Skip to content

Support for rbac_with_all_pattern? #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
CGerAJ opened this issue Feb 15, 2022 · 1 comment
Open

Support for rbac_with_all_pattern? #43

CGerAJ opened this issue Feb 15, 2022 · 1 comment
Assignees
@hsluoyz
Labels
question Further information is requested

Comments

@CGerAJ
Copy link

CGerAJ commented Feb 15, 2022

rbac_model.conf

[request_definition]
r = sub, dom, obj, act

[policy_definition]
p = sub, dom, obj, act

[role_definition]
g = _, _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act

app.ts

import { PrismaClient } from '@prisma/client'
import * as casbin from 'casbin';

const prisma = new PrismaClient()
import { PrismaAdapter } from 'casbin-prisma-adapter';

async function main() {
  // ... you will write your Prisma Client queries here
  const a = await PrismaAdapter.newAdapter();
  const e = await casbin.newEnforcer('./casbin/rbac_model.conf', a);

  // Check the permission.
//  const result =await e.enforce('alice', 'data1', 'read');
//  console.log('result :>> ', result);
//   Modify the policy.
  await e.addPolicy('admin', 'application','post-/user', 'post');
 await e.addPolicy('admin', 'application','put-/user/:id', 'put');
  await e.addPolicy('admin', 'application','delete-/user/:id', 'delete');

   await e.addPolicy('user', 'application','post-/user', 'post');
  await e.addPolicy('user', 'application','put-/user/:id', 'put');
   await e.addPolicy('user', 'application','delete-/user/:id', 'delete');
  // await e.removePolicy(...);

  const result1 =await e.enforce('user', 'application','put-/user/:id', 'put');
 console.log('result1 :>> ', result1);
// result1 :>>  true

//  获取当前策略中显示的 subject 列表
 const allSubjects = await e.getAllSubjects()
 console.log('allSubjects 获取当前策略中显示的 subject 策略规则 列表 :>> \n', allSubjects);
 // allSubjects 获取当前策略中显示的 subject 策略规则 列表 :>> 
 [ 'admin', 'user' ]

 const allNamedSubjects = await e.getAllNamedSubjects('p')
 console.log('allNamedSubjects 获取当前命名策略中显示的 subject 策略规则 列表 :>> \n', allNamedSubjects);
 // allNamedSubjects 获取当前命名策略中显示的 subject 策略规则 列表 :>> 
 [ 'admin', 'user' ]

 const allObjects = await e.getAllObjects()
 console.log('allObjects 获取当前策略中显示的 object 资源 列表 :>> \n', allObjects);
// allObjects 获取当前策略中显示的 object 资源 列表 :>> 
 [ 'application' ]

 const allNamedObjects = await e.getAllNamedObjects('p')
 console.log('allNamedObjects 获取当前命名策略中显示的 object 资源 列表 :>> \n', allNamedObjects);
// allNamedObjects 获取当前命名策略中显示的 object 资源 列表 :>> 
 [ 'application' ]

 const allActions = await e.getAllActions()
 console.log('allActions 获取当前策略中显示的操作列表 http动作 :>> \n', allActions);
// allActions 获取当前策略中显示的操作列表 http动作 :>> 
 [ 'post-/user', 'put-/user/:id', 'delete-/user/:id' ]

 const allNamedActions = await e.getAllNamedActions('p')
 console.log('allNamedActions 获取当前命名策略中显示的操作列表 http动作 :>> \n', allNamedActions);
// allNamedActions 获取当前命名策略中显示的操作列表 http动作 :>> 
 [ 'post-/user', 'put-/user/:id', 'delete-/user/:id' ]

 const allRoles = await e.getAllRoles()
 console.log('allRoles 获取当前策略中显示的角色列表 :>> \n', allRoles);
// allRoles 获取当前策略中显示的角色列表 :>> 
 []

 const allNamedRoles = await e.getAllNamedRoles('g')
 console.log('allNamedRoles 获取当前命名策略中显示的角色列表 :>> \n', allNamedRoles);
// allNamedRoles 获取当前命名策略中显示的角色列表 :>> 
 []

 const policy = await e.getPolicy()
 console.log('policy 获取策略中的所有授权规则 :>> \n', policy);
// policy 获取策略中的所有授权规则 :>> 
 [
  [ 'admin', 'application', 'post-/user', 'post' ],
  [ 'user', 'application', 'post-/user', 'post' ],
  [ 'admin', 'application', 'put-/user/:id', 'put' ],
  [ 'admin', 'application', 'delete-/user/:id', 'delete' ],
  [ 'user', 'application', 'delete-/user/:id', 'delete' ],
  [ 'user', 'application', 'put-/user/:id', 'put' ]
]

