Documentation ¶
Index ¶
- func NewModel(text ...string) model.Model
- type CachedEnforcer
- type Enforcer
- func (e *Enforcer) AddFunction(name string, function func(args ...interface{}) (interface{}, error))
- func (e *Enforcer) AddGroupingPolicy(params ...interface{}) bool
- func (e *Enforcer) AddGroupingPolicySafe(params ...interface{}) (result bool, err error)
- func (e *Enforcer) AddNamedGroupingPolicy(ptype string, params ...interface{}) bool
- func (e *Enforcer) AddNamedGroupingPolicySafe(ptype string, params ...interface{}) (result bool, err error)
- func (e *Enforcer) AddNamedPolicy(ptype string, params ...interface{}) bool
- func (e *Enforcer) AddNamedPolicySafe(ptype string, params ...interface{}) (result bool, err error)
- func (e *Enforcer) AddPermissionForUser(user string, permission ...string) bool
- func (e *Enforcer) AddPolicy(params ...interface{}) bool
- func (e *Enforcer) AddPolicySafe(params ...interface{}) (result bool, err error)
- func (e *Enforcer) AddRoleForUser(user string, role string) bool
- func (e *Enforcer) AddRoleForUserInDomain(user string, role string, domain string) bool
- func (e *Enforcer) BuildRoleLinks()
- func (e *Enforcer) ClearPolicy()
- func (e *Enforcer) DeletePermission(permission ...string) bool
- func (e *Enforcer) DeletePermissionForUser(user string, permission ...string) bool
- func (e *Enforcer) DeletePermissionsForUser(user string) bool
- func (e *Enforcer) DeleteRole(role string)
- func (e *Enforcer) DeleteRoleForUser(user string, role string) bool
- func (e *Enforcer) DeleteRoleForUserInDomain(user string, role string, domain string) bool
- func (e *Enforcer) DeleteRolesForUser(user string) bool
- func (e *Enforcer) DeleteUser(user string) bool
- func (e *Enforcer) EnableAutoBuildRoleLinks(autoBuildRoleLinks bool)
- func (e *Enforcer) EnableAutoSave(autoSave bool)
- func (e *Enforcer) EnableEnforce(enable bool)
- func (e *Enforcer) EnableLog(enable bool)
- func (e *Enforcer) Enforce(rvals ...interface{}) bool
- func (e *Enforcer) EnforceSafe(rvals ...interface{}) (result bool, err error)
- func (e *Enforcer) GetAdapter() persist.Adapter
- func (e *Enforcer) GetAllActions() []string
- func (e *Enforcer) GetAllNamedActions(ptype string) []string
- func (e *Enforcer) GetAllNamedObjects(ptype string) []string
- func (e *Enforcer) GetAllNamedRoles(ptype string) []string
- func (e *Enforcer) GetAllNamedSubjects(ptype string) []string
- func (e *Enforcer) GetAllObjects() []string
- func (e *Enforcer) GetAllRoles() []string
- func (e *Enforcer) GetAllSubjects() []string
- func (e *Enforcer) GetFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) [][]string
- func (e *Enforcer) GetFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) [][]string
- func (e *Enforcer) GetFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) [][]string
- func (e *Enforcer) GetFilteredPolicy(fieldIndex int, fieldValues ...string) [][]string
- func (e *Enforcer) GetGroupingPolicy() [][]string
- func (e *Enforcer) GetImplicitPermissionsForUser(user string, domain ...string) [][]string
- func (e *Enforcer) GetImplicitRolesForUser(name string, domain ...string) []string
- func (e *Enforcer) GetImplicitUsersForPermission(permission ...string) []string
- func (e *Enforcer) GetModel() model.Model
- func (e *Enforcer) GetNamedGroupingPolicy(ptype string) [][]string
- func (e *Enforcer) GetNamedPolicy(ptype string) [][]string
- func (e *Enforcer) GetPermissionsForUser(user string) [][]string
- func (e *Enforcer) GetPermissionsForUserInDomain(user string, domain string) [][]string
- func (e *Enforcer) GetPolicy() [][]string
- func (e *Enforcer) GetRolesForUser(name string) ([]string, error)
- func (e *Enforcer) GetRolesForUserInDomain(name string, domain string) []string
- func (e *Enforcer) GetUsersForRole(name string) ([]string, error)
- func (e *Enforcer) GetUsersForRoleInDomain(name string, domain string) []string
- func (e *Enforcer) HasGroupingPolicy(params ...interface{}) bool
- func (e *Enforcer) HasNamedGroupingPolicy(ptype string, params ...interface{}) bool
- func (e *Enforcer) HasNamedPolicy(ptype string, params ...interface{}) bool
- func (e *Enforcer) HasPermissionForUser(user string, permission ...string) bool
