Package org.casbin.jcasbin.main
Class SyncedEnforcer
java.lang.Object
org.casbin.jcasbin.main.CoreEnforcer
org.casbin.jcasbin.main.InternalEnforcer
org.casbin.jcasbin.main.ManagementEnforcer
org.casbin.jcasbin.main.Enforcer
org.casbin.jcasbin.main.SyncedEnforcer
- Direct Known Subclasses:
DistributedEnforcer
,SyncedCachedEnforcer
SyncedEnforcer = ManagementEnforcer + RBAC API.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final AtomicInteger
private static final ReadWriteLock
private final Object
Fields inherited from class org.casbin.jcasbin.main.CoreEnforcer
acceptJsonRequest, adapter, autoBuildRoleLinks, autoNotifyDispatcher, autoNotifyWatcher, autoSave, condRmMap, dispatcher, fm, model, modelPath, rmMap, watcher
-
Constructor Summary
ConstructorsConstructorDescription; SyncedEnforcer is the default constructor.SyncedEnforcer
(String modelPath) SyncedEnforcer initializes an enforcer with a model file.SyncedEnforcer
(String modelPath, String policyFile) SyncedEnforcer initializes an enforcer with a model file and a policy file.SyncedEnforcer
(String modelPath, String policyFile, boolean enableLog) SyncedEnforcer initializes an enforcer with a model file, a policy file and an enable log flag.SyncedEnforcer
(String modelPath, Adapter adapter) SyncedEnforcer initializes an enforcer with a database adapter.SyncedEnforcer initializes an enforcer with a model.SyncedEnforcer
(Model m, Adapter adapter) SyncedEnforcer initializes an enforcer with a model and a database adapter. -
Method Summary
Modifier and TypeMethodDescriptionboolean
addGroupingPolicies
(String[][] rules) addGroupingPolicies adds role inheritance rules to the current policy.boolean
addGroupingPolicies
(List<List<String>> rules) addGroupingPolicies adds role inheritance rules to the current policy.boolean
addGroupingPolicy
(String... params) addGroupingPolicy adds a role inheritance rule to the current policy.boolean
addGroupingPolicy
(List<String> params) addGroupingPolicy adds a role inheritance rule to the current policy.boolean
addNamedGroupingPolicies
(String ptype, String[][] rules) addNamedGroupingPolicies adds named role inheritance rules to the current policy.boolean
addNamedGroupingPolicies
(String ptype, List<List<String>> rules) addNamedGroupingPolicies adds named role inheritance rules to the current policy.boolean
addNamedGroupingPolicy
(String ptype, String... params) addNamedGroupingPolicy adds a named role inheritance rule to the current policy.boolean
addNamedGroupingPolicy
(String ptype, List<String> params) addNamedGroupingPolicy adds a named role inheritance rule to the current policy.boolean
addNamedPolicies
(String ptype, List<List<String>> rules) addNamedPolicies adds authorization rules to the current named policy.boolean
addNamedPoliciesEx
(String ptype, List<List<String>> rules) addNamedPoliciesEx adds authorization rules to the current named policy.boolean
addNamedPolicy
(String ptype, String... params) AddNamedPolicy adds an authorization rule to the current named policy.boolean
addNamedPolicy
(String ptype, List<String> params) AddNamedPolicy adds an authorization rule to the current named policy.boolean
addPermissionForUser
(String user, String... permission) addPermissionForUser adds a permission for a user or role.boolean
addPermissionForUser
(String user, List<String> permission) addPermissionForUser adds a permission for a user or role.boolean
addPolicies
(String[][] rules) addPolicies adds authorization rules to the current policy.boolean
addPolicies
(List<List<String>> rules) addPolicies adds authorization rules to the current policy.boolean
addPolicy adds an authorization rule to the current policy.boolean
addPolicy adds an authorization rule to the current policy.boolean
addRoleForUser
(String user, String role) addRoleForUser adds a role for a user.boolean
addRoleForUserInDomain
(String user, String role, String domain) addRoleForUserInDomain adds a role for a user inside a domain.batchEnforce
(List<List<String>> rules) batchEnforce enforce in batchesbatchEnforceWithMatcher
(String matcher, List<List<String>> rules) batchEnforceWithMatcher enforce with matcher in batchesvoid
buildRoleLinks manually rebuild the role inheritance relations.void
clearPolicy clears all policy.boolean
deletePermission
(String... permission) deletePermission deletes a permission.boolean
deletePermission
(List<String> permission) deletePermission deletes a permission.boolean
deletePermissionForUser
(String user, String... permission) deletePermissionForUser deletes a permission for a user or role.boolean
deletePermissionForUser
(String user, List<String> permission) deletePermissionForUser deletes a permission for a user or role.boolean
deletePermissionsForUser deletes permissions for a user or role.void
deleteRole
(String role) deleteRole deletes a role.boolean
deleteRoleForUser
(String user, String role) deleteRoleForUser deletes a role for a user.boolean
deleteRoleForUserInDomain
(String user, String role, String domain) deleteRoleForUserInDomain deletes a role for a user inside a domain.boolean
deleteRolesForUser
(String user) deleteRolesForUser deletes all roles for a user.boolean
deleteUser
(String user) deleteUser deletes a user.boolean
enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).enforceEx decides whether a "subject" can access "object" with the operation "action", input parameters are usually: (sub, obj, act).enforceExWithMatcher
