Class Enforcer

java.lang.Object
org.casbin.jcasbin.main.CoreEnforcer
org.casbin.jcasbin.main.InternalEnforcer
org.casbin.jcasbin.main.ManagementEnforcer
org.casbin.jcasbin.main.Enforcer
Direct Known Subclasses:
CachedEnforcer, SyncedEnforcer
public class Enforcer extends ManagementEnforcer
Enforcer = ManagementEnforcer + RBAC API.

  • Constructor Details

    • Enforcer

      public Enforcer()
      Enforcer is the default constructor.

    • Enforcer

      public Enforcer(String modelPath, String policyFile)
      Enforcer initializes an enforcer with a model file and a policy file.
      Parameters:
      modelPath - the path of the model file.
      policyFile - the path of the policy file.

    • Enforcer

      public Enforcer(String modelPath, Adapter adapter)
      Enforcer initializes an enforcer with a database adapter.
      Parameters:
      modelPath - the path of the model file.
      adapter - the adapter.

    • Enforcer

      public Enforcer(Model m, Adapter adapter)
      Enforcer initializes an enforcer with a model and a database adapter.
      Parameters:
      m - the model.
      adapter - the adapter.

    • Enforcer

      public Enforcer(Model m, Adapter adapter, boolean enableLog)
      Enforcer initializes an enforcer with a model, a database adapter and an enable log flag.
      Parameters:
      m - the model.
      adapter - the adapter.
      enableLog - whether to enable Casbin's log.

    • Enforcer

      public Enforcer(Model m)
      Enforcer initializes an enforcer with a model.
      Parameters:
      m - the model.

    • Enforcer

      public Enforcer(String modelPath)
      Enforcer initializes an enforcer with a model file.
      Parameters:
      modelPath - the path of the model file.

    • Enforcer

      public Enforcer(String modelPath, String policyFile, boolean enableLog)
      Enforcer initializes an enforcer with a model file, a policy file and an enable log flag.
      Parameters:
      modelPath - the path of the model file.
      policyFile - the path of the policy file.
      enableLog - whether to enable Casbin's log.

  • Method Details

    • getRolesForUser

      public List<String> getRolesForUser(String name)
      getRolesForUser gets the roles that a user has.
      Parameters:
      name - the user.
      Returns:
      the roles that the user has.

    • getUsersForRole

      public List<String> getUsersForRole(String name)
      getUsersForRole gets the users that have a role.
      Parameters:
      name - the role.
      Returns:
      the users that has the role.

    • hasRoleForUser

      public boolean hasRoleForUser(String name, String role)
      hasRoleForUser determines whether a user has a role.
      Parameters:
      name - the user.
      role - the role.
      Returns:
      whether the user has the role.

    • addRoleForUser

      public boolean addRoleForUser(String user, String role)
      addRoleForUser adds a role for a user. Returns false if the user already has the role (aka not affected).
      Parameters:
      user - the user.
      role - the role.
      Returns:
      succeeds or not.

    • deleteRoleForUser

      public boolean deleteRoleForUser(String user, String role)
      deleteRoleForUser deletes a role for a user. Returns false if the user does not have the role (aka not affected).
      Parameters:
      user - the user.
      role - the role.
      Returns:
      succeeds or not.

    • deleteRolesForUser

      public boolean deleteRolesForUser(String user)
      deleteRolesForUser deletes all roles for a user. Returns false if the user does not have any roles (aka not affected).
      Parameters:
      user - the user.
      Returns:
      succeeds or not.

    • deleteUser

      public boolean deleteUser(String user)
      deleteUser deletes a user. Returns false if the user does not exist (aka not affected).
      Parameters:
      user - the user.
      Returns:
      succeeds or not.

    • deleteRole

      public void deleteRole(String role)
      deleteRole deletes a role.
      Parameters:
      role - the role.

    • deletePermission

      public boolean deletePermission(String... permission)
      deletePermission deletes a permission. Returns false if the permission does not exist (aka not affected).
      Parameters:
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      succeeds or not.

    • deletePermission

      public boolean deletePermission(List<String> permission)
      deletePermission deletes a permission. Returns false if the permission does not exist (aka not affected).
      Parameters:
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      succeeds or not.

    • addPermissionForUser

      public boolean addPermissionForUser(String user, String... permission)
      addPermissionForUser adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).
      Parameters:
      user - the user.
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      succeeds or not.

    • updatePermissionForUser

      public boolean updatePermissionForUser(String user, List<String> oldPermission, List<String> newPermission)
      updatePermissionForUser updates a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).
      Parameters:
      user - the user.
      oldPermission - the old permission.
      newPermission - the new permission.
      Returns:
      succeeds or not.

    • addPermissionForUser

      public boolean addPermissionForUser(String user, List<String> permission)
      addPermissionForUser adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).
      Parameters:
      user - the user.
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      succeeds or not.

    • deletePermissionForUser

      public boolean deletePermissionForUser(String user, String... permission)
      deletePermissionForUser deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected).
      Parameters:
      user - the user.
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      succeeds or not.

    • deletePermissionForUser

      public boolean deletePermissionForUser(String user, List<String> permission)
      deletePermissionForUser deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected).
      Parameters:
      user - the user.
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      succeeds or not.

    • deletePermissionsForUser

      public boolean deletePermissionsForUser(String user)
      deletePermissionsForUser deletes permissions for a user or role. Returns false if the user or role does not have any permissions (aka not affected).
      Parameters:
      user - the user.
      Returns:
      succeeds or not.

    • getPermissionsForUser

      public List<List<String>> getPermissionsForUser(String user, String... domain)
      getPermissionsForUser gets permissions for a user or role.
      Parameters:
      user - the user.
      domain - domain.
      Returns:
      the permissions, a permission is usually like (obj, act). It is actually the rule without the subject.