- func (e *Enforcer) HasPolicy(params ...interface{}) bool
- func (e *Enforcer) HasRoleForUser(name string, role string) (bool, error)
- func (e *Enforcer) InitWithAdapter(modelPath string, adapter persist.Adapter)
- func (e *Enforcer) InitWithFile(modelPath string, policyPath string)
- func (e *Enforcer) InitWithModelAndAdapter(m model.Model, adapter persist.Adapter)
- func (e *Enforcer) IsFiltered() bool
- func (e *Enforcer) LoadFilteredPolicy(filter interface{}) error
- func (e *Enforcer) LoadModel()
- func (e *Enforcer) LoadModelSafe() (err error)
- func (e *Enforcer) LoadPolicy() error
- func (e *Enforcer) RemoveFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) bool
- func (e *Enforcer) RemoveFilteredGroupingPolicySafe(fieldIndex int, fieldValues ...string) (result bool, err error)
- func (e *Enforcer) RemoveFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) bool
- func (e *Enforcer) RemoveFilteredNamedGroupingPolicySafe(ptype string, fieldIndex int, fieldValues ...string) (result bool, err error)
- func (e *Enforcer) RemoveFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) bool
- func (e *Enforcer) RemoveFilteredPolicy(fieldIndex int, fieldValues ...string) bool
- func (e *Enforcer) RemoveFilteredPolicySafe(fieldIndex int, fieldValues ...string) (result bool, err error)
- func (e *Enforcer) RemoveGroupingPolicy(params ...interface{}) bool
- func (e *Enforcer) RemoveGroupingPolicySafe(params ...interface{}) (result bool, err error)
- func (e *Enforcer) RemoveNamedGroupingPolicy(ptype string, params ...interface{}) bool
- func (e *Enforcer) RemoveNamedGroupingPolicySafe(ptype string, params ...interface{}) (result bool, err error)
- func (e *Enforcer) RemoveNamedPolicy(ptype string, params ...interface{}) bool
- func (e *Enforcer) RemovePolicy(params ...interface{}) bool
- func (e *Enforcer) RemovePolicySafe(params ...interface{}) (result bool, err error)
- func (e *Enforcer) SavePolicy() error
- func (e *Enforcer) SetAdapter(adapter persist.Adapter)
- func (e *Enforcer) SetEffector(eft effect.Effector)
- func (e *Enforcer) SetModel(m model.Model)
- func (e *Enforcer) SetRoleManager(rm rbac.RoleManager)
- func (e *Enforcer) SetWatcher(watcher persist.Watcher)
- type SyncedEnforcer
- func (e *SyncedEnforcer) AddGroupingPolicy(params ...interface{}) bool
- func (e *SyncedEnforcer) AddPermissionForUser(user string, permission ...string) bool
- func (e *SyncedEnforcer) AddPolicy(params ...interface{}) bool
- func (e *SyncedEnforcer) AddPolicySafe(params ...interface{}) (result bool, err error)
- func (e *SyncedEnforcer) AddRoleForUser(user string, role string) bool
- func (e *SyncedEnforcer) AddRoleForUserInDomain(user string, role string, domain string) bool
- func (e *SyncedEnforcer) BuildRoleLinks()
- func (e *SyncedEnforcer) ClearPolicy()
- func (e *SyncedEnforcer) DeletePermission(permission ...string) bool
- func (e *SyncedEnforcer) DeletePermissionForUser(user string, permission ...string) bool
- func (e *SyncedEnforcer) DeletePermissionsForUser(user string) bool
- func (e *SyncedEnforcer) DeleteRole(role string)
- func (e *SyncedEnforcer) DeleteRoleForUser(user string, role string) bool
- func (e *SyncedEnforcer) DeleteRoleForUserInDomain(user string, role string, domain string) bool
- func (e *SyncedEnforcer) DeleteRolesForUser(user string) bool
- func (e *SyncedEnforcer) DeleteUser(user string) bool
- func (e *SyncedEnforcer) Enforce(rvals ...interface{}) bool
- func (e *SyncedEnforcer) EnforceSafe(rvals ...interface{}) (result bool, err error)
- func (e *SyncedEnforcer) GetAllActions() []string
- func (e *SyncedEnforcer) GetAllObjects() []string
- func (e *SyncedEnforcer) GetAllRoles() []string
- func (e *SyncedEnforcer) GetAllSubjects() []string
- func (e *SyncedEnforcer) GetFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) [][]string
- func (e *SyncedEnforcer) GetFilteredPolicy(fieldIndex int, fieldValues ...string) [][]string
- func (e *SyncedEnforcer) GetGroupingPolicy() [][]string
- func (e *SyncedEnforcer) GetPermissionsForUser(user string) [][]string
- func (e *SyncedEnforcer) GetPermissionsForUserInDomain(user string, domain string) [][]string
- func (e *SyncedEnforcer) GetPolicy() [][]string
- func (e *SyncedEnforcer) GetRolesForUser(name string) ([]string, error)
