MCPcopy Index your code
hub / github.com/apache/casbin / GetNamedImplicitPermissionsForUser

Method GetNamedImplicitPermissionsForUser

rbac_api.go:320–363  ·  view source on GitHub ↗

GetNamedImplicitPermissionsForUser gets implicit permissions for a user or role by named policy. Compared to GetNamedPermissionsForUser(), this function retrieves permissions for inherited roles. For example: p, admin, data1, read p2, admin, create g, alice, admin GetImplicitPermissionsForUser("ali

(ptype string, gtype string, user string, domain ...string)

Source from the content-addressed store, hash-verified

318// GetImplicitPermissionsForUser("alice") can only get: [["admin", "data1", "read"]], whose policy is default policy "p"
319// But you can specify the named policy "p2" to get: [["admin", "create"]] by GetNamedImplicitPermissionsForUser("p2","alice").
320func (e *Enforcer) GetNamedImplicitPermissionsForUser(ptype string, gtype string, user string, domain ...string) ([][]string, error) {
321 permission := make([][]string, 0)
322 rm := e.GetNamedRoleManager(gtype)
323 if rm == nil {
324 return nil, fmt.Errorf("role manager %s is not initialized", gtype)
325 }
326
327 roles, err := e.GetNamedImplicitRolesForUser(gtype, user, domain...)
328 if err != nil {
329 return nil, err
330 }
331 policyRoles := make(map[string]struct{}, len(roles)+1)
332 policyRoles[user] = struct{}{}
333 for _, r := range roles {
334 policyRoles[r] = struct{}{}
335 }
336
337 domainIndex, err := e.GetFieldIndex(ptype, constant.DomainIndex)
338 for _, rule := range e.model["p"][ptype].Policy {
339 if len(domain) == 0 {
340 if _, ok := policyRoles[rule[0]]; ok {
341 permission = append(permission, deepCopyPolicy(rule))
342 }
343 continue
344 }
345 if len(domain) > 1 {
346 return nil, errors.ErrDomainParameter
347 }
348 if err != nil {
349 return nil, err
350 }
351 d := domain[0]
352 matched := rm.Match(d, rule[domainIndex])
353 if !matched {
354 continue
355 }
356 if _, ok := policyRoles[rule[0]]; ok {
357 newRule := deepCopyPolicy(rule)
358 newRule[domainIndex] = d
359 permission = append(permission, newRule)
360 }
361 }
362 return permission, nil
363}
364
365// GetImplicitUsersForPermission gets implicit users for a permission.
366// For example:

Calls 5

GetNamedRoleManagerMethod · 0.95
GetFieldIndexMethod · 0.95
deepCopyPolicyFunction · 0.85
MatchMethod · 0.65

Tested by 1