Casbin uses the built-in log to print logs to console like:
2017/07/15 19:43:56 [Request: alice, data1, read ---> true]
The logging is enabled by default. You can toggle it via Enforcer.EnableLog() or the last parameter of NewEnforcer(). Here's an example:
// Disable the logging in the new method. e := casbin.NewEnforcer("examples/basic_model.conf", "examples/basic_policy.csv", false) // Enable the logging at run-time. e.EnableLog(true)
Error or panic may happen when you use Casbin for reasons like:
There are five main functions you may need to care about for error or panic:
| Function | Behavior on error | What if I want error instead of panic? |
|---|---|---|
| NewEnforcer() | Cause panic | Please use NewEnforcerSafe() |
| LoadModel() | Cause panic | Please use LoadModelSafe() |
| LoadPolicy() | Return error | N/A |
| SavePolicy() | Return error | N/A |
| Enforce() | Cause panic | Please use EnforceSafe() |
Note: NewEnforcer() calls LoadModel() and LoadPolicy() inside. So you don't have to call the latter two calls when using NewEnforcer().
The author believes that Golang error is very unfriendly for developers to debug, because it‘s only a string and has no faulty call stack information. The panic can show call stack and integrate well with Golang IDEs. Most of the Casbin users are developers too. And they usually don’t write the Casbin model or policy correctly at the first time (which causes error or panic). So they can benefit from the advantages of panic. However, there are still many people who favor error more than panic. So we provide the xxxSafe() functions which just wrap the xxx() functions by translating panic into error. You can just use xxx() or xxxSafe() functions based on personal tastes.
The enforcer can be disabled via the Enforcer.EnableEnforce() function. When it‘s disabled, Enforcer.Enforce() will always return true. Other operations like adding or removing policy is not affected. Here’s an example:
e := casbin.NewEnforcer("examples/basic_model.conf", "examples/basic_policy.csv") // Will return false. // By default, the enforcer is enabled. e.Enforce("non-authorized-user", "data1", "read") // Disable the enforcer at run-time. e.EnableEnforce(false) // Will return true for any request. e.Enforce("non-authorized-user", "data1", "read") // Enable the enforcer again. e.EnableEnforce(true) // Will return false. e.Enforce("non-authorized-user", "data1", "read")