Merge 4a6e312 into 9842cb2

examples/rbac_with_hierarchy_policy.csv

@@ -0,0 +1,10 @@
+p, alice, data1, read
+p, bob, data2, write
+p, data1_admin, data1, read
+p, data1_admin, data1, write
+p, data2_admin, data2, read
+p, data2_admin, data2, write
+
+g, alice, admin
+g, admin, data1_admin
+g, admin, data2_admin

src/main/java/org/casbin/jcasbin/main/CoreEnforcer.java

@@ -46,7 +46,7 @@ public class CoreEnforcer {
 
     Adapter adapter;
     Watcher watcher;
-    private RoleManager rm;
+    RoleManager rm;
 
     private boolean enabled;
     boolean autoSave;

src/main/java/org/casbin/jcasbin/main/Enforcer.java

@@ -400,4 +400,45 @@ public boolean addRoleForUserInDomain(String user, String role, String domain) {
     public boolean deleteRoleForUserInDomain(String user, String role, String domain) {
         return removeGroupingPolicy(user, role, domain);
     }
+
+    /**
+     * getImplicitRolesForUser gets implicit roles that a user has.
+     * Compared to getRolesForUser(), this function retrieves indirect roles besides direct roles.
+     * For example:
+     * g, alice, role:admin
+     * g, role:admin, role:user
+     * <p>
+     * getRolesForUser("alice") can only get: ["role:admin"].
+     * But getImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].
+     */
+    public List<String> getImplicitRolesForUser(String name, String... domain) {
+        List<String> roles = this.rm.getRoles(name, domain);
+        List<String> res = new ArrayList<>(roles);
+        for (String n : roles) {
+            res.addAll(this.getImplicitRolesForUser(n, domain));
+        }
+        return res;
+    }
+
+    /**
+     * getImplicitPermissionsForUser gets implicit permissions for a user or role.
+     * Compared to getPermissionsForUser(), this function retrieves permissions for inherited roles.
+     * For example:
+     * p, admin, data1, read
+     * p, alice, data2, read
+     * g, alice, admin
+     * <p>
+     * getPermissionsForUser("alice") can only get: [["alice", "data2", "read"]].
+     * But getImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].
+     */
+    public List<List<String>> getImplicitPermissionsForUser(String user) {
+        List<String> roles = new ArrayList<>();
+        roles.add(user);
+        roles.addAll(this.getImplicitRolesForUser(user));
+        List<List<String>> res = new ArrayList<>();
+        for (String n : roles) {
+            res.addAll(this.getPermissionsForUser(n));
+        }
+        return res;
+    }
 }

src/test/java/org/casbin/jcasbin/main/RbacAPIUnitTest.java

@@ -18,6 +18,7 @@
 
 import static java.util.Arrays.asList;
 import static org.casbin.jcasbin.main.TestUtil.*;
+import static org.junit.Assert.assertEquals;
 
 public class RbacAPIUnitTest {
     @Test
@@ -125,4 +126,26 @@ public void testPermissionAPI() {
         testEnforceWithoutUsers(e, "bob", "read", false);
         testEnforceWithoutUsers(e, "bob", "write", false);
     }
+
+    @Test
+    public void testImplicitRoleAPI() {
+        Enforcer e = new Enforcer("examples/rbac_model.conf", "examples/rbac_with_hierarchy_policy.csv");
+        assertEquals(e.getImplicitRolesForUser("alice"), asList("admin", "data1_admin", "data2_admin"));
+    }
+
+    @Test
+    public void testImplicitPermissionAPI() {
+        Enforcer e = new Enforcer("examples/rbac_model.conf", "examples/rbac_with_hierarchy_policy.csv");
+        assertEquals(
+                e.getImplicitPermissionsForUser("alice"),
+                asList(
+                        asList("alice", "data1", "read"),
+                        asList("data1_admin", "data1", "read"),
+                        asList("data1_admin", "data1", "write"),
+                        asList("data2_admin", "data2", "read"),
+                        asList("data2_admin", "data2", "write")
+                )
+        );
+
+    }
 }