[Question] how to getPermissionByRoleInDomain and getAllRolesInDomain

[panapol-p]

Hi, guys
I read document and didn't see getAllPermissionsByRoleInDomain and getAllRolesInDomain
Do you have way to get this one?

[casbin-bot]

@tangyang9464 @closetool @sagilio

[panapol-p]

after I try to get both with policy per below

p, admin, domain1, data1
p, admin, domain1, data1-1
p, admin2, domain1, data2
p, admin2, domain1, data2-1
p, admin2, domain1, data2-2
p, admin, domain2, data3
p, admin, domain2, data3-2
p, admin, domain2, data3-3
g, alice, admin, domain1
g, wanda, admin2, domain1
g, bob, admin, domain2

I can getPermissionsForRoleInDomain by this code

func getPermissionsForRoleInDomain(e *casbin.Enforcer, role string, domain string) []string {
	ps := e.GetPermissionsForUserInDomain(role, domain)
	var p []string
	for i := range ps {
		p = append(p, ps[i][2])
	}
	return p
}

permissions := getPermissionsForRoleInDomain(e, "admin", "domain1")  // output :  [data1 data1-1]
permissions = getPermissionsForRoleInDomain(e, "admin2", "domain1")  // output :  [data2 data2-1 data2-2]
permissions = getPermissionsForRoleInDomain(e, "admin", "domain2")  // output :  [data3 data3-1 data3-2 data3-3]

and getAllRolesInDomain by this code

func getRolesInDomain(e *casbin.Enforcer, domain string) []string {
	rs := e.GetFilteredPolicy(0, "", domain, "")
	var r []string
	mapRoles := map[string]struct{}{}
	for i := range rs {
		roleNames := rs[i][0]
		if _, ok := mapRoles[roleNames]; !ok {
			mapRoles[roleNames] = struct{}{}
			r = append(r, roleNames)
		}
	}
	return r
}

roles := getRolesInDomain(e, "domain1")  // output :  [admin admin2]
roles = getRolesInDomain(e, "domain2")  // output :  [admin]

[hsluoyz]

@JalinWang @imp2002

/cc @tangyang9464

[JalinWang]

I think it is reasonable to add the getAllRolesInDomain api. There is GetAllRoles() already for models except RBAC with domain.

However, for getAllPermissionsByRoleInDomain , I didn't get the point. What does it use for?
BTW, your code for getRolesInDomain() is a limitated implementation, i.e., when the policy_definition goes as

[policy_definition]
p = sub, dom, obj, act

, the permissions should be be like [ [data1, read], [data1-1, read]].

[hsluoyz]

@panapol-p

[panapol-p]

thanks, @JalinWang, and @hsluoyz
I designed my application to support multi-tenant/domain
when we go to the user management module, we need to have a list of roles in this domain that use to assign new use or replace new role for an old user (my user management module depend on casbin policy only)

do you think this is good or not? thanks for your suggestion again :)

Edited
I forgot to explain about getAllPermissionByRoleInDomain,for getAllPermissionByRoleInDomain, when admin pick some role for change permission, need to show a list of permission assigned in this role (in this domain)