(String matcher, Object... rvals) enforceExWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.boolean
enforceWithMatcher
(String matcher, Object... rvals) enforceWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.getAllActions gets the list of actions that show up in the current policy.getAllNamedActions
(String ptype) GetAllNamedActions gets the list of actions that show up in the current named policy.getAllNamedObjects
(String ptype) getAllNamedObjects gets the list of objects that show up in the current named policy.getAllNamedRoles
(String ptype) getAllNamedRoles gets the list of roles that show up in the current named policy.getAllObjects gets the list of objects that show up in the current policy.getAllRoles gets the list of roles that show up in the current policy.getAllSubjects gets the list of subjects that show up in the current policy.getFilteredGroupingPolicy
(int fieldIndex, String... fieldValues) getFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.getFilteredNamedGroupingPolicy
(String ptype, int fieldIndex, String... fieldValues) getFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.getFilteredNamedPolicy
(String ptype, int fieldIndex, String... fieldValues) getFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.getFilteredPolicy
(int fieldIndex, String... fieldValues) getFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.getGroupingPolicy gets all the role inheritance rules in the policy.getImplicitPermissionsForUser
(String user, String... domain) getImplicitPermissionsForUser gets implicit permissions for a user or role.getImplicitRolesForUser
(String name, String... domain) getImplicitRolesForUser gets implicit roles that a user has.getNamedGroupingPolicy
(String ptype) getNamedGroupingPolicy gets all the role inheritance rules in the policy.getNamedImplicitPermissionsForUser
(String pType, String user, String... domain) GetNamedImplicitPermissionsForUser gets implicit permissions for a user or role by named policy.getNamedPermissionsForUser
(String pType, String user, String... domain) GetNamedPermissionsForUser gets permissions for a user or role by named policy.getNamedPolicy
(String ptype) getNamedPolicy gets all the authorization rules in the named policy.getPermissionsForUser
(String user, String... domain) getPermissionsForUser gets permissions for a user or role.getPermissionsForUserInDomain
(String user, String domain) getPermissionsForUserInDomain gets permissions for a user or role inside a domain.getPolicy gets all the authorization rules in the policy.getRolesForUser
(String name) getRolesForUser gets the roles that a user has.getRolesForUserInDomain
(String name, String domain) getRolesForUserInDomain gets the roles that a user has inside a domain.getUsersForRole
(String name) getUsersForRole gets the users that has a role.getUsersForRoleInDomain
(String name, String domain) getUsersForRoleInDomain gets the users that a role has inside a domain.boolean
hasGroupingPolicy
(String... params) hasGroupingPolicy determines whether a role inheritance rule exists.boolean
hasGroupingPolicy
(List<String> params) hasGroupingPolicy determines whether a role inheritance rule exists.boolean
hasNamedGroupingPolicy
(String ptype, String... params) hasNamedGroupingPolicy determines whether a named role inheritance rule exists.boolean
hasNamedGroupingPolicy
(String ptype, List<String> params) hasNamedGroupingPolicy determines whether a named role inheritance rule exists.boolean
hasNamedPolicy
(String ptype, String... params) hasNamedPolicy determines whether a named authorization rule exists.boolean
hasNamedPolicy
(String ptype, List<String> params) hasNamedPolicy determines whether a named authorization rule exists.boolean
hasPermissionForUser
(String user, String... permission) hasPermissionForUser determines whether a user has a permission.boolean
hasPermissionForUser
(String user, List<String> permission) hasPermissionForUser determines whether a user has a permission.boolean
hasPolicy determines whether an authorization rule exists.boolean
hasPolicy determines whether an authorization rule exists.boolean
hasRoleForUser
(String name, String role) hasRoleForUser determines whether a user has a role.boolean
void
loadFilteredPolicy
(Object filter) loadFilteredPolicy reloads a filtered policy from file/database.void
loadPolicy reloads the policy from file/database.boolean
removeFilteredGroupingPolicy
(int fieldIndex, String... fieldValues) removeFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.boolean
removeFilteredNamedGroupingPolicy
(String ptype, int fieldIndex, String... fieldValues) removeFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.boolean
removeFilteredNamedPolicy
(String ptype, int fieldIndex, String... fieldValues) removeFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.boolean
removeFilteredPolicy
(int fieldIndex, String... fieldValues) removeFilteredPolicy removes an authorization rule from the current policy, field filters can be specified.boolean
removeGroupingPolicies
(String[][] rules) removeGroupingPolicies removes role inheritance rules from the current policy.boolean
removeGroupingPolicies
(List<List<String>> rules) removeGroupingPolicies removes role inheritance rules from the current policy.boolean