- func (e *SyncedEnforcer) GetRolesForUserInDomain(name string, domain string) []string
- func (e *SyncedEnforcer) GetUsersForRole(name string) ([]string, error)
- func (e *SyncedEnforcer) GetUsersForRoleInDomain(name string, domain string) []string
- func (e *SyncedEnforcer) HasGroupingPolicy(params ...interface{}) bool
- func (e *SyncedEnforcer) HasPermissionForUser(user string, permission ...string) bool
- func (e *SyncedEnforcer) HasPolicy(params ...interface{}) bool
- func (e *SyncedEnforcer) HasRoleForUser(name string, role string) (bool, error)
- func (e *SyncedEnforcer) LoadModelSafe() (err error)
- func (e *SyncedEnforcer) LoadPolicy() error
- func (e *SyncedEnforcer) RemoveFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) bool
- func (e *SyncedEnforcer) RemoveFilteredPolicy(fieldIndex int, fieldValues ...string) bool
- func (e *SyncedEnforcer) RemoveFilteredPolicySafe(fieldIndex int, fieldValues ...string) (result bool, err error)
- func (e *SyncedEnforcer) RemoveGroupingPolicy(params ...interface{}) bool
- func (e *SyncedEnforcer) RemovePolicy(params ...interface{}) bool
- func (e *SyncedEnforcer) RemovePolicySafe(params ...interface{}) (result bool, err error)
- func (e *SyncedEnforcer) SavePolicy() error
- func (e *SyncedEnforcer) SetWatcher(watcher persist.Watcher)
- func (e *SyncedEnforcer) StartAutoLoadPolicy(d time.Duration)
- func (e *SyncedEnforcer) StopAutoLoadPolicy()
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CachedEnforcer ¶ added in v1.6.0
type CachedEnforcer struct { *Enforcer // contains filtered or unexported fields }
CachedEnforcer wraps Enforcer and provides decision cache
func NewCachedEnforcer ¶ added in v1.6.0
func NewCachedEnforcer(params ...interface{}) *CachedEnforcer
NewCachedEnforcer creates a cached enforcer via file or DB.
func (*CachedEnforcer) EnableCache ¶ added in v1.6.0
func (e *CachedEnforcer) EnableCache(enableCache bool)
EnableCache determines whether to enable cache on Enforce(). When enableCache is enabled, cached result (true | false) will be returned for previous decisions.
func (*CachedEnforcer) Enforce ¶ added in v1.6.0
func (e *CachedEnforcer) Enforce(rvals ...interface{}) bool
Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). if rvals is not string , ingore the cache
func (*CachedEnforcer) InvalidateCache ¶ added in v1.6.0
func (e *CachedEnforcer) InvalidateCache()
InvalidateCache deletes all the existing cached decisions.
type Enforcer ¶
type Enforcer struct {
// contains filtered or unexported fields
}
Enforcer is the main interface for authorization enforcement and policy management.
func NewEnforcer ¶ added in v0.0.5
func NewEnforcer(params ...interface{}) *Enforcer
NewEnforcer creates an enforcer via file or DB. File: e := casbin.NewEnforcer("path/to/basic_model.conf", "path/to/basic_policy.csv") MySQL DB: a := mysqladapter.NewDBAdapter("mysql", "mysql_username:mysql_password@tcp(127.0.0.1:3306)/") e := casbin.NewEnforcer("path/to/basic_model.conf", a)
func NewEnforcerSafe ¶ added in v0.3.0
NewEnforcerSafe calls NewEnforcer in a safe way, returns error instead of causing panic.
func (*Enforcer) AddFunction ¶ added in v0.0.6
func (e *Enforcer) AddFunction(name string, function func(args ...interface{}) (interface{}, error))
AddFunction adds a customized function.
func (*Enforcer) AddGroupingPolicy ¶ added in v0.0.2
AddGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
func (*Enforcer) AddGroupingPolicySafe ¶ added in v1.8.0
AddGroupingPolicySafe calls AddGroupingPolicy in a safe way, returns error instead of causing panic.
func (*Enforcer) AddNamedGroupingPolicy ¶ added in v1.1.0
AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
func (*Enforcer) AddNamedGroupingPolicySafe ¶ added in v1.8.0
func (e *Enforcer) AddNamedGroupingPolicySafe(ptype string, params ...interface{}) (result bool, err error)
AddNamedGroupingPolicySafe calls AddNamedGroupingPolicy in a safe way, returns error instead of causing panic.
func (*Enforcer) AddNamedPolicy ¶ added in v1.1.0
AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
func (*Enforcer) AddNamedPolicySafe ¶ added in v1.8.0
AddNamedPolicySafe calls AddNamedPolicy in a safe way, returns error instead of causing panic.
