jJ4NddlmZddlmZddlmZmZmZGddeZdS))partial)AsyncManagementEnforcer) join_slicearray_remove_duplicates set_subtractceZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZd dZd!dZd!dZdZdZdZdZdZdZdZdZdZdZdS)" AsyncEnforcerzS AsyncEnforcer = AsyncManagementEnforcer + RBAC_API + RBAC_WITH_DOMAIN_API cfK|jjddj|S)zgets the roles that a user has.gmodelrm get_rolesselfnames _/lsinfo/ai/hellotax_ai/base_platform/venv/lib/python3.11/site-packages/casbin/async_enforcer.pyget_roles_for_userz AsyncEnforcer.get_roles_for_user,z$S),66t<<<cfK|jjddj|S)zgets the users that has a role.r r r get_usersrs rget_users_for_rolez AsyncEnforcer.get_users_for_rolerrctK||d{V}tfd|DS)z%determines whether a user has a role.Nc3$K|] }|kV dSN).0rroles r z2AsyncEnforcer.has_role_for_user..%s',,19,,,,,,r)rany)rrr!roless ` rhas_role_for_userzAsyncEnforcer.has_role_for_user"sO--d33333333,,,,e,,,,,,rc>K|||d{VS)zz async adds a role for a user. Returns false if the user already has the role (aka not affected). Nadd_grouping_policyruserr!s radd_role_for_userzAsyncEnforcer.add_role_for_user's0 --dD999999999rc>K|||d{VS)z async deletes a role for a user. Returns false if the user does not have the role (aka not affected). N)remove_grouping_policyr)s rdelete_role_for_userz"AsyncEnforcer.delete_role_for_user.s0 00t<<<<<<<<K|d|d{VS)z async deletes all roles for a user. Returns false if the user does not have any roles (aka not affected). rNremove_filtered_grouping_policyrr*s rdelete_roles_for_userz#AsyncEnforcer.delete_roles_for_user5s0 99!TBBBBBBBBBrc~K|d|d{V}|d|d{V}|p|S)zl async deletes a user. Returns false if the user does not exist (aka not affected). rNr1remove_filtered_policy)rr*res1res2s r delete_userzAsyncEnforcer.delete_user<` 99!TBBBBBBBB00D99999999|trc~K|d|d{V}|d|d{V}|p|S)zl async deletes a role. Returns false if the role does not exist (aka not affected). Nrr5)rr!r7r8s r delete_rolezAsyncEnforcer.delete_roleFr:rc.K|jdg|Rd{VS)zx async deletes a permission. Returns false if the permission does not exist (aka not affected). r<Nr6)r permissions rdelete_permissionzAsyncEnforcer.delete_permissionPs5 1T0@Z@@@@@@@@@@rcRK|t|g|Rd{VS)z async adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected). N) add_policyrrr*r@s radd_permission_for_userz%AsyncEnforcer.add_permission_for_userWs< __Z%Bz%B%B%BCCCCCCCCCrcRK|t|g|Rd{VS)z async deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected). N) remove_policyrrDs rdelete_permission_for_userz(AsyncEnforcer.delete_permission_for_user^s> '' 4(E*(E(E(EFFFFFFFFFrc>K|d|d{VS)z async deletes permissions for a user or role. Returns false if the user or role does not have any permissions (aka not affected). rNr?r2s rdelete_permissions_for_userz)AsyncEnforcer.delete_permissions_for_useres0 00D999999999rc2K|d|S)z6 gets permissions for a user or role. r)get_filtered_policyr2s rget_permissions_for_userz&AsyncEnforcer.get_permissions_for_userls''4000rcFK|t|g|RS)z= determines whether a user has a permission. ) has_policyrrDs