 const filteredPolicy = await e.getFilteredPolicy(0, 'users')
 console.log('filteredPolicy 获取策略中的所有授权规则,我们可以指定字段筛选器 :>> \n', filteredPolicy);
// filteredPolicy 获取策略中的所有授权规则,我们可以指定字段筛选器 :>> 
 []

 const namedPolicy = await e.getNamedPolicy('p')
 console.log('namedPolicy 获取命名策略中的所有授权规则 :>> \n', namedPolicy);
// namedPolicy 获取命名策略中的所有授权规则 :>> 
 [
  [ 'admin', 'application', 'post-/user', 'post' ],
  [ 'user', 'application', 'post-/user', 'post' ],
  [ 'admin', 'application', 'put-/user/:id', 'put' ],
  [ 'admin', 'application', 'delete-/user/:id', 'delete' ],
  [ 'user', 'application', 'delete-/user/:id', 'delete' ],
  [ 'user', 'application', 'put-/user/:id', 'put' ]
]


 const filteredNamedPolicy = await e.getFilteredNamedPolicy('p', 0, 'bob')
 console.log('filteredNamedPolicy 获取命名策略中的所有授权规则,可以指定字段过滤器。 :>> \n', filteredNamedPolicy);
// filteredNamedPolicy 获取命名策略中的所有授权规则,可以指定字段过滤器。 :>> 
 []

 const groupingPolicy = await e.getGroupingPolicy()
 console.log('groupingPolicy 获取策略中的所有角色继承规则 :>> \n', groupingPolicy);
// groupingPolicy 获取策略中的所有角色继承规则 :>> 
 []

 const filteredGroupingPolicy = await e.getFilteredGroupingPolicy(0, 'alice')
 console.log('filteredGroupingPolicy 获取策略中的所有角色继承规则,可以指定字段筛选器。 :>> \n', filteredGroupingPolicy);
// filteredGroupingPolicy 获取策略中的所有角色继承规则,可以指定字段筛选器。 :>> 
 []
// filteredGroupingPolicy 获取策略中的所有角色继承规则,可以指定字段筛选器。 :>> 
 []

 const namedGroupingPolicy = await e.getNamedGroupingPolicy('g')
 console.log('namedGroupingPolicy  获取策略中的所有角色继承规则:>> \n', namedGroupingPolicy);
 // namedGroupingPolicy  获取策略中的所有角色继承规则:>> 
 []

 const hasPolicy = await e.hasPolicy('data2_admin', 'data2', 'read')
 console.log('hasPolicy 确定是否存在授权规则 :>> \n', hasPolicy);
// hasPolicy 确定是否存在授权规则 :>> 
 false

 const hasNamedPolicy = await e.hasNamedPolicy('p', 'data2_admin', 'data2', 'read')
 console.log('hasNamedPolicy 确定命名的授权规则是否存在 :>> \n', hasNamedPolicy);
// hasNamedPolicy 确定命名的授权规则是否存在 :>> 
 false

 const hasGroupingPolicy = await e.hasGroupingPolicy('alice', 'data2_admin')
 console.log('hasGroupingPolicy 确定是否存在角色继承规则 :>> \n', hasGroupingPolicy);
// hasGroupingPolicy 确定是否存在角色继承规则 :>> 
 false
 const HasNamedGroupingPolicy = await e.hasNamedGroupingPolicy('g', 'alice', 'data2_admin')
 console.log('HasNamedGroupingPolicy 确定是否存在命名角色继承规则:>> \n', HasNamedGroupingPolicy);
// HasNamedGroupingPolicy 确定是否存在命名角色继承规则:>> 
 false 


  // Save the policy back to DB.
  await e.savePolicy();
  console.log('end :>> ');
}

main()
  .catch((e) => {
    throw e
  })
  .finally(async () => {
    await prisma.$disconnect()
  })

allSubjects
allNamedSubjects
allNamedObjects
allNamedActions
Output error result
@casbin-bot
Copy link

@Gabriel-403 @Zxilly @kingiw @nodece

@casbin-bot casbin-bot added the enhancement New feature or request label Feb 15, 2022
@hsluoyz hsluoyz added question Further information is requested and removed enhancement New feature or request labels Feb 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hsluoyz hsluoyz

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hsluoyz @CGerAJ @casbin-bot