MCPcopy Index your code
hub / github.com/apache/casbin / GetNamedImplicitUsersForResource

Method GetNamedImplicitUsersForResource

rbac_api.go:546–599  ·  view source on GitHub ↗

GetNamedImplicitUsersForResource return implicit user based on resource with named policy support. This function handles resource role relationships through named policies (e.g., g2, g3, etc.). for example: p, admin_group, admin_data, * g, admin, admin_group g2, app, admin_data GetNamedImplicitUsers

(ptype string, resource string)

Source from the content-addressed store, hash-verified

544// g2, app, admin_data
545// GetNamedImplicitUsersForResource("g2", "app") will return users who have access to admin_data through g2 relationship.
546func (e *Enforcer) GetNamedImplicitUsersForResource(ptype string, resource string) ([][]string, error) {
547 permissions := make([][]string, 0)
548 subjectIndex, _ := e.GetFieldIndex("p", "sub")
549 objectIndex, _ := e.GetFieldIndex("p", "obj")
550 rm := e.GetRoleManager()
551 if rm == nil {
552 return nil, fmt.Errorf("role manager is not initialized")
553 }
554
555 isRole := make(map[string]bool)
556 roles, err := e.GetAllRoles()
557 if err != nil {
558 return nil, err
559 }
560 for _, role := range roles {
561 isRole[role] = true
562 }
563
564 // Get all resource types that the resource can access through ptype (e.g., g2)
565 ptypePolicies, _ := e.GetNamedGroupingPolicy(ptype)
566 resourceAccessibleResourceTypes := make(map[string]bool)
567
568 for _, ptypePolicy := range ptypePolicies {
569 if ptypePolicy[0] == resource { // ptypePolicy[0] is the resource
570 resourceAccessibleResourceTypes[ptypePolicy[1]] = true // ptypePolicy[1] is the resource type it can access
571 }
572 }
573
574 for _, rule := range e.model["p"]["p"].Policy {
575 obj := rule[objectIndex]
576 sub := rule[subjectIndex]
577
578 // Check if this policy is directly for the resource OR for a resource type the resource can access
579 if obj == resource || resourceAccessibleResourceTypes[obj] {
580 if !isRole[sub] {
581 permissions = append(permissions, rule)
582 } else {
583 users, err := rm.GetUsers(sub)
584 if err != nil {
585 continue
586 }
587
588 for _, user := range users {
589 implicitUserRule := deepCopyPolicy(rule)
590 implicitUserRule[subjectIndex] = user
591 permissions = append(permissions, implicitUserRule)
592 }
593 }
594 }
595 }
596
597 res := removeDuplicatePermissions(permissions)
598 return res, nil
599}
600
601// GetImplicitUsersForResourceByDomain return implicit user based on resource and domain.
602// Compared to GetImplicitUsersForResource, domain is supported.

Calls 7

GetFieldIndexMethod · 0.95
GetRoleManagerMethod · 0.95
GetAllRolesMethod · 0.95
deepCopyPolicyFunction · 0.85
GetUsersMethod · 0.65