removeGroupingPolicy
(String... params) removeGroupingPolicy removes a role inheritance rule from the current policy.boolean
removeGroupingPolicy
(List<String> params) removeGroupingPolicy removes a role inheritance rule from the current policy.boolean
removeNamedGroupingPolicies
(String ptype, String[][] rules) removeNamedGroupingPolicies removes role inheritance rules from the current named policy.boolean
removeNamedGroupingPolicies
(String ptype, List<List<String>> rules) removeNamedGroupingPolicies removes role inheritance rules from the current named policy.boolean
removeNamedGroupingPolicy
(String ptype, String... params) removeNamedGroupingPolicy removes a role inheritance rule from the current named policy.boolean
removeNamedGroupingPolicy
(String ptype, List<String> params) removeNamedGroupingPolicy removes a role inheritance rule from the current named policy.boolean
removeNamedPolicies
(String ptype, List<List<String>> rules) removeNamedPolicies removes authorization rules from the current named policy.boolean
removeNamedPolicy
(String ptype, String... params) removeNamedPolicy removes an authorization rule from the current named policy.boolean
removeNamedPolicy
(String ptype, List<String> params) removeNamedPolicy removes an authorization rule from the current named policy.boolean
removePolicies
(String[][] rules) removePolicies removes authorization rules from the current policy.boolean
removePolicies
(List<List<String>> rules) removePolicies removes authorization rules from the current policy.boolean
removePolicy
(String... params) removePolicy removes an authorization rule from the current policy.boolean
removePolicy
(List<String> params) removePolicy removes an authorization rule from the current policy.private void
runSynchronized
(Runnable action, Lock lock) private <T> T
runSynchronized
(Supplier<T> action, Lock lock) void
savePolicy saves the current policy (usually after changed with Casbin API) back to file/database.void
setWatcher
(Watcher watcher) setWatcher sets the current watcher.void
startAutoLoadPolicy
(long d) void
boolean
updateGroupingPolicy
(List<String> params1, List<String> params2) UpdateGroupingPolicy updates an authorization rule to the current named policy.boolean
updateNamedGroupingPolicy updates an authorization rule to the current named policy.boolean
updateNamedPolicy updates an authorization rule to the current named policy.boolean
updatePolicy
(List<String> params1, List<String> params2) updatePolicy update an authorization rule to the current policy.Methods inherited from class org.casbin.jcasbin.main.Enforcer
getImplicitPermissionsForUserInDomain, getImplicitUsersForRole, updatePermissionForUser
Methods inherited from class org.casbin.jcasbin.main.ManagementEnforcer
addFunction, getAllNamedSubjects, getPermittedActions
Methods inherited from class org.casbin.jcasbin.main.InternalEnforcer
addPolicies, addPolicy, buildIncrementalRoleLinks, getDomainIndex, removeFilteredPolicy, removePolicies, removePolicy, updatePolicy
Methods inherited from class org.casbin.jcasbin.main.CoreEnforcer
addNamedDomainLinkConditionFunc, addNamedDomainMatchingFunc, addNamedLinkConditionFunc, addNamedMatchingFunc, buildConditionalRoleLinks, enableAcceptJsonRequest, enableAutoBuildRoleLinks, enableAutoSave, enableEnforce, enableLog, getAdapter, getAviatorEval, getModel, getNamedRoleManager, getRmMap, getRoleManager, initialize, isAutoNotifyDispatcher, isAutoNotifyWatcher, isFiltered, loadModel, mustUseDispatcher, newModel, newModel, newModel, resetExpressionEvaluator, setAdapter, setAutoNotifyDispatcher, setAutoNotifyWatcher, setAviatorEvaluator, setDispatcher, setEffector, setModel, setNamedDomainLinkConditionFuncParams, setNamedLinkConditionFuncParams, setNamedRoleManager, setRoleManager, setRoleManager, validateEnforce
-
Field Details
-
READ_WRITE_LOCK
-
stopAutoLoad
-
autoLoadRunning
-
-
Constructor Details
-
SyncedEnforcer
public SyncedEnforcer(); SyncedEnforcer is the default constructor. -
SyncedEnforcer
SyncedEnforcer initializes an enforcer with a model file and a policy file.- Parameters:
modelPath
- the path of the model file.policyFile
- the path of the policy file.
-
SyncedEnforcer
SyncedEnforcer initializes an enforcer with a database adapter.- Parameters:
modelPath
- the path of the model file.adapter
- the adapter.
-
SyncedEnforcer
SyncedEnforcer initializes an enforcer with a model and a database adapter.- Parameters:
m
- the model.adapter
- the adapter.
-
SyncedEnforcer
SyncedEnforcer initializes an enforcer with a model.- Parameters:
m
- the model.
-
SyncedEnforcer
SyncedEnforcer initializes an enforcer with a model file.- Parameters:
modelPath
- the path of the model file.
-
SyncedEnforcer
SyncedEnforcer initializes an enforcer with a model file, a policy file and an enable log flag.- Parameters:
modelPath
- the path of the model file.policyFile
- the path of the policy file.enableLog
- whether to enable Casbin's log.
-
-
Method Details
-
isAutoLoadingRunning
public boolean isAutoLoadingRunning() -
startAutoLoadPolicy
public void startAutoLoadPolicy(long d) -
stopAutoLoadPolicy
public void stopAutoLoadPolicy() -
setWatcher
setWatcher sets the current watcher.- Overrides:
setWatcher
in classCoreEnforcer
- Parameters:
watcher
- the watcher.