func (*Enforcer) AddPermissionForUser ¶ added in v0.0.5
AddPermissionForUser adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).
func (*Enforcer) AddPolicy ¶ added in v0.0.2
AddPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
func (*Enforcer) AddPolicySafe ¶ added in v1.3.0
AddPolicySafe calls AddPolicy in a safe way, returns error instead of causing panic.
func (*Enforcer) AddRoleForUser ¶ added in v0.0.5
AddRoleForUser adds a role for a user. Returns false if the user already has the role (aka not affected).
func (*Enforcer) AddRoleForUserInDomain ¶ added in v1.0.0
AddRoleForUserInDomain adds a role for a user inside a domain. Returns false if the user already has the role (aka not affected).
func (*Enforcer) BuildRoleLinks ¶ added in v1.1.0
func (e *Enforcer) BuildRoleLinks()
BuildRoleLinks manually rebuild the role inheritance relations.
func (*Enforcer) ClearPolicy ¶ added in v0.0.5
func (e *Enforcer) ClearPolicy()
ClearPolicy clears all policy.
func (*Enforcer) DeletePermission ¶ added in v0.0.5
DeletePermission deletes a permission. Returns false if the permission does not exist (aka not affected).
func (*Enforcer) DeletePermissionForUser ¶ added in v0.6.0
DeletePermissionForUser deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected).
func (*Enforcer) DeletePermissionsForUser ¶ added in v0.0.5
DeletePermissionsForUser deletes permissions for a user or role. Returns false if the user or role does not have any permissions (aka not affected).
func (*Enforcer) DeleteRole ¶ added in v0.0.5
DeleteRole deletes a role.
func (*Enforcer) DeleteRoleForUser ¶ added in v0.6.0
DeleteRoleForUser deletes a role for a user. Returns false if the user does not have the role (aka not affected).
func (*Enforcer) DeleteRoleForUserInDomain ¶ added in v1.0.0
DeleteRoleForUserInDomain deletes a role for a user inside a domain. Returns false if the user does not have the role (aka not affected).
func (*Enforcer) DeleteRolesForUser ¶ added in v0.0.5
DeleteRolesForUser deletes all roles for a user. Returns false if the user does not have any roles (aka not affected).
func (*Enforcer) DeleteUser ¶ added in v0.0.5
DeleteUser deletes a user. Returns false if the user does not exist (aka not affected).
func (*Enforcer) EnableAutoBuildRoleLinks ¶ added in v1.1.0
EnableAutoBuildRoleLinks controls whether to rebuild the role inheritance relations when a role is added or deleted.
func (*Enforcer) EnableAutoSave ¶ added in v0.10.0
EnableAutoSave controls whether to save a policy rule automatically to the adapter when it is added or removed.
func (*Enforcer) EnableEnforce ¶ added in v0.10.0
EnableEnforce changes the enforcing state of Casbin, when Casbin is disabled, all access will be allowed by the Enforce() function.
func (*Enforcer) EnableLog ¶ added in v0.6.0
EnableLog changes whether Casbin will log messages to the Logger.
func (*Enforcer) Enforce ¶ added in v0.0.2
Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).
func (*Enforcer) EnforceSafe ¶ added in v0.3.0
EnforceSafe calls Enforce in a safe way, returns error instead of causing panic.
func (*Enforcer) GetAdapter ¶ added in v0.8.0
GetAdapter gets the current adapter.
func (*Enforcer) GetAllActions ¶ added in v0.0.2
GetAllActions gets the list of actions that show up in the current policy.
func (*Enforcer) GetAllNamedActions ¶ added in v1.1.0
GetAllNamedActions gets the list of actions that show up in the current named policy.
func (*Enforcer) GetAllNamedObjects ¶ added in v1.1.0
GetAllNamedObjects gets the list of objects that show up in the current named policy.
func (*Enforcer) GetAllNamedRoles ¶ added in v1.1.0
GetAllNamedRoles gets the list of roles that show up in the current named policy.
func (*Enforcer) GetAllNamedSubjects ¶ added in v1.1.0
GetAllNamedSubjects gets the list of subjects that show up in the current named policy.
func (*Enforcer) GetAllObjects ¶ added in v0.0.2
GetAllObjects gets the list of objects that show up in the current policy.
func (*Enforcer) GetAllRoles ¶ added in v0.0.2
GetAllRoles gets the list of roles that show up in the current policy.
func (*Enforcer) GetAllSubjects ¶ added in v0.0.2
GetAllSubjects gets the list of subjects that show up in the current policy.
func (*Enforcer) GetFilteredGroupingPolicy ¶ added in v0.9.0
GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
func (*Enforcer) GetFilteredNamedGroupingPolicy ¶ added in v1.1.0
func (e *Enforcer) GetFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) [][]string
GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
func (*Enforcer) GetFilteredNamedPolicy ¶ added in v1.1.0
func (e *Enforcer) GetFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) [][]string
GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.
