New a Casbin enforcer with a model file and a policy file:
import "github.com/casbin/casbin"
e := casbin.NewEnforcer("path/to/model.conf", "path/to/policy.csv")
import org.casbin.jcasbin.main.Enforcer; Enforcer enforcer = new Enforcer("path/to/model.conf", "path/to/policy.csv");
import casbin from 'casbin'; const enforcer = await casbin.newEnforcer('path/to/model.conf', 'path/to/policy.csv');
require_once './vendor/autoload.php'; use Casbin\Enforcer; $e = new Enforcer("path/to/model.conf", "path/to/policy.csv");
import casbin e = casbin.Enforcer("path/to/model.conf", "path/to/policy.csv")
var casbin: ICasbin; begin casbin := TCasbin.Create('path/to/model.conf', 'path/to/policy.csv'); ... end
Note: you can also initialize an enforcer with policy in DB instead of file, see Persistence section for details.
Add an enforcement hook into your code right before the access happens:
sub := "alice" // the user that wants to access a resource. obj := "data1" // the resource that is going to be accessed. act := "read" // the operation that the user performs on the resource. if e.Enforce(sub, obj, act) == true { // permit alice to read data1 } else { // deny the request, show an error }
String sub = "alice"; // the user that wants to access a resource. String obj = "data1"; // the resource that is going to be accessed. String act = "read"; // the operation that the user performs on the resource. if (enforcer.enforce(sub, obj, act) == true) { // permit alice to read data1 } else { // deny the request, show an error }
const sub = 'alice'; // the user that wants to access a resource. const obj = 'data1'; // the resource that is going to be accessed. const act = 'read'; // the operation that the user performs on the resource. if (enforcer.enforce(sub, obj, act) == true) { // permit alice to read data1 } else { // deny the request, show an error }
$sub = "alice"; // the user that wants to access a resource. $obj = "data1"; // the resource that is going to be accessed. $act = "read"; // the operation that the user performs on the resource. if ($e->enforce($sub, $obj, $act) === true) { // permit alice to read data1 } else { // deny the request, show an error }
sub = "alice" # the user that wants to access a resource. obj = "data1" # the resource that is going to be accessed. act = "read" # the operation that the user performs on the resource. if e.enforce(sub, obj, act): # permit alice to read data1 pass else: # deny the request, show an error pass
if casbin.enforce(['alice,data1,read']) then // Alice is super happy as she can read data1 else // Alice is sad
Besides the static policy file, Casbin also provides API for permission management at run-time. For example, You can get all the roles assigned to a user as below:
roles := e.GetRoles("alice")
Roles roles = enforcer.getRoles("alice");
const roles = enforcer.getRoles('alice');
roles = e.get_roles("alice")
See Policy management APIs for more usage.
Please refer to the _test.go files for more usage.