-
clearPolicy
public void clearPolicy()clearPolicy clears all policy.- Overrides:
clearPolicy
in classCoreEnforcer
-
loadPolicy
public void loadPolicy()loadPolicy reloads the policy from file/database.- Overrides:
loadPolicy
in classCoreEnforcer
-
loadFilteredPolicy
loadFilteredPolicy reloads a filtered policy from file/database.- Overrides:
loadFilteredPolicy
in classCoreEnforcer
- Parameters:
filter
- the filter used to specify which type of policy should be loaded.
-
savePolicy
public void savePolicy()savePolicy saves the current policy (usually after changed with Casbin API) back to file/database.- Overrides:
savePolicy
in classCoreEnforcer
-
buildRoleLinks
public void buildRoleLinks()buildRoleLinks manually rebuild the role inheritance relations.- Overrides:
buildRoleLinks
in classCoreEnforcer
-
enforce
enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).- Overrides:
enforce
in classCoreEnforcer
- Parameters:
rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
enforceWithMatcher
enforceWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.- Overrides:
enforceWithMatcher
in classCoreEnforcer
- Parameters:
matcher
- the custom matcher.rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
enforceEx
enforceEx decides whether a "subject" can access "object" with the operation "action", input parameters are usually: (sub, obj, act). the list explain, store matching rule.- Overrides:
enforceEx
in classCoreEnforcer
- Parameters:
rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
enforceExWithMatcher
enforceExWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null. the list explain, store matching rule.- Overrides:
enforceExWithMatcher
in classCoreEnforcer
- Parameters:
matcher
- the custom matcher.rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
batchEnforce
batchEnforce enforce in batches- Overrides:
batchEnforce
in classEnforcer
- Parameters:
rules
- the rules.- Returns:
- the results
-
batchEnforceWithMatcher
batchEnforceWithMatcher enforce with matcher in batches- Overrides:
batchEnforceWithMatcher
in classEnforcer
- Parameters:
matcher
- the custom matcher.rules
- the rules.- Returns:
- the results
-
getAllSubjects
getAllSubjects gets the list of subjects that show up in the current policy.- Overrides:
getAllSubjects
in classManagementEnforcer
- Returns:
- all the subjects in "p" policy rules. It actually collects the 0-index elements of "p" policy rules. So make sure your subject is the 0-index element, like (sub, obj, act). Duplicates are removed.
-
getAllObjects
getAllObjects gets the list of objects that show up in the current policy.- Overrides:
getAllObjects
in classManagementEnforcer
- Returns:
- all the objects in "p" policy rules. It actually collects the 1-index elements of "p" policy rules. So make sure your object is the 1-index element, like (sub, obj, act). Duplicates are removed.
-
getAllNamedObjects
getAllNamedObjects gets the list of objects that show up in the current named policy.- Overrides:
getAllNamedObjects
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..- Returns:
- all the objects in policy rules of the ptype type. It actually collects the 1-index elements of the policy rules. So make sure your object is the 1-index element, like (sub, obj, act). Duplicates are removed.
-
getAllActions
getAllActions gets the list of actions that show up in the current policy.- Overrides:
getAllActions
in classManagementEnforcer
- Returns:
- all the actions in "p" policy rules. It actually collects the 2-index elements of "p" policy rules. So make sure your action is the 2-index element, like (sub, obj, act). Duplicates are removed.
-
getAllNamedActions
GetAllNamedActions gets the list of actions that show up in the current named policy.- Overrides:
getAllNamedActions
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..- Returns:
- all the actions in policy rules of the ptype type. It actually collects the 2-index elements of the policy rules. So make sure your action is the 2-index element, like (sub, obj, act). Duplicates are removed.
-
getAllRoles
getAllRoles gets the list of roles that show up in the current policy.- Overrides:
getAllRoles
in classManagementEnforcer
- Returns:
- all the roles in "g" policy rules. It actually collects the 1-index elements of "g" policy rules. So make sure your role is the 1-index element, like (sub, role). Duplicates are removed.
-
getAllNamedRoles
getAllNamedRoles gets the list of roles that show up in the current named policy.- Overrides:
getAllNamedRoles
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..- Returns:
- all the subjects in policy rules of the ptype type. It actually collects the 0-index elements of the policy rules. So make sure your subject is the 0-index element, like (sub, obj, act). Duplicates are removed.
-
getPolicy
getPolicy gets all the authorization rules in the policy.- Overrides:
getPolicy
in classManagementEnforcer
- Returns:
- all the "p" policy rules.
-
getFilteredPolicy
getFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.- Overrides:
getFilteredPolicy
in classManagementEnforcer
- Parameters:
fieldIndex
- the policy rule's start index to be matched.fieldValues
- the field values to be matched, value "" means not to match this field.- Returns:
- the filtered "p" policy rules.
-
getNamedPolicy
getNamedPolicy gets all the authorization rules in the named policy.- Overrides:
getNamedPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..- Returns:
- the "p" policy rules of the specified ptype.
-
getFilteredNamedPolicy
public List<List<String>> getFilteredNamedPolicy(String ptype, int fieldIndex, String... fieldValues) getFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.- Overrides:
getFilteredNamedPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..fieldIndex
- the policy rule's start index to be matched.fieldValues
- the field values to be matched, value "" means not to match this field.- Returns:
- the filtered "p" policy rules of the specified ptype.
