Skip to main content

RBAC with Domains API

A more friendly API for RBAC with domains. This API is a subset of Management API. The RBAC users could use this API to simplify the code.

Reference

global variable e is Enforcer instance.

e, err := NewEnforcer("examples/rbac_with_domains_model.conf", "examples/rbac_with_domains_policy.csv")

GetUsersForRoleInDomain()

GetUsersForRoleInDomain gets the users that has a role inside a domain.

For example:

res := e.GetUsersForRoleInDomain("admin", "domain1")

GetRolesForUserInDomain()

GetRolesForUserInDomain gets the roles that a user has inside a domain.

For example:

res := e.GetRolesForUserInDomain("admin", "domain1")

GetPermissionsForUserInDomain()

GetPermissionsForUserInDomain gets permissions for a user or role inside a domain.

For example:

res := e.GetPermissionsForUserInDomain("alice", "domain1")

AddRoleForUserInDomain()

AddRoleForUserInDomain adds a role for a user inside a domain. Returns false if the user already has the role (aka not affected).

For example:

ok, err := e.AddRoleForUserInDomain("alice", "admin", "domain1")

DeleteRoleForUserInDomain()

DeleteRoleForUserInDomain deletes a role for a user inside a domain. Returns false if the user does not have the role (aka not affected).

For example:

ok, err := e.DeleteRoleForUserInDomain("alice", "admin", "domain1")

DeleteRolesForUserInDomain()

DeleteRolesForUserInDomain deletes all roles for a user inside a domain. Returns false if the user does not have any roles (aka not affected).

For example:

ok, err := e.DeleteRolesForUserInDomain("alice", "domain1")

GetAllUsersByDomain()

GetAllUsersByDomain would get all users associated with the domain. Returns empty string array if has no domain defined in model.

For example:

res := e.GetAllUsersByDomain("domain1")

DeleteAllUsersByDomain()

DeleteAllUsersByDomain would delete all users associated with the domain. Returns false if has no domain defined in model.

For example:

ok, err := e.DeleteAllUsersByDomain("domain1")

DeleteDomains()

DeleteDomains would delete all associated users and roles. It would delete all domains if parameter is not provided.

For example:

ok, err := e.DeleteDomains("domain1", "domain2")

GetAllDomains()

GetAllDomains would get all domains.

For example:

res, _ := e.GetAllDomains()
note

If you are handling a domain like name::domain, it may lead to unexpected behavior. In Casbin, :: is a reversed keyword, just like for, if in a programming language, we should never put :: in a domain.

GetImplicitUsersForResourceByDomain()

GetImplicitUsersForResourceByDomain return implicit user based on resource and domain.

For example:

p, admin, domain1, data1, read
p, admin, domain1, data1, write
p, admin, domain2, data2, read
p, admin, domain2, data2, write
g, alice, admin, domain1
g, bob, admin, domain2

GetImplicitUsersForResourceByDomain("data1", "domain1") will return [["alice", "domain1", "data1", "read"],["alice", "domain1", "data1", "write"]], nil

ImplicitUsers, err := e.GetImplicitUsersForResourceByDomain("data1", "domain1")
note

Only users will be returned, roles (2nd arg in "g") will be excluded.