Skip to content

How to list inherited permissions by father role? #137

New issue
New issue
Closed
Closed
How to list inherited permissions by father role?#137
@g0194776

Description

@g0194776
g0194776
opened on Sep 27, 2018 · edited by g0194776

Hi guys,

I am a new user of Casbin, I have some confusions about the role inheritance with RBAC model. For example:

If I have two roles just like that:
role:admin --> has permission: resource1, read
role:area_admin --> which inherited by role:admin and has permission: resource2, write

I expected that using role name(role:admin) can list all of sub permissions, the result has 2 rows:

  • permission: resource1, read
  • permission: resource2, write

BUT now, what I listed just ONLY one row in result: permission: resource1, read by golang API.

why?

Activity

hsluoyz
closed this as completedin 6dde83bon Sep 28, 2018
hsluoyz

hsluoyz commented on Sep 28, 2018

@hsluoyz
hsluoyz
on Sep 28, 2018
Member

I have added a new function in RBAC API called GetImplicitPermissionsForUser(). It can retrieve all implicit permissions, see example here: 6dde83b

g0194776

g0194776 commented on Sep 30, 2018

@g0194776
g0194776
on Sep 30, 2018
Author

@hsluoyz thank you.

g0194776

g0194776 commented on Oct 6, 2018

@g0194776
g0194776
on Oct 6, 2018
Author

@hsluoyz

It isn't my expected result. WHY?
image

hsluoyz

hsluoyz commented on Oct 6, 2018

@hsluoyz
hsluoyz
on Oct 6, 2018
Member

Can you post your main() body here? So I can copy and test it.

g0194776

g0194776 commented on Oct 6, 2018

@g0194776
g0194776
on Oct 6, 2018
Author

@hsluoyz OK.

code

package main

import (
	"fmt"
	"github.com/casbin/casbin"
)

func main() {
	e := casbin.NewEnforcer("/Users/kevinyang/Documents/golang/src/test.io/casbin/model.conf", "/Users/kevinyang/Documents/golang/src/test.io/casbin/policy.csv")
	//admin
	e.AddPermissionForUser("role:admin", "ad_campaign", "GET")
	e.AddPermissionForUser("role:admin", "ad_campaign", "LIST")
	//area-admin
	e.AddPermissionForUser("role:area_ad_admin", "campaign", "WRITE")
	e.AddPermissionForUser("role:area_ad_admin", "adgroup", "WRITE")
	e.AddPermissionForUser("role:area_ad_admin", "adcreative", "WRITE")
	//assigns role of area_ad_admin to admin.
	e.AddRoleForUser("role:admin", "role:area_ad_admin")

	//end users.
	e.AddRoleForUser("kevin", "role:admin")
	e.SavePolicy()

	//print.
	fmt.Printf("%#v", e.GetImplicitPermissionsForUser("kevin"))
}

model.conf

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act
hsluoyz
added a commit that references this issue on Oct 6, 2018

Add GetImplicitRolesForUser() to get implicit roles, fix: #137

3e0da64
hsluoyz

hsluoyz commented on Oct 6, 2018

@hsluoyz
hsluoyz
on Oct 6, 2018
Member

It has been fixed, see: 3e0da64

g0194776

g0194776 commented on Oct 6, 2018

@g0194776
g0194776
on Oct 6, 2018
Author

@hsluoyz

The bug fix code has been tested successfully. Thanks a lot.

hsluoyz
mentioned this on Jan 27, 2019
Euthpic
mentioned this on Oct 13, 2021
zhuyanhuazhuyanhua
added a commit that references this issue on Jun 7, 2025

Add GetImplicitPermissionsForUser() to get implicit permissions, fix: c…

6dde83b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @g0194776@hsluoyz

        Issue actions
          How to list inherited permissions by father role? · Issue #137 · casbin/casbin