-
getGroupingPolicy
getGroupingPolicy gets all the role inheritance rules in the policy.- Overrides:
getGroupingPolicy
in classManagementEnforcer
- Returns:
- all the "g" policy rules.
-
getRolesForUser
getRolesForUser gets the roles that a user has.- Overrides:
getRolesForUser
in classEnforcer
- Parameters:
name
- the user.- Returns:
- the roles that the user has.
-
getFilteredGroupingPolicy
getFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.- Overrides:
getFilteredGroupingPolicy
in classManagementEnforcer
- Parameters:
fieldIndex
- the policy rule's start index to be matched.fieldValues
- the field values to be matched, value "" means not to match this field.- Returns:
- the filtered "g" policy rules.
-
getNamedGroupingPolicy
getNamedGroupingPolicy gets all the role inheritance rules in the policy.- Overrides:
getNamedGroupingPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..- Returns:
- the "g" policy rules of the specified ptype.
-
getFilteredNamedGroupingPolicy
public List<List<String>> getFilteredNamedGroupingPolicy(String ptype, int fieldIndex, String... fieldValues) getFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.- Overrides:
getFilteredNamedGroupingPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..fieldIndex
- the policy rule's start index to be matched.fieldValues
- the field values to be matched, value "" means not to match this field.- Returns:
- the filtered "g" policy rules of the specified ptype.
-
hasPolicy
hasPolicy determines whether an authorization rule exists.- Overrides:
hasPolicy
in classManagementEnforcer
- Parameters:
params
- the "p" policy rule, ptype "p" is implicitly used.- Returns:
- whether the rule exists.
-
hasPolicy
hasPolicy determines whether an authorization rule exists.- Overrides:
hasPolicy
in classManagementEnforcer
- Parameters:
params
- the "p" policy rule, ptype "p" is implicitly used.- Returns:
- whether the rule exists.
-
hasNamedPolicy
hasNamedPolicy determines whether a named authorization rule exists.- Overrides:
hasNamedPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..params
- the "p" policy rule.- Returns:
- whether the rule exists.
-
hasNamedPolicy
hasNamedPolicy determines whether a named authorization rule exists.- Overrides:
hasNamedPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..params
- the "p" policy rule.- Returns:
- whether the rule exists.
-
addPolicy
addPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.- Overrides:
addPolicy
in classManagementEnforcer
- Parameters:
params
- the "p" policy rule, ptype "p" is implicitly used.- Returns:
- succeeds or not.
-
addPolicies
addPolicies adds authorization rules to the current policy. If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. Otherwise the function returns true for the corresponding rule by adding the new rule.- Overrides:
addPolicies
in classManagementEnforcer
- Parameters:
rules
- the "p" policy rules, ptype "p" is implicitly used.- Returns:
- succeeds or not.
-
updatePolicy
updatePolicy update an authorization rule to the current policy.- Overrides:
updatePolicy
in classManagementEnforcer
- Parameters:
params1
- the old rule.params2
- the new rule.- Returns:
- succeeds or not.
-
addPolicy
addPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.- Overrides:
addPolicy
in classManagementEnforcer
- Parameters:
params
- the "p" policy rule, ptype "p" is implicitly used.- Returns:
- succeeds or not.
-
addPolicies
addPolicies adds authorization rules to the current policy. If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. Otherwise the function returns true for the corresponding rule by adding the new rule.- Overrides:
addPolicies
in classManagementEnforcer
- Parameters:
rules
- the "p" policy rules, ptype "p" is implicitly used.- Returns:
- succeeds or not.
-
addNamedPolicy
AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.- Overrides:
addNamedPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..params
- the "p" policy rule.- Returns:
- succeeds or not.
-
addNamedPolicies
addNamedPolicies adds authorization rules to the current named policy. If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. Otherwise the function returns true for the corresponding by adding the new rule.- Overrides:
addNamedPolicies
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..rules
- the "p" policy rules.- Returns:
- succeeds or not.
-
addNamedPoliciesEx
addNamedPoliciesEx adds authorization rules to the current named policy. If the rule already exists, the rule will not be added. But unlike AddNamedPolicies, other non-existent rules are added instead of returning false directly- Overrides:
addNamedPoliciesEx
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..rules
- the "p" policy rules.- Returns:
- succeeds or not.
-
updateNamedPolicy
updateNamedPolicy updates an authorization rule to the current named policy.- Overrides:
updateNamedPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..params1
- the old rule.params2
- the new rule.- Returns:
- succeeds or not.
-
updateGroupingPolicy
UpdateGroupingPolicy updates an authorization rule to the current named policy.- Overrides:
updateGroupingPolicy
in classManagementEnforcer
- Parameters:
params1
- the old rule.params2
- the new rule.- Returns:
- succeeds or not.
-
updateNamedGroupingPolicy
updateNamedGroupingPolicy updates an authorization rule to the current named policy.- Overrides:
updateNamedGroupingPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..params1
- the old rule.params2
- the new rule.- Returns:
- succeeds or not.
-
addNamedPolicy
AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.- Overrides:
addNamedPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..params
- the "p" policy rule.- Returns:
- succeeds or not.
-
removePolicy
removePolicy removes an authorization rule from the current policy.- Overrides:
removePolicy
in classManagementEnforcer
- Parameters:
params
- the "p" policy rule, ptype "p" is implicitly used.- Returns:
- succeeds or not.
