sessionrolemanager

package module
Version: v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 10, 2018 License: Apache-2.0 Imports: 4 Imported by: 0

README

Session Role Manager Build Status Coverage Status Godoc

Session Role Manager is the Session-based role manager for Casbin. With this library, Casbin can load session-based role hierarchy (user-role mapping) from Casbin policy or save role hierarchy to it. The session is only active in the specified time range.

Installation

go get github.com/casbin/session-role-manager

Simple Example

package main

import (
	"github.com/casbin/casbin"
	"github.com/casbin/casbin/file-adapter"
	"github.com/casbin/session-role-manager"
)

func main() {
	// NewEnforcer(modelPath, policyPath) automatically uses the default
	// role manager when loading policy. So if we want to use a custom
	// role manager, and this role manager relies on Casbin policy,
	// we should manually set the role manager before loading policy.
	e := casbin.NewEnforcer("examples/rbac_model_with_sessions.conf")

	// Manually set an adapter.
	a := fileadapter.NewAdapter("examples/rbac_policy_with_sessions.csv")
	e.SetAdapter(a)

	// Use our role manager.
	rm := sessionrolemanager.NewRoleManager(10)
	e.SetRoleManager(rm)

	// If our role manager relies on Casbin policy (like reading "g"
	// policy rules), then we have to set the role manager before loading
	// policy.
	//
	// Otherwise, we can set the role manager at any time, because role
	// manager has nothing to do with the adapter.
	e.LoadPolicy()
	
	// Check the permission.
	// the 4th arg is the querying time in UNIX time format.
	e.Enforce("alice", "data1", "read", "1508503308708987131")
}

Getting Help

License

This project is under Apache 2.0 License. See the LICENSE file for the full license text.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewRoleManager

func NewRoleManager(maxHierarchyLevel int) rbac.RoleManager

NewRoleManager is the constructor for creating an instance of the SessionRoleManager implementation.

Types

type RoleManager

type RoleManager struct {
	// contains filtered or unexported fields
}
func (rm *RoleManager) AddLink(name1 string, name2 string, timeRange ...string) error

AddLink adds the inheritance link between role: name1 and role: name2. aka role: name1 inherits role: name2. timeRange is the time range when the role inheritance link is active.

func (*RoleManager) Clear

func (rm *RoleManager) Clear() error

Clear clears all stored data and resets the role manager to the initial state.

func (rm *RoleManager) DeleteLink(name1 string, name2 string, unused ...string) error

DeleteLink deletes the inheritance link between role: name1 and role: name2. aka role: name1 does not inherit role: name2 any more. unused is not used.

func (*RoleManager) GetRoles

func (rm *RoleManager) GetRoles(name string, currentTime ...string) ([]string, error)

GetRoles gets the roles that a subject inherits. currentTime is the querying time for the role inheritance link.

func (*RoleManager) GetUsers

func (rm *RoleManager) GetUsers(name string, currentTime ...string) ([]string, error)

GetUsers gets the users that inherits a subject. currentTime is the querying time for the role inheritance link.

func (rm *RoleManager) HasLink(name1 string, name2 string, requestTime ...string) (bool, error)

HasLink determines whether role: name1 inherits role: name2. requestTime is the querying time for the role inheritance link.

func (*RoleManager) PrintRoles

func (rm *RoleManager) PrintRoles() error

PrintRoles prints all the roles to log.

type Session

type Session struct {
	// contains filtered or unexported fields
}

Session represents the activation of a role inheritance for a specified time. A role inheritance is always bound to its temporal validity. As soon as a session loses its validity, the corresponding role inheritance becomes invalid too.

type SessionRole

type SessionRole struct {
	// contains filtered or unexported fields
}

SessionRole is a modified version of the default role. A SessionRole not only has a name, but also a list of sessions.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL