UNPKG

casbin

Version:

An authorization library that supports access control models like ACL, RBAC, ABAC in Node.JS

casbin.org

casbin/node-casbin

276 lines (275 loc) 10.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
import { Effector } from './effect'; import { FunctionMap, Model, PolicyOp } from './model'; import { Adapter, FilteredAdapter, Watcher, BatchAdapter, UpdatableAdapter, WatcherEx } from './persist'; import { RoleManager } from './rbac'; import { MatchingFunc } from './rbac'; import { FileSystem } from './persist'; /** * CoreEnforcer defines the core functionality of an enforcer. */ export declare class CoreEnforcer { protected modelPath: string; protected model: Model; protected fm: FunctionMap; protected eft: Effector; private matcherMap; private defaultEnforceContext; protected adapter: UpdatableAdapter | FilteredAdapter | Adapter | BatchAdapter; protected watcher: Watcher | null; protected watcherEx: WatcherEx | null; protected rmMap: Map<string, RoleManager>; protected enabled: boolean; protected autoSave: boolean; protected autoBuildRoleLinks: boolean; protected autoNotifyWatcher: boolean; protected acceptJsonRequest: boolean; protected fs?: FileSystem; /** * setFileSystem sets a file system to read the model file or the policy file. * @param fs {@link FileSystem} */ setFileSystem(fs: FileSystem): void; /** * getFileSystem gets the file system, */ getFileSystem(): FileSystem | undefined; private getExpression; /** * loadModel reloads the model from the model CONF file. * Because the policy is attached to a model, * so the policy is invalidated and needs to be reloaded by calling LoadPolicy(). */ loadModel(): void; /** * getModel gets the current model. * * @return the model of the enforcer. */ getModel(): Model; /** * setModel sets the current model. * * @param m the model. */ setModel(m: Model): void; /** * getAdapter gets the current adapter. * * @return the adapter of the enforcer. */ getAdapter(): Adapter; /** * setAdapter sets the current adapter. * * @param adapter the adapter. */ setAdapter(adapter: Adapter): void; /** * setWatcher sets the current watcher. * * @param watcher the watcher. */ setWatcher(watcher: Watcher): void; /** * setWatcherEx sets the current watcherEx. * * @param watcherEx the watcherEx. */ setWatcherEx(watcherEx: WatcherEx): void; /** * setRoleManager sets the current role manager. * * @param rm the role manager. */ setRoleManager(rm: RoleManager): void; /** * setRoleManager sets the role manager for the named policy. * * @param ptype the named policy. * @param rm the role manager. */ setNamedRoleManager(ptype: string, rm: RoleManager): void; /** * getRoleManager gets the current role manager. */ getRoleManager(): RoleManager; /** * getNamedRoleManager gets role manager by name. */ getNamedRoleManager(name: string): RoleManager | undefined; /** * setEffector sets the current effector. * * @param eft the effector. */ setEffector(eft: Effector): void; /** * clearPolicy clears all policy. */ clearPolicy(): void; initRmMap(): void; sortPolicies(): void; /** * loadPolicy reloads the policy from file/database. */ loadPolicy(): Promise<void>; /** * loadFilteredPolicy reloads a filtered policy from file/database. * * @param filter the filter used to specify which type of policy should be loaded. */ loadFilteredPolicy(filter: any): Promise<boolean>; /** * LoadIncrementalFilteredPolicy append a filtered policy from file/database. * * @param filter the filter used to specify which type of policy should be appended. */ loadIncrementalFilteredPolicy(filter: any): Promise<boolean>; /** * isFiltered returns true if the loaded policy has been filtered. * * @return if the loaded policy has been filtered. */ isFiltered(): boolean; /** * savePolicy saves the current policy (usually after changed with * Casbin API) back to file/database. */ savePolicy(): Promise<boolean>; /** * enableEnforce changes the enforcing state of Casbin, when Casbin is * disabled, all access will be allowed by the enforce() function. * * @param enable whether to enable the enforcer. */ enableEnforce(enable: boolean): void; /** * enableLog changes whether to print Casbin log to the standard output. * * @param enable whether to enable Casbin's log. */ enableLog(enable: boolean): void; /** * enableAutoSave controls whether to save a policy rule automatically to * the adapter when it is added or removed. * * @param autoSave whether to enable the AutoSave feature. */ enableAutoSave(autoSave: boolean): void; /** * enableAutoNotifyWatcher controls whether to save a policy rule automatically notify the Watcher when it is added or removed. * @param enable whether to enable the AutoNotifyWatcher feature. */ enableAutoNotifyWatcher(enable: boolean): void; /** * enableAcceptJsonRequest determines whether to attempt parsing request args as JSON * * @param enable whether to attempt parsing request args as JSON */ enableAcceptJsonRequest(enable: boolean): void; /** * enableAutoBuildRoleLinks controls whether to save a policy rule * automatically to the adapter when it is added or removed. * * @param autoBuildRoleLinks whether to automatically build the role links. */ enableAutoBuildRoleLinks(autoBuildRoleLinks: boolean): void; /** * add matching function to RoleManager by ptype * @param ptype g * @param fn the function will be added */ addNamedMatchingFunc(ptype: string, fn: MatchingFunc): Promise<void>; /** * add domain matching function to RoleManager by ptype * @param ptype g * @param fn the function will be added */ addNamedDomainMatchingFunc(ptype: string, fn: MatchingFunc): Promise<void>; /** * buildRoleLinks manually rebuild the role inheritance relations. */ buildRoleLinks(): Promise<void>; /** * buildIncrementalRoleLinks provides incremental build the role inheritance relations. * @param op policy operation * @param ptype g * @param rules policies */ buildIncrementalRoleLinks(op: PolicyOp, ptype: string, rules: string[][]): Promise<void>; protected buildRoleLinksInternal(): Promise<void>; private privateEnforce; /** * If the matchers does not contain an asynchronous method, call it faster. * * enforceSync decides whether a "subject" can access a "object" with * the operation "action", input parameters are usually: (sub, obj, act). * * @param rvals the request needs to be mediated, usually an array * of strings, can be class instances if ABAC is used. * @return whether to allow the request. */ enforceSync(...rvals: any[]): boolean; /** * If the matchers does not contain an asynchronous method, call it faster. * * enforceSync decides whether a "subject" can access a "object" with * the operation "action", input parameters are usually: (sub, obj, act). * * @param rvals the request needs to be mediated, usually an array * of strings, can be class instances if ABAC is used. * @return whether to allow the request and the reason rule. */ enforceExSync(...rvals: any[]): [boolean, string[]]; /** * Same as enforceSync. To be removed. */ enforceWithSyncCompile(...rvals: any[]): boolean; /** * enforce decides whether a "subject" can access a "object" with * the operation "action", input parameters are usually: (sub, obj, act). * * @param rvals the request needs to be mediated, usually an array * of strings, can be class instances if ABAC is used. * @return whether to allow the request. */ enforce(...rvals: any[]): Promise<boolean>; /** * enforceWithMatcher decides whether a "subject" can access a "object" with * the operation "action" but with the matcher passed, * input parameters are usually: (matcher, sub, obj, act). * * @param matcher matcher string. * @param rvals the request needs to be mediated, usually an array * of strings, can be class instances if ABAC is used. * @return whether to allow the request. */ enforceWithMatcher(matcher: string, ...rvals: any[]): Promise<boolean>; /** * enforce decides whether a "subject" can access a "object" with * the operation "action", input parameters are usually: (sub, obj, act). * * @param rvals the request needs to be mediated, usually an array * of strings, can be class instances if ABAC is used. * @return whether to allow the request and the reason rule. */ enforceEx(...rvals: any[]): Promise<[boolean, string[]]>; /** * enforceExWithMatcher decides whether a "subject" can access a "object" with * the operation "action" but with the matcher passed, * input parameters are usually: (matcher, sub, obj, act). * * @param matcher matcher string. * @param rvals the request needs to be mediated, usually an array * of strings, can be class instances if ABAC is used. * @return whether to allow the request and the reason rule. */ enforceExWithMatcher(matcher: string, ...rvals: any[]): Promise<[boolean, string[]]>; /** * batchEnforce enforces each request and returns result in a bool array. * @param rvals the request need to be mediated, usually an array * of array of strings, can be class instances if ABAC is used. * @returns whether to allow the requests. */ batchEnforce(rvals: any[]): Promise<boolean[]>; }