-
removePolicy
removePolicy removes an authorization rule from the current policy.- Overrides:
removePolicy
in classManagementEnforcer
- Parameters:
params
- the "p" policy rule, ptype "p" is implicitly used.- Returns:
- succeeds or not.
-
removePolicies
removePolicies removes authorization rules from the current policy.- Overrides:
removePolicies
in classManagementEnforcer
- Parameters:
rules
- the "p" policy rules, ptype "p" is implicitly used.- Returns:
- succeeds or not.
-
removePolicies
removePolicies removes authorization rules from the current policy.- Overrides:
removePolicies
in classManagementEnforcer
- Parameters:
rules
- the "p" policy rules, ptype "p" is implicitly used.- Returns:
- succeeds or not.
-
removeFilteredPolicy
removeFilteredPolicy removes an authorization rule from the current policy, field filters can be specified.- Overrides:
removeFilteredPolicy
in classManagementEnforcer
- Parameters:
fieldIndex
- the policy rule's start index to be matched.fieldValues
- the field values to be matched, value "" means not to match this field.- Returns:
- succeeds or not.
-
removeNamedPolicy
removeNamedPolicy removes an authorization rule from the current named policy.- Overrides:
removeNamedPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..params
- the "p" policy rule.- Returns:
- succeeds or not.
-
removeNamedPolicy
removeNamedPolicy removes an authorization rule from the current named policy.- Overrides:
removeNamedPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..params
- the "p" policy rule.- Returns:
- succeeds or not.
-
removeNamedPolicies
removeNamedPolicies removes authorization rules from the current named policy.- Overrides:
removeNamedPolicies
in classManagementEnforcer
- Parameters:
ptype
- ptype the policy type, can be "p", "p2", "p3", ..rules
- the "p" policy rules.- Returns:
- succeeds or not.
-
removeFilteredNamedPolicy
removeFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.- Overrides:
removeFilteredNamedPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "p", "p2", "p3", ..fieldIndex
- the policy rule's start index to be matched.fieldValues
- the field values to be matched, value "" means not to match this field.- Returns:
- succeeds or not.
-
hasGroupingPolicy
hasGroupingPolicy determines whether a role inheritance rule exists.- Overrides:
hasGroupingPolicy
in classManagementEnforcer
- Parameters:
params
- the "g" policy rule, ptype "g" is implicitly used.- Returns:
- whether the rule exists.
-
hasGroupingPolicy
hasGroupingPolicy determines whether a role inheritance rule exists.- Overrides:
hasGroupingPolicy
in classManagementEnforcer
- Parameters:
params
- the "g" policy rule, ptype "g" is implicitly used.- Returns:
- whether the rule exists.
-
hasNamedGroupingPolicy
hasNamedGroupingPolicy determines whether a named role inheritance rule exists.- Overrides:
hasNamedGroupingPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..params
- the "g" policy rule.- Returns:
- whether the rule exists.
-
hasNamedGroupingPolicy
hasNamedGroupingPolicy determines whether a named role inheritance rule exists.- Overrides:
hasNamedGroupingPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..params
- the "g" policy rule.- Returns:
- whether the rule exists.
-
addGroupingPolicy
addGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.- Overrides:
addGroupingPolicy
in classManagementEnforcer
- Parameters:
params
- the "g" policy rule, ptype "g" is implicitly used.- Returns:
- succeeds or not.
-
addGroupingPolicy
addGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.- Overrides:
addGroupingPolicy
in classManagementEnforcer
- Parameters:
params
- the "g" policy rule, ptype "g" is implicitly used.- Returns:
- succeeds or not.
-
addGroupingPolicies
addGroupingPolicies adds role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.- Overrides:
addGroupingPolicies
in classManagementEnforcer
- Parameters:
rules
- the "g" policy rules, ptype "g" is implicitly used.- Returns:
- succeeds or not.
-
addGroupingPolicies
addGroupingPolicies adds role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.- Overrides:
addGroupingPolicies
in classManagementEnforcer
- Parameters:
rules
- the "g" policy rules, ptype "g" is implicitly used.- Returns:
- succeeds or not.
-
addNamedGroupingPolicy
addNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.- Overrides:
addNamedGroupingPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..params
- the "g" policy rule.- Returns:
- succeeds or not.
-
addNamedGroupingPolicy
addNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.- Overrides:
addNamedGroupingPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..params
- the "g" policy rule.- Returns:
- succeeds or not.
-
addNamedGroupingPolicies
addNamedGroupingPolicies adds named role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.- Overrides:
addNamedGroupingPolicies
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..rules
- the "g" policy rules.- Returns:
- succeeds or not.
-
addNamedGroupingPolicies
addNamedGroupingPolicies adds named role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.- Overrides:
addNamedGroupingPolicies
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..rules
- the "g" policy rules.- Returns:
- succeeds or not.
-
removeGroupingPolicy
removeGroupingPolicy removes a role inheritance rule from the current policy.- Overrides:
removeGroupingPolicy
in classManagementEnforcer
- Parameters:
params
- the "g" policy rule, ptype "g" is implicitly used.- Returns:
- succeeds or not.