func (*Enforcer) GetFilteredPolicy ¶ added in v0.0.2
GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.
func (*Enforcer) GetGroupingPolicy ¶ added in v0.0.2
GetGroupingPolicy gets all the role inheritance rules in the policy.
func (*Enforcer) GetImplicitPermissionsForUser ¶ added in v1.7.0
GetImplicitPermissionsForUser gets implicit permissions for a user or role. Compared to GetPermissionsForUser(), this function retrieves permissions for inherited roles. For example: p, admin, data1, read p, alice, data2, read g, alice, admin
GetPermissionsForUser("alice") can only get: [["alice", "data2", "read"]]. But GetImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].
func (*Enforcer) GetImplicitRolesForUser ¶ added in v1.7.0
GetImplicitRolesForUser gets implicit roles that a user has. Compared to GetRolesForUser(), this function retrieves indirect roles besides direct roles. For example: g, alice, role:admin g, role:admin, role:user
GetRolesForUser("alice") can only get: ["role:admin"]. But GetImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].
func (*Enforcer) GetImplicitUsersForPermission ¶ added in v1.9.0
GetImplicitUsersForPermission gets implicit users for a permission. For example: p, admin, data1, read p, bob, data1, read g, alice, admin
GetImplicitUsersForPermission("data1", "read") will get: ["alice", "bob"]. Note: only users will be returned, roles (2nd arg in "g") will be excluded.
func (*Enforcer) GetNamedGroupingPolicy ¶ added in v1.1.0
GetNamedGroupingPolicy gets all the role inheritance rules in the policy.
func (*Enforcer) GetNamedPolicy ¶ added in v1.1.0
GetNamedPolicy gets all the authorization rules in the named policy.
func (*Enforcer) GetPermissionsForUser ¶ added in v0.0.5
GetPermissionsForUser gets permissions for a user or role.
func (*Enforcer) GetPermissionsForUserInDomain ¶ added in v1.0.0
GetPermissionsForUserInDomain gets permissions for a user or role inside a domain.
func (*Enforcer) GetPolicy ¶ added in v0.0.2
GetPolicy gets all the authorization rules in the policy.
func (*Enforcer) GetRolesForUser ¶ added in v0.0.5
GetRolesForUser gets the roles that a user has.
func (*Enforcer) GetRolesForUserInDomain ¶ added in v1.0.0
GetRolesForUserInDomain gets the roles that a user has inside a domain.
func (*Enforcer) GetUsersForRole ¶ added in v0.7.0
GetUsersForRole gets the users that has a role.
func (*Enforcer) GetUsersForRoleInDomain ¶ added in v1.8.0
GetUsersForRoleInDomain gets the users that has a role inside a domain. Add by Gordon
func (*Enforcer) HasGroupingPolicy ¶ added in v0.6.0
HasGroupingPolicy determines whether a role inheritance rule exists.
func (*Enforcer) HasNamedGroupingPolicy ¶ added in v1.1.0
HasNamedGroupingPolicy determines whether a named role inheritance rule exists.
func (*Enforcer) HasNamedPolicy ¶ added in v1.1.0
HasNamedPolicy determines whether a named authorization rule exists.
func (*Enforcer) HasPermissionForUser ¶ added in v0.6.0
HasPermissionForUser determines whether a user has a permission.
func (*Enforcer) HasPolicy ¶ added in v0.6.0
HasPolicy determines whether an authorization rule exists.
func (*Enforcer) HasRoleForUser ¶ added in v0.6.0
HasRoleForUser determines whether a user has a role.
func (*Enforcer) InitWithAdapter ¶ added in v0.0.5
InitWithAdapter initializes an enforcer with a database adapter.
func (*Enforcer) InitWithFile ¶ added in v0.0.5
InitWithFile initializes an enforcer with a model file and a policy file.
func (*Enforcer) InitWithModelAndAdapter ¶ added in v0.8.0
InitWithModelAndAdapter initializes an enforcer with a model and a database adapter.
func (*Enforcer) IsFiltered ¶ added in v1.5.0
IsFiltered returns true if the loaded policy has been filtered.
func (*Enforcer) LoadFilteredPolicy ¶ added in v1.5.0
LoadFilteredPolicy reloads a filtered policy from file/database.
func (*Enforcer) LoadModel ¶ added in v0.0.5
func (e *Enforcer) LoadModel()
LoadModel reloads the model from the model CONF file. Because the policy is attached to a model, so the policy is invalidated and needs to be reloaded by calling LoadPolicy().
func (*Enforcer) LoadModelSafe ¶ added in v0.3.0
LoadModelSafe calls LoadModel in a safe way, returns error instead of causing panic.
func (*Enforcer) LoadPolicy ¶ added in v0.0.2
LoadPolicy reloads the policy from file/database.
