Comments (4)
没有问题的,Casbin
中用户和角色都按 subject
算,src/RbacApi.php#L137
from think-authz.
之所以有这个问题,是因为昨天 试了以下代码,与预期结果不符
// 对eve用户添加 articles read 权限
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// 对 writer 角色添加 articles edit 权限
Enforcer::addPermissionForUser('writer', 'articles','edit');
// 对eve用户添加 writer 角色
Enforcer::addRoleForUser('eve', 'writer');
// 至此 eve 应有 articles read 权限,以及 writer 所包含的 articles edit 权限
Enforcer::hasPermissionForUser('eve', 'articles', 'edit'); // 结果为 false
仔细看完readme.md后,发现实际上有两个方法:
// 决定某个用户是否拥有某个权限
Enforcer::hasPermissionForUser('eve', 'articles', 'edit'); // 结果为 false
// 检查一个用户是否拥有某个权限
Enforcer::enforce('eve', 'articles', 'edit'); // 结果为 true
按结果 来猜测:
hasPermissionForUser( )
只检查“直接”赋予给 用户的权限;
而 enforce( )
检查 赋予用户的权限 以及 用户所拥有的角色的所包含的权限。
仅从现有的中文注释来看,比较难区分二者的区别。
另外,想知道 这里的 第2参数 articles
与 第3参数 read
是 指代 一级权限 与 二级权限 吗?
谢谢
from think-authz.
@MrXBear hasPermissionForUser()
的确是检查直接权限,enforce()
则是根据 your-model.conf
配置里的 matchers
表达式进行检查,可以使用 getImplicitPermissionsForUser()
方法 获取 所有权限(包括继承来的)
参数的顺序则是根据 your-model.conf
里的request_definition
里的配置一一对应,比如 eve
articles
edit
分别对应 sub
obj
act
,可以配置更多的参数。
from think-authz.
明白了
谢谢
from think-authz.
Related Issues (20)
- Argument 1 passed to Casbin\\Rbac\\DefaultRoleManager\\RoleManager::hasLink() must be of the type string, HOT 1
- RBAC 继承无效问题 HOT 10
- 【域内RBAC】 多租户 domain1 修改不通过 HOT 6
- 抛出异常应当不全错误信息 HOT 5
- 可否增加 cache 过期配置 HOT 1
- API接口 ---Enforcer::addPermissionForUser('writer', 'articles','edit'); 文档参数有与代码中facde参数不符 HOT 5
- @method mixed getPermissionsForUser(string $username) static 获取用户的权限返回空 HOT 3
- 有实际的应用项目吗? HOT 4
- 怎么添加自定义函数? HOT 5
- grouping policy elements do not meet role definition HOT 4
- UpdatableAdapter::updateFilteredPolicies has not implemented HOT 2
- 这个缓存怎么在调试阶段关闭 HOT 3
- 为什么获取域内的角色都是空数组? HOT 1
- 1.5.2=>1.5.3升级后的小问题 HOT 2
- Enforcer::enforce报 “array_combine(): Argument #1 ($keys) and argument #2 ($values) must have the same number of elements” HOT 2
- 感觉如果能加入restful路由权限会更好 HOT 2
- ABAC怎么配置? HOT 3
- Class 'tauthz\middleware\Enforcer' not found HOT 3
- Class 'tauthz\exception\Unauthorized' not found HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from think-authz.