Skip to content

Latest commit

 

History

History
76 lines (64 loc) · 3.89 KB

README.md

File metadata and controls

76 lines (64 loc) · 3.89 KB

session-role-manager

codebeat badge build codecov javadoc Maven Central Discord

Session Role Manager is the Session-based role manager for jCasbin. With this library, jCasbin can load session-based role hierarchy (user-role mapping) from jCasbin policy or save role hierarchy to it. The session is only active in the specified time range.

Installation

<dependency>
    <groupId>org.casbin</groupId>
    <artifactId>session-role-manager</artifactId>
    <version>1.0.0</version>
</dependency>

Example

import org.casbin.jcasbin.main.Enforcer;
import org.casbin.jcasbin.persist.file_adapter.FileAdapter;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;

public class Example {
    public static void main(String[] args) {
        // Create a new Enforcer using the model path. The default role manager is used initially.
        Enforcer e = new Enforcer("examples/rbac_model_with_sessions.conf");

        // Manually set an adapter for the policy.
        FileAdapter a = new FileAdapter("examples/rbac_policy_with_sessions.csv");
        e.setAdapter(a);

        // Use our custom role manager.
        SessionRoleManager rm = new SessionRoleManager(10);
        e.setRoleManager(rm);

        // If our role manager relies on Casbin policy (e.g., reading "g" policy rules),
        // we need to set the role manager before loading the policy.
        e.loadPolicy();

        // Current role inheritance tree (Time ranges shown in parentheses):
        //          delta          echo          foxtrott
        //             \            / \           /
        //      (0-20)  \   (5-15) /   \ (10-20) / (10-12)
        //               \        /     \       /
        //                 bravo         charlie
        //                   \             /
        //             (0-10) \           / (5-15)
        //                     \         /
        //                        alpha

        // Test permissions for different time points
        assertTrue(e.enforce("alpha", "data1", "read", "00"));
        assertTrue(e.enforce("alpha", "data1", "read", "05"));
        assertTrue(e.enforce("alpha", "data1", "read", "10"));
        assertFalse(e.enforce("alpha", "data1", "read", "15"));
        assertFalse(e.enforce("alpha", "data1", "read", "20"));

        assertFalse(e.enforce("alpha", "data2", "read", "00"));
        assertTrue(e.enforce("alpha", "data2", "read", "05"));
        assertTrue(e.enforce("alpha", "data2", "read", "10"));
        assertTrue(e.enforce("alpha", "data2", "read", "15"));
        assertFalse(e.enforce("alpha", "data2", "read", "20"));

        assertFalse(e.enforce("alpha", "data3", "read", "00"));
        assertFalse(e.enforce("alpha", "data3", "read", "05"));
        assertTrue(e.enforce("alpha", "data3", "read", "10"));
        assertFalse(e.enforce("alpha", "data3", "read", "15"));
        assertFalse(e.enforce("alpha", "data3", "read", "20"));
    }
}