@@ -12,6 +12,66 @@ export class AuthZManagementService {
1212 public readonly enforcer : casbin . Enforcer
1313 ) { }
1414
15+ /**
16+ * enforce decides whether a "subject" can access a "object" with the operation "action"
17+ *
18+ * @param params the request parameters, usually (sub, obj, act)
19+ *
20+ * @return whether or not the request is allowed
21+ */
22+ enforce ( ...params : string [ ] ) : Promise < boolean > {
23+ return this . enforcer . enforce ( params ) ;
24+ }
25+
26+ /**
27+ * enforceWithMatcher uses a custom matcher to decides whether a "subject" can access a "object" with the operation "action"
28+ *
29+ * @param matcher the matcher statement to use
30+ * @param params the request parameters, usually (sub, obj, act)
31+ *
32+ * @return whether or not the request is allowed
33+ */
34+ enforceWithMatcher ( matcher : string , ...params : string [ ] ) : Promise < boolean > {
35+ return this . enforcer . enforceWithMatcher ( matcher , params ) ;
36+ }
37+
38+ /**
39+ * enforceEx explains enforcement by returning matched rules.
40+ *
41+ * @param params the request parameters, usually (sub, obj, act)
42+ *
43+ * @return whether or not the request is allowed, and what policy caused that decision
44+ */
45+ enforceEx ( ...params : string [ ] ) : Promise < [ boolean , string [ ] ] > {
46+ return this . enforcer . enforceEx ( params ) ;
47+ }
48+
49+ /**
50+ * enforceExWithMatcher uses a custom matcher and explains enforcement by returning matched rules.
51+ *
52+ * @param matcher the matcher statement to use
53+ * @param params the request parameters, usually (sub, obj, act)
54+ *
55+ * @return whether or not the request is allowed, and what policy caused that decision
56+ */
57+ enforceExWithMatcher (
58+ matcher : string ,
59+ ...params : string [ ]
60+ ) : Promise < [ boolean , string [ ] ] > {
61+ return this . enforcer . enforceExWithMatcher ( matcher , params ) ;
62+ }
63+
64+ /**
65+ * batchEnforce enforces each request and returns result in a bool array
66+ *
67+ * @param params the request parameters, usually (sub, obj, act)
68+ *
69+ * @return an array with the enforcement results for each given request
70+ */
71+ batchEnforce ( params : string [ ] [ ] ) : Promise < boolean [ ] > {
72+ return this . enforcer . batchEnforce ( params ) ;
73+ }
74+
1575 /**
1676 * getAllSubjects gets the list of subjects that show up in the current policy.
1777 *
@@ -537,4 +597,35 @@ export class AuthZManagementService {
537597 loadPolicy ( ) : Promise < void > {
538598 return this . enforcer . loadPolicy ( ) ;
539599 }
600+
601+ /**
602+ * updateGroupingPolicy updates a role inheritance rule from the current policy.
603+ * If the rule not exists, the function returns false.
604+ * Otherwise the function returns true by changing it to the new rule.
605+ *
606+ * @param oldRule the role inheritance rule will be remove
607+ * @param newRule the role inheritance rule will be added
608+ * @return succeeds or not.
609+ */
610+ updateGroupingPolicy ( oldRule : string [ ] , newRule : string [ ] ) : Promise < boolean > {
611+ return this . enforcer . updateGroupingPolicy ( oldRule , newRule ) ;
612+ }
613+
614+ /**
615+ * updateNamedGroupingPolicy updates a named role inheritance rule from the current policy.
616+ * If the rule not exists, the function returns false.
617+ * Otherwise the function returns true by changing it to the new rule.
618+ *
619+ * @param ptype the policy type, can be "g", "g2", "g3", ..
620+ * @param oldRule the role inheritance rule will be remove
621+ * @param newRule the role inheritance rule will be added
622+ * @return succeeds or not.
623+ */
624+ updateNamedGroupingPolicy (
625+ ptype : string ,
626+ oldRule : string [ ] ,
627+ newRule : string [ ]
628+ ) : Promise < boolean > {
629+ return this . enforcer . updateNamedGroupingPolicy ( ptype , oldRule , newRule ) ;
630+ }
540631}
0 commit comments