Documentation
¶
Overview ¶
Package casbin provides a Casbin-based authorization provider.
This provider uses Casbin for flexible RBAC/ABAC policy evaluation. It supports both code-defined policies and database-stored policies.
Example usage:
provider, err := casbin.New(
casbin.WithModel(casbin.RBACModel),
casbin.WithRoleGetter(getRoleFromDB),
)
Index ¶
- Constants
- type Option
- func WithEnforcer(e *casbin.Enforcer) Option
- func WithModel(modelText string) Option
- func WithOwnerFullAccess(enabled bool) Option
- func WithPlatformAdminBypass(enabled bool) Option
- func WithPlatformAdminChecker(fn func(ctx context.Context, principalID uuid.UUID) (bool, error)) Option
- func WithRoleGetter(fn func(ctx context.Context, principalID, orgID uuid.UUID) (string, error)) Option
- type Provider
- func (a *Provider) AddPolicies(policies [][]string) error
- func (a *Provider) AddPolicy(role, resource, action string) error
- func (a *Provider) AddRoleForUser(user, role string) error
- func (a *Provider) Can(ctx context.Context, principal authz.Principal, action authz.Action, ...) (bool, error)
- func (a *Provider) CanAll(ctx context.Context, principal authz.Principal, actions []authz.Action, ...) (bool, error)
- func (a *Provider) CanAny(ctx context.Context, principal authz.Principal, actions []authz.Action, ...) (bool, error)
- func (a *Provider) CanForOrg(ctx context.Context, principal authz.Principal, orgID uuid.UUID, ...) (bool, error)
- func (a *Provider) Enforcer() *casbin.Enforcer
- func (a *Provider) Filter(ctx context.Context, principal authz.Principal, action authz.Action, ...) ([]authz.Resource, error)
- func (a *Provider) GetRole(ctx context.Context, principal authz.Principal, orgID uuid.UUID) (string, error)
- func (a *Provider) IsMember(ctx context.Context, principal authz.Principal, orgID uuid.UUID) (bool, error)
- func (a *Provider) IsPlatformAdmin(ctx context.Context, principal authz.Principal) (bool, error)
- func (a *Provider) LoadPoliciesFromMap(permissions authz.RolePermissions) error
Constants ¶
const ( // RBACModel is a basic RBAC model with role hierarchy. RBACModel = `` /* 225-byte string literal not displayed */ // RBACWithResourceRolesModel supports resource-specific roles. RBACWithResourceRolesModel = `` /* 237-byte string literal not displayed */ // ABACModel supports attribute-based access control. ABACModel = `` /* 233-byte string literal not displayed */ )
Pre-defined Casbin models for common use cases.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Option ¶
Option configures an Provider.
func WithEnforcer ¶
WithEnforcer sets a pre-configured Casbin enforcer.
func WithOwnerFullAccess ¶
WithOwnerFullAccess enables full access for resource owners.
func WithPlatformAdminBypass ¶
WithPlatformAdminBypass enables platform admin bypass for all checks.
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider implements the Authorizer interface using Casbin.
func (*Provider) AddPolicies ¶
AddPolicies adds multiple policy rules at once.
func (*Provider) AddRoleForUser ¶
AddRoleForUser assigns a role to a user.
func (*Provider) Can ¶
func (a *Provider) Can(ctx context.Context, principal authz.Principal, action authz.Action, resource authz.Resource) (bool, error)
Can checks if a principal can perform an action on a resource.
func (*Provider) CanAll ¶
func (a *Provider) CanAll(ctx context.Context, principal authz.Principal, actions []authz.Action, resource authz.Resource) (bool, error)
CanAll checks if a principal can perform all specified actions on a resource.
func (*Provider) CanAny ¶
func (a *Provider) CanAny(ctx context.Context, principal authz.Principal, actions []authz.Action, resource authz.Resource) (bool, error)
CanAny checks if a principal can perform any of the specified actions on a resource.
func (*Provider) CanForOrg ¶
func (a *Provider) CanForOrg(ctx context.Context, principal authz.Principal, orgID uuid.UUID, action authz.Action, resource authz.Resource) (bool, error)
CanForOrg checks permission scoped to a specific organization.
func (*Provider) Enforcer ¶
Enforcer returns the underlying Casbin enforcer for advanced configuration.
func (*Provider) Filter ¶
func (a *Provider) Filter(ctx context.Context, principal authz.Principal, action authz.Action, resources []authz.Resource) ([]authz.Resource, error)
Filter returns only the resources the principal can access with the given action.
func (*Provider) GetRole ¶
func (a *Provider) GetRole(ctx context.Context, principal authz.Principal, orgID uuid.UUID) (string, error)
GetRole returns the principal's role in an organization.
func (*Provider) IsMember ¶
func (a *Provider) IsMember(ctx context.Context, principal authz.Principal, orgID uuid.UUID) (bool, error)
IsMember checks if a principal is a member of an organization.
func (*Provider) IsPlatformAdmin ¶
IsPlatformAdmin checks if a principal has platform-wide admin access.
func (*Provider) LoadPoliciesFromMap ¶
func (a *Provider) LoadPoliciesFromMap(permissions authz.RolePermissions) error
LoadPoliciesFromMap loads policies from a role-permission map.
Source Files