func (*Enforcer) RemoveFilteredGroupingPolicy ¶ added in v0.0.5
RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.
func (*Enforcer) RemoveFilteredGroupingPolicySafe ¶ added in v1.8.0
func (e *Enforcer) RemoveFilteredGroupingPolicySafe(fieldIndex int, fieldValues ...string) (result bool, err error)
RemoveFilteredGroupingPolicySafe calls RemoveFilteredGroupingPolicy in a safe way, returns error instead of causing panic.
func (*Enforcer) RemoveFilteredNamedGroupingPolicy ¶ added in v1.1.0
func (e *Enforcer) RemoveFilteredNamedGroupingPolicy(ptype string, fieldIndex int, fieldValues ...string) bool
RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.
func (*Enforcer) RemoveFilteredNamedGroupingPolicySafe ¶ added in v1.8.0
func (e *Enforcer) RemoveFilteredNamedGroupingPolicySafe(ptype string, fieldIndex int, fieldValues ...string) (result bool, err error)
RemoveFilteredNamedGroupingPolicySafe calls RemoveFilteredNamedGroupingPolicy in a safe way, returns error instead of causing panic.
func (*Enforcer) RemoveFilteredNamedPolicy ¶ added in v1.1.0
func (e *Enforcer) RemoveFilteredNamedPolicy(ptype string, fieldIndex int, fieldValues ...string) bool
RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.
func (*Enforcer) RemoveFilteredPolicy ¶ added in v0.0.5
RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified.
func (*Enforcer) RemoveFilteredPolicySafe ¶ added in v1.3.0
func (e *Enforcer) RemoveFilteredPolicySafe(fieldIndex int, fieldValues ...string) (result bool, err error)
RemoveFilteredPolicySafe calls RemoveFilteredPolicy in a safe way, returns error instead of causing panic.
func (*Enforcer) RemoveGroupingPolicy ¶ added in v0.0.2
RemoveGroupingPolicy removes a role inheritance rule from the current policy.
func (*Enforcer) RemoveGroupingPolicySafe ¶ added in v1.8.0
RemoveGroupingPolicySafe calls RemoveGroupingPolicy in a safe way, returns error instead of causing panic.
func (*Enforcer) RemoveNamedGroupingPolicy ¶ added in v1.1.0
RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy.
func (*Enforcer) RemoveNamedGroupingPolicySafe ¶ added in v1.8.0
func (e *Enforcer) RemoveNamedGroupingPolicySafe(ptype string, params ...interface{}) (result bool, err error)
RemoveNamedGroupingPolicySafe calls RemoveNamedGroupingPolicy in a safe way, returns error instead of causing panic.
func (*Enforcer) RemoveNamedPolicy ¶ added in v1.1.0
RemoveNamedPolicy removes an authorization rule from the current named policy.
func (*Enforcer) RemovePolicy ¶ added in v0.0.2
RemovePolicy removes an authorization rule from the current policy.
func (*Enforcer) RemovePolicySafe ¶ added in v1.3.0
RemovePolicySafe calls RemovePolicy in a safe way, returns error instead of causing panic.
func (*Enforcer) SavePolicy ¶ added in v0.0.2
SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database.
func (*Enforcer) SetAdapter ¶ added in v0.8.0
SetAdapter sets the current adapter.
func (*Enforcer) SetEffector ¶ added in v1.5.0
SetEffector sets the current effector.
func (*Enforcer) SetRoleManager ¶ added in v1.0.0
func (e *Enforcer) SetRoleManager(rm rbac.RoleManager)
SetRoleManager sets the current role manager.
func (*Enforcer) SetWatcher ¶ added in v1.2.0
SetWatcher sets the current watcher.
type SyncedEnforcer ¶ added in v1.1.0
type SyncedEnforcer struct { *Enforcer // contains filtered or unexported fields }
SyncedEnforcer wraps Enforcer and provides synchronized access
func NewSyncedEnforcer ¶ added in v1.1.0
func NewSyncedEnforcer(params ...interface{}) *SyncedEnforcer
NewSyncedEnforcer creates a synchronized enforcer via file or DB.
func NewSyncedEnforcerSafe ¶ added in v1.8.0
func NewSyncedEnforcerSafe(params ...interface{}) (enforcer *SyncedEnforcer, err error)
NewSyncedEnforcerSafe creates a synchronized enforcer via file or DB.
func (*SyncedEnforcer) AddGroupingPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) AddGroupingPolicy(params ...interface{}) bool
AddGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
func (*SyncedEnforcer) AddPermissionForUser ¶ added in v1.4.0
func (e *SyncedEnforcer) AddPermissionForUser(user string, permission ...string) bool
AddPermissionForUser adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).
