@@ -340,4 +340,130 @@ function Enforcer:GetImplicitResourcesForUser(user, ...)
340340 return res
341341end
342342
343+
344+ -- RBAC API with domains
345+
346+ -- GetUsersForRoleInDomain gets the users that has a role inside a domain.
347+ function Enforcer :GetUsersForRoleInDomain (name , domain )
348+ local res , _ = self .model .model [" g" " g" RM :getUsers (name , domain )
349+ return res
350+ end
351+
352+ -- GetRolesForUserInDomain gets the roles that a user has inside a domain.
353+ function Enforcer :GetRolesForUserInDomain (name , domain )
354+ local res , _ = self .model .model [" g" " g" RM :getRoles (name , domain )
355+ return res
356+ end
357+
358+ -- GetPermissionsForUserInDomain gets permissions for a user or role inside a domain.
359+ function Enforcer :GetPermissionsForUserInDomain (user , domain )
360+ return self :GetFilteredPolicy (0 , user , domain )
361+ end
362+
363+ -- AddRoleForUserInDomain adds a role for a user inside a domain.
364+ -- Returns false if the user already has the role (aka not affected).
365+ function Enforcer :AddRoleForUserInDomain (user , role , domain )
366+ return self :AddGroupingPolicy (user , role , domain )
367+ end
368+
369+ -- DeleteRoleForUserInDomain deletes a role for a user inside a domain.
370+ -- Returns false if the user does not have the role (aka not affected).
371+ function Enforcer :DeleteRoleForUserInDomain (user , role , domain )
372+ return self :RemoveGroupingPolicy (user , role , domain )
373+ end
374+
375+ -- DeleteRolesForUserInDomain deletes all roles for a user inside a domain.
376+ -- Returns false if the user does not have any roles (aka not affected).
377+ function Enforcer :DeleteRolesForUserInDomain (user , domain )
378+ local roles = self .model .model [" g" " g" RM :getRoles (user , domain )
379+
380+ local rules = {}
381+ for _ , role in pairs (roles ) do
382+ table.insert (rules , {user , role , domain })
383+ end
384+
385+ return self :RemoveGroupingPolicies (rules )
386+ end
387+
388+ -- GetAllUsersByDomain would get all users associated with the domain.
389+ function Enforcer :GetAllUsersByDomain (domain )
390+ local m = {}
391+ local g = self .model .model [" g" " g"
392+ local p = self .model .model [" p" " p"
393+
394+ local users = {}
395+ local inx = self :getDomainIndex (" p"
396+
397+ local function getUser (index , policies , domain , m )
398+ if # policies == 0 or # policies [1 ] < index then
399+ return {}
400+ end
401+
402+ local res = {}
403+ for _ , policy in pairs (policies ) do
404+ if not m [policy [1 ]] and policy [index ] == domain then
405+ table.insert (res , policy [1 ])
406+ m [policy [1 ]] = {}
407+ end
408+ end
409+ return res
410+ end
411+
412+ local gUsers = getUser (3 , g .policy , domain , m )
413+ for _ , v in pairs (gUsers ) do
414+ table.insert (users , v )
415+ end
416+ local pUsers = getUser (inx , p .policy , domain , m )
417+ for _ , v in pairs (pUsers ) do
418+ table.insert (users , v )
419+ end
420+
421+ return users
422+ end
423+
424+ -- DeleteAllUsersByDomain would delete all users associated with the domain.
425+ function Enforcer :DeleteAllUsersByDomain (domain )
426+ local g = self .model .model [" g" " g"
427+ local p = self .model .model [" p" " p"
428+
429+ local inx = self :getDomainIndex (" p"
430+
431+ local function getUser (index , policies , domain )
432+ if # policies == 0 or # policies [1 ] < index then
433+ return {}
434+ end
435+
436+ local res = {}
437+ for _ , policy in pairs (policies ) do
438+ if policy [index ] == domain then
439+ table.insert (res , policy )
440+ end
441+ end
442+ return res
443+ end
444+
445+ local gUsers = getUser (3 , g .policy , domain )
446+ self :RemoveGroupingPolicies (gUsers )
447+
448+ local pUsers = getUser (inx , p .policy , domain )
449+ self :RemovePolicies (pUsers )
450+
451+ return true
452+ end
453+
454+ -- DeleteDomains would delete all associated users and roles.
455+ -- It would delete all domains if parameter is not provided.
456+ function Enforcer :DeleteDomains (...)
457+ local domains = {... }
458+ if # domains == 0 then
459+ self :clearPolicy ()
460+ end
461+
462+ for _ , domain in pairs (domains ) do
463+ self :DeleteAllUsersByDomain (domain )
464+ end
465+
466+ return true
467+ end
468+
343469return Enforcer
0 commit comments