    • getNamedPermissionsForUser

      List<List<String>> getNamedPermissionsForUser(String pType, String user, String... domain)
      getNamedPermissionsForUser gets permissions for a user or role by named policy.
      Parameters:
      pType - the name policy.
      user - the user.
      domain - domain.
      Returns:
      the permissions.

    • getPermissionsPackFunc

      private String[] getPermissionsPackFunc(Map.Entry<String, Assertion> entry, String pType, String user, String... domain)
      get the match field value, used to field filters.
      Parameters:
      entry - the entry of pType:assertion.
      pType - the named policy
      user - the user.
      domain - domain.
      Returns:
      the match field.

    • hasPermissionForUser

      public boolean hasPermissionForUser(String user, String... permission)
      hasPermissionForUser determines whether a user has a permission.
      Parameters:
      user - the user.
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      whether the user has the permission.

    • hasPermissionForUser

      public boolean hasPermissionForUser(String user, List<String> permission)
      hasPermissionForUser determines whether a user has a permission.
      Parameters:
      user - the user.
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      whether the user has the permission.

    • getUsersForRoleInDomain

      public List<String> getUsersForRoleInDomain(String name, String domain)
      getUsersForRoleInDomain gets the users that a role has inside a domain.
      Parameters:
      name - the role.
      domain - the domain.
      Returns:
      the users that the role has in the domain.

    • getRolesForUserInDomain

      public List<String> getRolesForUserInDomain(String name, String domain)
      getRolesForUserInDomain gets the roles that a user has inside a domain.
      Parameters:
      name - the user.
      domain - the domain.
      Returns:
      the roles that the user has in the domain.

    • getPermissionsForUserInDomain

      public List<List<String>> getPermissionsForUserInDomain(String user, String domain)
      getPermissionsForUserInDomain gets permissions for a user or role inside a domain.
      Parameters:
      user - the user.
      domain - the domain.
      Returns:
      the permissions, a permission is usually like (obj, act). It is actually the rule without the subject.

    • addRoleForUserInDomain

      public boolean addRoleForUserInDomain(String user, String role, String domain)
      addRoleForUserInDomain adds a role for a user inside a domain. Returns false if the user already has the role (aka not affected).
      Parameters:
      user - the user.
      role - the role.
      domain - the domain.
      Returns:
      succeeds or not.

    • deleteRoleForUserInDomain

      public boolean deleteRoleForUserInDomain(String user, String role, String domain)
      deleteRoleForUserInDomain deletes a role for a user inside a domain. Returns false if the user does not have the role (aka not affected).
      Parameters:
      user - the user.
      role - the role.
      domain - the domain.
      Returns:
      succeeds or not.

    • getImplicitRolesForUser

      public List<String> getImplicitRolesForUser(String name, String... domain)
      getImplicitRolesForUser gets implicit roles that a user has. Compared to getRolesForUser(), this function retrieves indirect roles besides direct roles. For example: g, alice, role:admin g, role:admin, role:user

      getRolesForUser("alice") can only get: ["role:admin"]. But getImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].

      Parameters:
      name - the user.
      domain - the user's domain.
      Returns:
      implicit roles that a user has.

    • getImplicitUsersForRole

      public List<String> getImplicitUsersForRole(String name, String... domain)
      getImplicitUsersForRole gets implicit users for a role.
      Parameters:
      name - the role.
      domain - the role's domain.
      Returns:
      implicit users that a role has.

    • getImplicitPermissionsForUser

      public List<List<String>> getImplicitPermissionsForUser(String user, String... domain)
      getImplicitPermissionsForUser gets implicit permissions for a user or role. Compared to getPermissionsForUser(), this function retrieves permissions for inherited roles. For example: p, admin, data1, read p, alice, data2, read g, alice, admin

      getPermissionsForUser("alice") can only get: [["alice", "data2", "read"]]. But getImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].

      Parameters:
      user - the user.
      domain - the user's domain.
      Returns:
      implicit permissions for a user or role.

    • getNamedImplicitPermissionsForUser

      public List<List<String>> getNamedImplicitPermissionsForUser(String pType, String user, String... domain)
      GetNamedImplicitPermissionsForUser gets implicit permissions for a user or role by named policy. Compared to GetNamedPermissionsForUser(), this function retrieves permissions for inherited roles. For example: p, admin, data1, read p2, admin, create g, alice, admin

      GetImplicitPermissionsForUser("alice") can only get: [["admin", "data1", "read"]], whose policy is default policy "p". But you can specify the named policy "p2" to get: [["admin", "create"]] by GetNamedImplicitPermissionsForUser("p2","alice").

      Parameters:
      pType - the name policy.
      user - the user.
      domain - the user's domain.
      Returns:
      implicit permissions for a user or role by named policy.

    • getImplicitPermissionsForUserInDomain

      public List<List<String>> getImplicitPermissionsForUserInDomain(String user, String domain)
      getImplicitPermissionsForUserInDomain gets implicit permissions for a user or role in domain.
      Parameters:
      user - the user.
      domain - the domain.
      Returns:
      implicit permissions for a user or role in domain.

    • batchEnforce

      public List<Boolean> batchEnforce(List<List<String>> rules)
      BatchEnforce enforce in batches
      Parameters:
      rules - the rules.
      Returns:
      the results

    • batchEnforceWithMatcher

      public List<Boolean> batchEnforceWithMatcher(String matcher, List<List<String>> rules)
      batchEnforceWithMatcher enforce with matcher in batches
      Parameters:
      matcher - the custom matcher.
      rules - the rules.
      Returns:
      the results