diff --git a/enforcer_interface.go b/enforcer_interface.go index d6e1c78d..58423e0f 100644 --- a/enforcer_interface.go +++ b/enforcer_interface.go @@ -69,7 +69,7 @@ type IEnforcer interface { AddPermissionsForUser(user string, permissions ...[]string) (bool, error) DeletePermissionForUser(user string, permission ...string) (bool, error) DeletePermissionsForUser(user string) (bool, error) - GetPermissionsForUser(user string, domain ...string) [][]string + GetPermissionsForUser(user string, domain ...string) ([][]string, error) HasPermissionForUser(user string, permission ...string) bool GetImplicitRolesForUser(name string, domain ...string) ([]string, error) GetImplicitPermissionsForUser(user string, domain ...string) ([][]string, error) diff --git a/rbac_api.go b/rbac_api.go index bc1abb10..822ac590 100644 --- a/rbac_api.go +++ b/rbac_api.go @@ -166,12 +166,12 @@ func (e *Enforcer) DeletePermissionsForUser(user string) (bool, error) { } // GetPermissionsForUser gets permissions for a user or role. -func (e *Enforcer) GetPermissionsForUser(user string, domain ...string) [][]string { +func (e *Enforcer) GetPermissionsForUser(user string, domain ...string) ([][]string, error) { return e.GetNamedPermissionsForUser("p", user, domain...) } // GetNamedPermissionsForUser gets permissions for a user or role by named policy. -func (e *Enforcer) GetNamedPermissionsForUser(ptype string, user string, domain ...string) [][]string { +func (e *Enforcer) GetNamedPermissionsForUser(ptype string, user string, domain ...string) ([][]string, error) { permission := make([][]string, 0) for pType, assertion := range e.model["p"] { if pType != ptype { @@ -187,14 +187,14 @@ func (e *Enforcer) GetNamedPermissionsForUser(ptype string, user string, domain if len(domain) > 0 { index, err := e.GetFieldIndex(ptype, constant.DomainIndex) if err != nil { - return permission + return permission, err } args[index] = domain[0] } perm := e.GetFilteredNamedPolicy(ptype, 0, args...) permission = append(permission, perm...) } - return permission + return permission, nil } // HasPermissionForUser determines whether a user has a permission. diff --git a/rbac_api_synced.go b/rbac_api_synced.go index 7ee8b8be..a63b31e8 100644 --- a/rbac_api_synced.go +++ b/rbac_api_synced.go @@ -124,14 +124,14 @@ func (e *SyncedEnforcer) DeletePermissionsForUser(user string) (bool, error) { } // GetPermissionsForUser gets permissions for a user or role. -func (e *SyncedEnforcer) GetPermissionsForUser(user string, domain ...string) [][]string { +func (e *SyncedEnforcer) GetPermissionsForUser(user string, domain ...string) ([][]string, error) { e.m.RLock() defer e.m.RUnlock() return e.Enforcer.GetPermissionsForUser(user, domain...) } // GetNamedPermissionsForUser gets permissions for a user or role by named policy. -func (e *SyncedEnforcer) GetNamedPermissionsForUser(ptype string, user string, domain ...string) [][]string { +func (e *SyncedEnforcer) GetNamedPermissionsForUser(ptype string, user string, domain ...string) ([][]string, error) { e.m.RLock() defer e.m.RUnlock() return e.Enforcer.GetNamedPermissionsForUser(ptype, user, domain...) diff --git a/rbac_api_test.go b/rbac_api_test.go index fd1b9f5d..eed7e101 100644 --- a/rbac_api_test.go +++ b/rbac_api_test.go @@ -192,7 +192,10 @@ func TestEnforcer_AddRolesForUser(t *testing.T) { func testGetPermissions(t *testing.T, e *Enforcer, name string, res [][]string, domain ...string) { t.Helper() - myRes := e.GetPermissionsForUser(name, domain...) + myRes, err := e.GetPermissionsForUser(name, domain...) + if err != nil { + t.Error(err.Error()) + } t.Log("Permissions for ", name, ": ", myRes) if !util.Array2DEquals(res, myRes) { @@ -212,7 +215,10 @@ func testHasPermission(t *testing.T, e *Enforcer, name string, permission []stri func testGetNamedPermissionsForUser(t *testing.T, e *Enforcer, ptype string, name string, res [][]string, domain ...string) { t.Helper() - myRes := e.GetNamedPermissionsForUser(ptype, name, domain...) + myRes, err := e.GetNamedPermissionsForUser(ptype, name, domain...) + if err != nil { + t.Error(err.Error()) + } t.Log("Named permissions for ", name, ": ", myRes) if !util.Array2DEquals(res, myRes) {