func (e *SyncedEnforcer) HasPermissionForUser(user string, permission ...string) bool

                                                                                                                                                                                                                                                                                HasPermissionForUser determines whether a user has a permission.

                                                                                                                                                                                                                                                                                func (*SyncedEnforcer) HasPolicy

                                                                                                                                                                                                                                                                                func (e *SyncedEnforcer) HasPolicy(params ...interface{}) bool

                                                                                                                                                                                                                                                                                  HasPolicy determines whether an authorization rule exists.

                                                                                                                                                                                                                                                                                  func (*SyncedEnforcer) HasRoleForUser

                                                                                                                                                                                                                                                                                  func (e *SyncedEnforcer) HasRoleForUser(name string, role string) (bool, error)

                                                                                                                                                                                                                                                                                    HasRoleForUser determines whether a user has a role.

                                                                                                                                                                                                                                                                                    func (*SyncedEnforcer) LoadModelSafe

                                                                                                                                                                                                                                                                                    func (e *SyncedEnforcer) LoadModelSafe() (err error)

                                                                                                                                                                                                                                                                                      LoadModelSafe calls LoadModel in a safe way, returns error instead of causing panic.

                                                                                                                                                                                                                                                                                      func (*SyncedEnforcer) LoadPolicy

                                                                                                                                                                                                                                                                                      func (e *SyncedEnforcer) LoadPolicy() error

                                                                                                                                                                                                                                                                                        LoadPolicy reloads the policy from file/database.

                                                                                                                                                                                                                                                                                        func (*SyncedEnforcer) RemoveFilteredGroupingPolicy

                                                                                                                                                                                                                                                                                        func (e *SyncedEnforcer) RemoveFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) bool

                                                                                                                                                                                                                                                                                          RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.

                                                                                                                                                                                                                                                                                          func (*SyncedEnforcer) RemoveFilteredPolicy

                                                                                                                                                                                                                                                                                          func (e *SyncedEnforcer) RemoveFilteredPolicy(fieldIndex int, fieldValues ...string) bool

                                                                                                                                                                                                                                                                                            RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified.

                                                                                                                                                                                                                                                                                            func (*SyncedEnforcer) RemoveFilteredPolicySafe

                                                                                                                                                                                                                                                                                            func (e *SyncedEnforcer) RemoveFilteredPolicySafe(fieldIndex int, fieldValues ...string) (result bool, err error)

                                                                                                                                                                                                                                                                                              RemoveFilteredPolicySafe calls RemoveFilteredPolicy in a safe way, returns error instead of causing panic.

                                                                                                                                                                                                                                                                                              func (*SyncedEnforcer) RemoveGroupingPolicy

                                                                                                                                                                                                                                                                                              func (e *SyncedEnforcer) RemoveGroupingPolicy(params ...interface{}) bool

                                                                                                                                                                                                                                                                                                RemoveGroupingPolicy removes a role inheritance rule from the current policy.

                                                                                                                                                                                                                                                                                                func (*SyncedEnforcer) RemovePolicy

                                                                                                                                                                                                                                                                                                func (e *SyncedEnforcer) RemovePolicy(params ...interface{}) bool

                                                                                                                                                                                                                                                                                                  RemovePolicy removes an authorization rule from the current policy.

                                                                                                                                                                                                                                                                                                  func (*SyncedEnforcer) RemovePolicySafe

                                                                                                                                                                                                                                                                                                  func (e *SyncedEnforcer) RemovePolicySafe(params ...interface{}) (result bool, err error)

                                                                                                                                                                                                                                                                                                    RemovePolicySafe calls RemovePolicy in a safe way, returns error instead of causing panic.

                                                                                                                                                                                                                                                                                                    func (*SyncedEnforcer) SavePolicy

                                                                                                                                                                                                                                                                                                    func (e *SyncedEnforcer) SavePolicy() error

                                                                                                                                                                                                                                                                                                      SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database.

                                                                                                                                                                                                                                                                                                      func (*SyncedEnforcer) SetWatcher

                                                                                                                                                                                                                                                                                                      func (e *SyncedEnforcer) SetWatcher(watcher persist.Watcher)

                                                                                                                                                                                                                                                                                                        SetWatcher sets the current watcher.

                                                                                                                                                                                                                                                                                                        func (*SyncedEnforcer) StartAutoLoadPolicy

                                                                                                                                                                                                                                                                                                        func (e *SyncedEnforcer) StartAutoLoadPolicy(d time.Duration)

                                                                                                                                                                                                                                                                                                          StartAutoLoadPolicy starts a go routine that will every specified duration call LoadPolicy

                                                                                                                                                                                                                                                                                                          func (*SyncedEnforcer) StopAutoLoadPolicy

                                                                                                                                                                                                                                                                                                          func (e *SyncedEnforcer) StopAutoLoadPolicy()

                                                                                                                                                                                                                                                                                                            StopAutoLoadPolicy causes the go routine to exit.