feat: add KeyMatch5() custom function, allow empty policy for ABAC (#4)
casbin-dotnet-cli is a command-line tool based on Casbin.NET, enabling you to use all of Casbin APIs in the shell.
casbin-dotnet-cli/ ├── .github/ │ └── workflows/ │ └── build.yml # GitHub Actions workflow configuration ├── src/ │ └── CasbinCli/ │ ├── Commands/ │ │ ├── EnforceCommand.cs # Enhanced enforce command implementation │ │ └── EnforceExCommand.cs # Enhanced enforceEx command implementation │ ├── Models/ │ │ └── ResponseBody.cs # JSON response model │ ├── Services/ │ │ ├── EnforcementService.cs # Enhanced core enforcement service │ │ └── ConfigValidationService.cs # Configuration file validation service │ ├── Program.cs # Dynamic version management entry point │ └── CasbinCli.csproj # Project file ├── test/ │ ├── CasbinCli.Tests/ # Unit test project │ │ ├── Services/ │ │ │ ├── EnforcementServiceTests.cs # Enhanced core service unit tests │ │ │ └── ParameterProcessingTests.cs # Parameter processing tests │ │ ├── Models/ │ │ │ └── ResponseBodyTests.cs # Response model tests │ │ └── CasbinCli.Tests.csproj # Test project file │ ├── basic_model.conf # Basic access control model │ ├── basic_policy.csv # Basic policy file │ ├── rbac_with_domains_model.conf # RBAC with domains model │ ├── rbac_with_domains_policy.csv # RBAC with domains policy │ ├── abac_rule_model.conf # ABAC rule model file │ ├── abac_rule_policy.csv # ABAC rule policy file │ ├── abac_model.conf # ABAC model file │ └── abac_policy.csv # ABAC policy file ├── build.ps1 # Local multi-platform build script ├── .releaserc.json # Semantic release configuration ├── README.md # Project documentation └── casbin-dotnet-cli.sln # Visual Studio solution file
git clone https://github.com/casbin/casbin-dotnet-cli.git
cd casbin-dotnet-cli dotnet build
dotnet run --project src/CasbinCli -- [command] [options]
dotnet tool install -g casbin-dotnet-cli
After installation, you can use the casbin command directly.
| Option | Description | Required |
|---|---|---|
-m, --model | Path to the model file or model text | Yes |
-p, --policy | Path to the policy file or policy text | Yes |
enforce | Check permissions | No |
enforceEx | Check permissions and get matching policy rule | No |
Check if Alice has read permission on data1: README.md:37-42
casbin enforce -m "test/basic_model.conf" -p "test/basic_policy.csv" "alice" "data1" "read"
Output:
{"allow":true,"explain":[]}
Check if Alice has write permission on data1 (with explanation): README.md:44-49
casbin enforceEx -m "test/basic_model.conf" -p "test/basic_policy.csv" "alice" "data1" "write"
Output:
{"allow":false,"explain":[]}
Check if Alice has read permission on data1 in domain1: README.md:51-56
casbin enforceEx -m "test/rbac_with_domains_model.conf" -p "test/rbac_with_domains_policy.csv" "alice" "domain1" "data1" "read"
Output:
{"allow":true,"explain":["admin","domain1","data1","read"]}
Support for structured parameters in ABAC scenarios: enforce_test.go:47-49
casbin enforceEx -m "test/abac_model.conf" -p "test/abac_policy.csv" "{\"Age\":30}" "/data1" "read"
Output:
{"allow":true,"explain":["r.sub.Age > 18","/data1","read"]}
"alice", "data1", "read""{\"field\":\"value\"}", "{\"Age\":25}"The core enforcement service responsible for:
Standardized JSON response format: enforce.go:29-30
{
"allow": boolean, // whether access is allowed
"explain": string[] // matching policy rules (enforceEx command only)
}
Casbin.NET: Core access control librarySystem.CommandLine: Command-line parsing frameworkNewtonsoft.Json: JSON serialization libraryThis project is licensed under the Apache 2.0 License - see the LICENSE file for details.