func (*SyncedEnforcer) AddPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) AddPolicy(params ...interface{}) bool
AddPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
func (*SyncedEnforcer) AddPolicySafe ¶ added in v1.8.0
func (e *SyncedEnforcer) AddPolicySafe(params ...interface{}) (result bool, err error)
AddPolicySafe calls AddPolicy in a safe way, returns error instead of causing panic.
func (*SyncedEnforcer) AddRoleForUser ¶ added in v1.4.0
func (e *SyncedEnforcer) AddRoleForUser(user string, role string) bool
AddRoleForUser adds a role for a user. Returns false if the user already has the role (aka not affected).
func (*SyncedEnforcer) AddRoleForUserInDomain ¶ added in v1.8.2
func (e *SyncedEnforcer) AddRoleForUserInDomain(user string, role string, domain string) bool
AddRoleForUserInDomain adds a role for a user inside a domain. Returns false if the user already has the role (aka not affected).
func (*SyncedEnforcer) BuildRoleLinks ¶ added in v1.4.0
func (e *SyncedEnforcer) BuildRoleLinks()
BuildRoleLinks manually rebuild the role inheritance relations.
func (*SyncedEnforcer) ClearPolicy ¶ added in v1.4.0
func (e *SyncedEnforcer) ClearPolicy()
ClearPolicy clears all policy.
func (*SyncedEnforcer) DeletePermission ¶ added in v1.4.0
func (e *SyncedEnforcer) DeletePermission(permission ...string) bool
DeletePermission deletes a permission. Returns false if the permission does not exist (aka not affected).
func (*SyncedEnforcer) DeletePermissionForUser ¶ added in v1.4.0
func (e *SyncedEnforcer) DeletePermissionForUser(user string, permission ...string) bool
DeletePermissionForUser deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected).
func (*SyncedEnforcer) DeletePermissionsForUser ¶ added in v1.4.0
func (e *SyncedEnforcer) DeletePermissionsForUser(user string) bool
DeletePermissionsForUser deletes permissions for a user or role. Returns false if the user or role does not have any permissions (aka not affected).
func (*SyncedEnforcer) DeleteRole ¶ added in v1.4.0
func (e *SyncedEnforcer) DeleteRole(role string)
DeleteRole deletes a role.
func (*SyncedEnforcer) DeleteRoleForUser ¶ added in v1.4.0
func (e *SyncedEnforcer) DeleteRoleForUser(user string, role string) bool
DeleteRoleForUser deletes a role for a user. Returns false if the user does not have the role (aka not affected).
func (*SyncedEnforcer) DeleteRoleForUserInDomain ¶ added in v1.8.2
func (e *SyncedEnforcer) DeleteRoleForUserInDomain(user string, role string, domain string) bool
DeleteRoleForUserInDomain deletes a role for a user inside a domain. Returns false if the user does not have the role (aka not affected).
func (*SyncedEnforcer) DeleteRolesForUser ¶ added in v1.4.0
func (e *SyncedEnforcer) DeleteRolesForUser(user string) bool
DeleteRolesForUser deletes all roles for a user. Returns false if the user does not have any roles (aka not affected).
func (*SyncedEnforcer) DeleteUser ¶ added in v1.4.0
func (e *SyncedEnforcer) DeleteUser(user string) bool
DeleteUser deletes a user. Returns false if the user does not exist (aka not affected).
func (*SyncedEnforcer) Enforce ¶ added in v1.1.0
func (e *SyncedEnforcer) Enforce(rvals ...interface{}) bool
Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).
func (*SyncedEnforcer) EnforceSafe ¶ added in v1.8.0
func (e *SyncedEnforcer) EnforceSafe(rvals ...interface{}) (result bool, err error)
EnforceSafe calls Enforce in a safe way, returns error instead of causing panic.
func (*SyncedEnforcer) GetAllActions ¶ added in v1.1.0
func (e *SyncedEnforcer) GetAllActions() []string
GetAllActions gets the list of actions that show up in the current policy.
func (*SyncedEnforcer) GetAllObjects ¶ added in v1.1.0
func (e *SyncedEnforcer) GetAllObjects() []string
GetAllObjects gets the list of objects that show up in the current policy.
func (*SyncedEnforcer) GetAllRoles ¶ added in v1.1.0
func (e *SyncedEnforcer) GetAllRoles() []string
GetAllRoles gets the list of roles that show up in the current policy.
func (*SyncedEnforcer) GetAllSubjects ¶ added in v1.1.0
func (e *SyncedEnforcer) GetAllSubjects() []string
GetAllSubjects gets the list of subjects that show up in the current policy.
func (*SyncedEnforcer) GetFilteredGroupingPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) GetFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) [][]string
GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
func (*SyncedEnforcer) GetFilteredPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) GetFilteredPolicy(fieldIndex int, fieldValues ...string) [][]string
GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.
func (*SyncedEnforcer) GetGroupingPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) GetGroupingPolicy() [][]string
GetGroupingPolicy gets all the role inheritance rules in the policy.
