MCPcopy Index your code
hub / github.com/apache/casbin / GetImplicitObjectPatternsForUser

Method GetImplicitObjectPatternsForUser

rbac_api.go:663–708  ·  view source on GitHub ↗

GetImplicitObjectPatternsForUser returns all object patterns (with wildcards) that a user has for a given domain and action. For example: p, admin, chronicle/123, location/*, read p, user, chronicle/456, location/789, read g, alice, admin g, bob, user GetImplicitObjectPatternsForUser("alice", "chro

(user string, domain string, action string)

Source from the content-addressed store, hash-verified

661// GetImplicitObjectPatternsForUser("alice", "chronicle/123", "read") will return ["location/*"].
662// GetImplicitObjectPatternsForUser("bob", "chronicle/456", "read") will return ["location/789"].
663func (e *Enforcer) GetImplicitObjectPatternsForUser(user string, domain string, action string) ([]string, error) {
664 roles, err := e.GetImplicitRolesForUser(user, domain)
665 if err != nil {
666 return nil, err
667 }
668
669 subjects := append([]string{user}, roles...)
670 subjectIndex, _ := e.GetFieldIndex("p", constant.SubjectIndex)
671 domainIndex, _ := e.GetFieldIndex("p", constant.DomainIndex)
672 objectIndex, _ := e.GetFieldIndex("p", constant.ObjectIndex)
673 actionIndex, _ := e.GetFieldIndex("p", constant.ActionIndex)
674
675 patterns := make(map[string]struct{})
676 for _, rule := range e.model["p"]["p"].Policy {
677 sub := rule[subjectIndex]
678 matched := false
679 for _, subject := range subjects {
680 if sub == subject {
681 matched = true
682 break
683 }
684 }
685 if !matched {
686 continue
687 }
688
689 if !e.matchDomain(domainIndex, domain, rule) {
690 continue
691 }
692
693 ruleAction := rule[actionIndex]
694 if ruleAction != action && ruleAction != "*" {
695 continue
696 }
697
698 obj := rule[objectIndex]
699 patterns[obj] = struct{}{}
700 }
701
702 result := make([]string, 0, len(patterns))
703 for pattern := range patterns {
704 result = append(result, pattern)
705 }
706
707 return result, nil
708}
709
710// matchDomain checks if the domain matches the rule domain using pattern matching.
711func (e *Enforcer) matchDomain(domainIndex int, domain string, rule []string) bool {

Callers 1

Calls 3

GetFieldIndexMethod · 0.95
matchDomainMethod · 0.95

Tested by 1