-
removeGroupingPolicy
removeGroupingPolicy removes a role inheritance rule from the current policy.- Overrides:
removeGroupingPolicy
in classManagementEnforcer
- Parameters:
params
- the "g" policy rule, ptype "g" is implicitly used.- Returns:
- succeeds or not.
-
removeGroupingPolicies
removeGroupingPolicies removes role inheritance rules from the current policy.- Overrides:
removeGroupingPolicies
in classManagementEnforcer
- Parameters:
rules
- the "g" policy rules, ptype "g" is implicitly used.- Returns:
- succeeds or not.
-
removeGroupingPolicies
removeGroupingPolicies removes role inheritance rules from the current policy.- Overrides:
removeGroupingPolicies
in classManagementEnforcer
- Parameters:
rules
- the "g" policy rules, ptype "g" is implicitly used.- Returns:
- succeeds or not.
-
removeFilteredGroupingPolicy
removeFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.- Overrides:
removeFilteredGroupingPolicy
in classManagementEnforcer
- Parameters:
fieldIndex
- the policy rule's start index to be matched.fieldValues
- the field values to be matched, value "" means not to match this field.- Returns:
- succeeds or not.
-
removeNamedGroupingPolicy
removeNamedGroupingPolicy removes a role inheritance rule from the current named policy.- Overrides:
removeNamedGroupingPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..params
- the "g" policy rule.- Returns:
- succeeds or not.
-
removeNamedGroupingPolicy
removeNamedGroupingPolicy removes a role inheritance rule from the current named policy.- Overrides:
removeNamedGroupingPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..params
- the "g" policy rule.- Returns:
- succeeds or not.
-
removeNamedGroupingPolicies
removeNamedGroupingPolicies removes role inheritance rules from the current named policy.- Overrides:
removeNamedGroupingPolicies
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..rules
- the "g" policy rules.- Returns:
- succeeds or not.
-
removeNamedGroupingPolicies
removeNamedGroupingPolicies removes role inheritance rules from the current named policy.- Overrides:
removeNamedGroupingPolicies
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..rules
- the "g" policy rules.- Returns:
- succeeds or not.
-
removeFilteredNamedGroupingPolicy
public boolean removeFilteredNamedGroupingPolicy(String ptype, int fieldIndex, String... fieldValues) removeFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.- Overrides:
removeFilteredNamedGroupingPolicy
in classManagementEnforcer
- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..fieldIndex
- the policy rule's start index to be matched.fieldValues
- the field values to be matched, value "" means not to match this field.- Returns:
- succeeds or not.
-
getUsersForRole
getUsersForRole gets the users that has a role.- Overrides:
getUsersForRole
in classEnforcer
- Parameters:
name
- the role.- Returns:
- the users that has the role.
-
hasRoleForUser
hasRoleForUser determines whether a user has a role.- Overrides:
hasRoleForUser
in classEnforcer
- Parameters:
name
- the user.role
- the role.- Returns:
- whether the user has the role.
-
addRoleForUser
addRoleForUser adds a role for a user. Returns false if the user already has the role (aka not affected).- Overrides:
addRoleForUser
in classEnforcer
- Parameters:
user
- the user.role
- the role.- Returns:
- succeeds or not.
-
deleteRoleForUser
deleteRoleForUser deletes a role for a user. Returns false if the user does not have the role (aka not affected).- Overrides:
deleteRoleForUser
in classEnforcer
- Parameters:
user
- the user.role
- the role.- Returns:
- succeeds or not.
-
deleteRolesForUser
deleteRolesForUser deletes all roles for a user. Returns false if the user does not have any roles (aka not affected).- Overrides:
deleteRolesForUser
in classEnforcer
- Parameters:
user
- the user.- Returns:
- succeeds or not.
-
deleteUser
deleteUser deletes a user. Returns false if the user does not exist (aka not affected).- Overrides:
deleteUser
in classEnforcer
- Parameters:
user
- the user.- Returns:
- succeeds or not.
-
deleteRole
deleteRole deletes a role.- Overrides:
deleteRole
in classEnforcer
- Parameters:
role
- the role.
-
deletePermission
deletePermission deletes a permission. Returns false if the permission does not exist (aka not affected).- Overrides:
deletePermission
in classEnforcer
- Parameters:
permission
- the permission, usually be (obj, act). It is actually the rule without the subject.- Returns:
- succeeds or not.
-
deletePermission
deletePermission deletes a permission. Returns false if the permission does not exist (aka not affected).- Overrides:
deletePermission
in classEnforcer
- Parameters:
permission
- the permission, usually be (obj, act). It is actually the rule without the subject.- Returns:
- succeeds or not.
-
addPermissionForUser
addPermissionForUser adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).- Overrides:
addPermissionForUser
in classEnforcer
- Parameters:
user
- the user.permission
- the permission, usually be (obj, act). It is actually the rule without the subject.- Returns:
- succeeds or not.
-
addPermissionForUser
addPermissionForUser adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).- Overrides:
addPermissionForUser
in classEnforcer
- Parameters:
user
- the user.permission
- the permission, usually be (obj, act). It is actually the rule without the subject.- Returns:
- succeeds or not.
-
deletePermissionForUser
deletePermissionForUser deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected).- Overrides:
deletePermissionForUser
in classEnforcer
- Parameters:
user
- the user.permission
- the permission, usually be (obj, act). It is actually the rule without the subject.- Returns:
- succeeds or not.