func (*SyncedEnforcer) GetPermissionsForUser ¶ added in v1.4.0
func (e *SyncedEnforcer) GetPermissionsForUser(user string) [][]string
GetPermissionsForUser gets permissions for a user or role.
func (*SyncedEnforcer) GetPermissionsForUserInDomain ¶ added in v1.8.2
func (e *SyncedEnforcer) GetPermissionsForUserInDomain(user string, domain string) [][]string
GetPermissionsForUserInDomain gets permissions for a user or role inside a domain.
func (*SyncedEnforcer) GetPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) GetPolicy() [][]string
GetPolicy gets all the authorization rules in the policy.
func (*SyncedEnforcer) GetRolesForUser ¶ added in v1.4.0
func (e *SyncedEnforcer) GetRolesForUser(name string) ([]string, error)
GetRolesForUser gets the roles that a user has.
func (*SyncedEnforcer) GetRolesForUserInDomain ¶ added in v1.8.2
func (e *SyncedEnforcer) GetRolesForUserInDomain(name string, domain string) []string
GetRolesForUserInDomain gets the roles that a user has inside a domain.
func (*SyncedEnforcer) GetUsersForRole ¶ added in v1.4.0
func (e *SyncedEnforcer) GetUsersForRole(name string) ([]string, error)
GetUsersForRole gets the users that has a role.
func (*SyncedEnforcer) GetUsersForRoleInDomain ¶ added in v1.8.2
func (e *SyncedEnforcer) GetUsersForRoleInDomain(name string, domain string) []string
GetUsersForRoleInDomain gets the users that has a role inside a domain. Add by Gordon
func (*SyncedEnforcer) HasGroupingPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) HasGroupingPolicy(params ...interface{}) bool
HasGroupingPolicy determines whether a role inheritance rule exists.
func (*SyncedEnforcer) HasPermissionForUser ¶ added in v1.4.0
func (e *SyncedEnforcer) HasPermissionForUser(user string, permission ...string) bool
HasPermissionForUser determines whether a user has a permission.
func (*SyncedEnforcer) HasPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) HasPolicy(params ...interface{}) bool
HasPolicy determines whether an authorization rule exists.
func (*SyncedEnforcer) HasRoleForUser ¶ added in v1.4.0
func (e *SyncedEnforcer) HasRoleForUser(name string, role string) (bool, error)
HasRoleForUser determines whether a user has a role.
func (*SyncedEnforcer) LoadModelSafe ¶ added in v1.8.0
func (e *SyncedEnforcer) LoadModelSafe() (err error)
LoadModelSafe calls LoadModel in a safe way, returns error instead of causing panic.
func (*SyncedEnforcer) LoadPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) LoadPolicy() error
LoadPolicy reloads the policy from file/database.
func (*SyncedEnforcer) RemoveFilteredGroupingPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) RemoveFilteredGroupingPolicy(fieldIndex int, fieldValues ...string) bool
RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.
func (*SyncedEnforcer) RemoveFilteredPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) RemoveFilteredPolicy(fieldIndex int, fieldValues ...string) bool
RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified.
func (*SyncedEnforcer) RemoveFilteredPolicySafe ¶ added in v1.8.0
func (e *SyncedEnforcer) RemoveFilteredPolicySafe(fieldIndex int, fieldValues ...string) (result bool, err error)
RemoveFilteredPolicySafe calls RemoveFilteredPolicy in a safe way, returns error instead of causing panic.
func (*SyncedEnforcer) RemoveGroupingPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) RemoveGroupingPolicy(params ...interface{}) bool
RemoveGroupingPolicy removes a role inheritance rule from the current policy.
func (*SyncedEnforcer) RemovePolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) RemovePolicy(params ...interface{}) bool
RemovePolicy removes an authorization rule from the current policy.
func (*SyncedEnforcer) RemovePolicySafe ¶ added in v1.8.0
func (e *SyncedEnforcer) RemovePolicySafe(params ...interface{}) (result bool, err error)
RemovePolicySafe calls RemovePolicy in a safe way, returns error instead of causing panic.
func (*SyncedEnforcer) SavePolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) SavePolicy() error
SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database.
func (*SyncedEnforcer) SetWatcher ¶ added in v1.4.0
func (e *SyncedEnforcer) SetWatcher(watcher persist.Watcher)
SetWatcher sets the current watcher.
func (*SyncedEnforcer) StartAutoLoadPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) StartAutoLoadPolicy(d time.Duration)
StartAutoLoadPolicy starts a go routine that will every specified duration call LoadPolicy
func (*SyncedEnforcer) StopAutoLoadPolicy ¶ added in v1.1.0
func (e *SyncedEnforcer) StopAutoLoadPolicy()
StopAutoLoadPolicy causes the go routine to exit.