GetNamedImplicitPermissionsForUser gets implicit permissions for a user or role by named policy. Compared to GetNamedPermissionsForUser(), this function retrieves permissions for inherited roles. For example: p, admin, data1, read p2, admin, create g, alice, admin GetImplicitPermissionsForUser("ali
(ptype string, gtype string, user string, domain ...string)
| 318 | // GetImplicitPermissionsForUser("alice") can only get: [["admin", "data1", "read"]], whose policy is default policy "p" |
| 319 | // But you can specify the named policy "p2" to get: [["admin", "create"]] by GetNamedImplicitPermissionsForUser("p2","alice"). |
| 320 | func (e *Enforcer) GetNamedImplicitPermissionsForUser(ptype string, gtype string, user string, domain ...string) ([][]string, error) { |
| 321 | permission := make([][]string, 0) |
| 322 | rm := e.GetNamedRoleManager(gtype) |
| 323 | if rm == nil { |
| 324 | return nil, fmt.Errorf("role manager %s is not initialized", gtype) |
| 325 | } |
| 326 | |
| 327 | roles, err := e.GetNamedImplicitRolesForUser(gtype, user, domain...) |
| 328 | if err != nil { |
| 329 | return nil, err |
| 330 | } |
| 331 | policyRoles := make(map[string]struct{}, len(roles)+1) |
| 332 | policyRoles[user] = struct{}{} |
| 333 | for _, r := range roles { |
| 334 | policyRoles[r] = struct{}{} |
| 335 | } |
| 336 | |
| 337 | domainIndex, err := e.GetFieldIndex(ptype, constant.DomainIndex) |
| 338 | for _, rule := range e.model["p"][ptype].Policy { |
| 339 | if len(domain) == 0 { |
| 340 | if _, ok := policyRoles[rule[0]]; ok { |
| 341 | permission = append(permission, deepCopyPolicy(rule)) |
| 342 | } |
| 343 | continue |
| 344 | } |
| 345 | if len(domain) > 1 { |
| 346 | return nil, errors.ErrDomainParameter |
| 347 | } |
| 348 | if err != nil { |
| 349 | return nil, err |
| 350 | } |
| 351 | d := domain[0] |
| 352 | matched := rm.Match(d, rule[domainIndex]) |
| 353 | if !matched { |
| 354 | continue |
| 355 | } |
| 356 | if _, ok := policyRoles[rule[0]]; ok { |
| 357 | newRule := deepCopyPolicy(rule) |
| 358 | newRule[domainIndex] = d |
| 359 | permission = append(permission, newRule) |
| 360 | } |
| 361 | } |
| 362 | return permission, nil |
| 363 | } |
| 364 | |
| 365 | // GetImplicitUsersForPermission gets implicit users for a permission. |
| 366 | // For example: |