-
deletePermissionForUser
deletePermissionForUser deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected).- Overrides:
deletePermissionForUser
in classEnforcer
- Parameters:
user
- the user.permission
- the permission, usually be (obj, act). It is actually the rule without the subject.- Returns:
- succeeds or not.
-
deletePermissionsForUser
deletePermissionsForUser deletes permissions for a user or role. Returns false if the user or role does not have any permissions (aka not affected).- Overrides:
deletePermissionsForUser
in classEnforcer
- Parameters:
user
- the user.- Returns:
- succeeds or not.
-
getPermissionsForUser
getPermissionsForUser gets permissions for a user or role.- Overrides:
getPermissionsForUser
in classEnforcer
- Parameters:
user
- the user.domain
- the user's domain.- Returns:
- the permissions, a permission is usually like (obj, act). It is actually the rule without the subject.
-
getNamedPermissionsForUser
GetNamedPermissionsForUser gets permissions for a user or role by named policy.- Overrides:
getNamedPermissionsForUser
in classEnforcer
- Parameters:
pType
- the name policy.user
- the user.domain
- domain.- Returns:
- the permissions.
-
hasPermissionForUser
hasPermissionForUser determines whether a user has a permission.- Overrides:
hasPermissionForUser
in classEnforcer
- Parameters:
user
- the user.permission
- the permission, usually be (obj, act). It is actually the rule without the subject.- Returns:
- whether the user has the permission.
-
hasPermissionForUser
hasPermissionForUser determines whether a user has a permission.- Overrides:
hasPermissionForUser
in classEnforcer
- Parameters:
user
- the user.permission
- the permission, usually be (obj, act). It is actually the rule without the subject.- Returns:
- whether the user has the permission.
-
getUsersForRoleInDomain
getUsersForRoleInDomain gets the users that a role has inside a domain.- Overrides:
getUsersForRoleInDomain
in classEnforcer
- Parameters:
name
- the role.domain
- the domain.- Returns:
- the users that the role has in the domain.
-
getRolesForUserInDomain
getRolesForUserInDomain gets the roles that a user has inside a domain.- Overrides:
getRolesForUserInDomain
in classEnforcer
- Parameters:
name
- the user.domain
- the domain.- Returns:
- the roles that the user has in the domain.
-
getPermissionsForUserInDomain
getPermissionsForUserInDomain gets permissions for a user or role inside a domain.- Overrides:
getPermissionsForUserInDomain
in classEnforcer
- Parameters:
user
- the user.domain
- the domain.- Returns:
- the permissions, a permission is usually like (obj, act). It is actually the rule without the subject.
-
addRoleForUserInDomain
addRoleForUserInDomain adds a role for a user inside a domain. Returns false if the user already has the role (aka not affected).- Overrides:
addRoleForUserInDomain
in classEnforcer
- Parameters:
user
- the user.role
- the role.domain
- the domain.- Returns:
- succeeds or not.
-
deleteRoleForUserInDomain
deleteRoleForUserInDomain deletes a role for a user inside a domain. Returns false if the user does not have the role (aka not affected).- Overrides:
deleteRoleForUserInDomain
in classEnforcer
- Parameters:
user
- the user.role
- the role.domain
- the domain.- Returns:
- succeeds or not.
-
getImplicitRolesForUser
getImplicitRolesForUser gets implicit roles that a user has. Compared to getRolesForUser(), this function retrieves indirect roles besides direct roles. For example: g, alice, role:admin g, role:admin, role:usergetRolesForUser("alice") can only get: ["role:admin"]. But getImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].
- Overrides:
getImplicitRolesForUser
in classEnforcer
- Parameters:
name
- the userdomain
- the domain- Returns:
- implicit roles that a user has.
-
getImplicitPermissionsForUser
getImplicitPermissionsForUser gets implicit permissions for a user or role. Compared to getPermissionsForUser(), this function retrieves permissions for inherited roles. For example: p, admin, data1, read p, alice, data2, read g, alice, admingetPermissionsForUser("alice") can only get: [["alice", "data2", "read"]]. But getImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].
- Overrides:
getImplicitPermissionsForUser
in classEnforcer
- Parameters:
user
- the user.domain
- the user's domain.- Returns:
- implicit permissions for a user or role.
-
getNamedImplicitPermissionsForUser
public List<List<String>> getNamedImplicitPermissionsForUser(String pType, String user, String... domain) GetNamedImplicitPermissionsForUser gets implicit permissions for a user or role by named policy. Compared to GetNamedPermissionsForUser(), this function retrieves permissions for inherited roles. For example: p, admin, data1, read p2, admin, create g, alice, adminGetImplicitPermissionsForUser("alice") can only get: [["admin", "data1", "read"]], whose policy is default policy "p" But you can specify the named policy "p2" to get: [["admin", "create"]] by GetNamedImplicitPermissionsForUser("p2","alice")
- Overrides:
getNamedImplicitPermissionsForUser
in classEnforcer
- Parameters:
pType
- the name policy.user
- the user.domain
- the user's domain.- Returns:
- implicit permissions for a user or role by named policy.
-
runSynchronized
-
runSynchronized
-