GetImplicitUsersForResourceByDomain return implicit user based on resource and domain. Compared to GetImplicitUsersForResource, domain is supported.
(resource string, domain string)
| 601 | // GetImplicitUsersForResourceByDomain return implicit user based on resource and domain. |
| 602 | // Compared to GetImplicitUsersForResource, domain is supported. |
| 603 | func (e *Enforcer) GetImplicitUsersForResourceByDomain(resource string, domain string) ([][]string, error) { |
| 604 | permissions := make([][]string, 0) |
| 605 | subjectIndex, _ := e.GetFieldIndex("p", "sub") |
| 606 | objectIndex, _ := e.GetFieldIndex("p", "obj") |
| 607 | domIndex, _ := e.GetFieldIndex("p", "dom") |
| 608 | rm := e.GetRoleManager() |
| 609 | if rm == nil { |
| 610 | return nil, fmt.Errorf("role manager is not initialized") |
| 611 | } |
| 612 | |
| 613 | isRole := make(map[string]bool) |
| 614 | |
| 615 | if roles, err := e.GetAllRolesByDomain(domain); err != nil { |
| 616 | return nil, err |
| 617 | } else { |
| 618 | for _, role := range roles { |
| 619 | isRole[role] = true |
| 620 | } |
| 621 | } |
| 622 | |
| 623 | for _, rule := range e.model["p"]["p"].Policy { |
| 624 | obj := rule[objectIndex] |
| 625 | if obj != resource { |
| 626 | continue |
| 627 | } |
| 628 | |
| 629 | sub := rule[subjectIndex] |
| 630 | |
| 631 | if !isRole[sub] { |
| 632 | permissions = append(permissions, rule) |
| 633 | } else { |
| 634 | if domain != rule[domIndex] { |
| 635 | continue |
| 636 | } |
| 637 | users, err := rm.GetUsers(sub, domain) |
| 638 | if err != nil { |
| 639 | return nil, err |
| 640 | } |
| 641 | |
| 642 | for _, user := range users { |
| 643 | implicitUserRule := deepCopyPolicy(rule) |
| 644 | implicitUserRule[subjectIndex] = user |
| 645 | permissions = append(permissions, implicitUserRule) |
| 646 | } |
| 647 | } |
| 648 | } |
| 649 | |
| 650 | res := removeDuplicatePermissions(permissions) |
| 651 | return res, nil |
| 652 | } |
| 653 | |
| 654 | // GetImplicitObjectPatternsForUser returns all object patterns (with wildcards) that a user has for a given domain and action. |
| 655 | // For example: |