Merge pull request #454 from gadelkareem/master

feat: add AddRolesForUser

rbac_api.go

@@ -55,6 +55,22 @@ func (e *Enforcer) AddRoleForUser(user string, role string) (bool, error) {
 	return e.AddGroupingPolicy(user, role)
 }
 
+// AddRolesForUser adds roles for a user.
+// Returns false if the user already has the roles (aka not affected).
+func (e *Enforcer) AddRolesForUser(user string, roles []string) (bool, error) {
+    f := false
+    for _, r := range roles {
+        b, err := e.AddGroupingPolicy(user, r)
+        if err != nil {
+            return false, err
+        }
+        if b {
+            f = true
+        }
+    }
+    return f, nil
+}
+
 // DeleteRoleForUser deletes a role for a user.
 // Returns false if the user does not have the role (aka not affected).
 func (e *Enforcer) DeleteRoleForUser(user string, role string) (bool, error) {

rbac_api_test.go

@@ -126,6 +126,16 @@ func TestRoleAPI(t *testing.T) {
 	testEnforce(t, e, "bob", "data2", "write", true)
 }
 
+func TestEnforcer_AddRolesForUser(t *testing.T) {
+	e, _ := NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
+
+	e.AddRolesForUser("alice", []string{"data1_admin", "data2_admin", "data3_admin"})
+	testGetRoles(t, e, "alice", []string{"data1_admin", "data2_admin", "data3_admin"})
+	testEnforce(t, e, "alice", "data1", "read", true)
+	testEnforce(t, e, "alice", "data2", "read", true)
+	testEnforce(t, e, "alice", "data2", "write", true)
+}
+
 func testGetPermissions(t *testing.T, e *Enforcer, name string, res [][]string) {
 	t.Helper()
 	myRes := e.GetPermissionsForUser(name)