rhas_permission_for_userz%AsyncEnforcer.has_permission_for_userrs*z$<<<<===rcKg}|g}|r||d}|jD]K}|||}|D]0}||vr*||||1L|||S)a gets implicit roles that a user has. Compared to get_roles_for_user(), this function retrieves indirect roles besides direct roles. For example: g, alice, role:admin g, role:admin, role:user get_roles_for_user("alice") can only get: ["role:admin"]. But get_implicit_roles_for_user("alice") will get: ["role:admin", "role:user"]. r)poprm_mapvaluesrappend)rrdomainresqueuerr$r s rget_implicit_roles_for_userz)AsyncEnforcer.get_implicit_roles_for_userxs (99Q<>sCKK *: +BCCff)44 ! !DT/J///C"dlC(G ! 4    rchK|jjddj||S)z/gets the roles that a user has inside a domain.r r rrrWs rget_roles_for_user_in_domainz*AsyncEnforcer.get_roles_for_user_in_domain.z$S),66tVDDDrchK|jjddj||S)z/gets the users that has a role inside a domain.r rrus rget_users_for_role_in_domainz*AsyncEnforcer.get_users_for_role_in_domainrwrcBK ||||d{VS)z-async adds a role for a user inside a domain.Nr'rr*r!rWs radd_role_for_user_in_domainz)AsyncEnforcer.add_role_for_user_in_domains3P--dD&AAAAAAAAArcDK |d|||d{VS)z0async deletes a role for a user inside a domain.rNr0r{s rdelete_roles_for_user_in_domainz-AsyncEnforcer.delete_roles_for_user_in_domains5S99!T4PPPPPPPPPrc@K|d||d{VS)z2gets permissions for a user or role inside domain.r\N)rd)rr*rWs r"get_permissions_for_user_in_domainz0AsyncEnforcer.get_permissions_for_user_in_domains0BB3fUUUUUUUUUrc6K||d||S)zDgets permissions for a user or role with named policy inside domain.r)get_filtered_named_policy)rrfr*rWs rrdz6AsyncEnforcer.get_named_permissions_for_user_in_domains --eQfEEErc"K|jjdd}|j}t}|D]O}|t|dz |kr1|t|dz }||vr||Pt |S)zgets all roles associated with the domain. note: Not applicable to Domains with inheritance relationship (implicit roles)r r<)r policysetlenaddrk)rrWr policiesr$rr!s rget_all_roles_by_domainz%AsyncEnforcer.get_all_roles_by_domains J S !# &8 $ $Fc&kkAo&&00c&kkAo.u$$IIdOOOE{{rcDKt}|ddd{V}|ddd{V}|}|}|D]r}|||krd||}||vrd|t |<-||} | D]-} |} | | |<d|t | <.sdd|DD}|S)agets implicit user based on resource. for example: p, alice, data1, read p, bob, data2, write p, data2_admin, data2, read p, data2_admin, data2, write g, alice, data2_admin get_implicit_users_for_resource("data2") will return [[bob data2 write] [alice data2 read] [alice data2 write]] get_implicit_users_for_resource("data1") will return [[alice data1 read]] Note: only users will be returned, roles (2nd arg in "g") will be excluded.r\subNobjTc,g|]}t|Srrkrts r zAAsyncEnforcer.get_implicit_users_for_resource..,RRR1tAwwRRRrc34K|]}t|VdSrrrkeys rr"z@AsyncEnforcer.get_implicit_users_for_resource..,((Q(Qsc(Q(Q(Q(Q(Q(Qr) dictget_field_indexrb get_all_roles get_policytuplercopykeys) rresourcerg subject_index object_indexrr$rulerusersr* implicit_rules rget_implicit_users_for_resourcez-AsyncEnforcer.get_implicit_users_for_resourcesWff "223>>>>>>>> !11#u========  " " $ $""$$OO%% A ADL!X--=)e##/3Kd ,,LL--E %AA(, 7; m4<@ E-$8$899RR(Q(Qk>N>N>P>P(Q(Q(QRRR rcKt}|ddd{V}|ddd{V}|ddd{V}|}||d{V}|D]} | ||krr| |} | |vrd|t | <-|| |kr:|| |} | D]-} | } | | |<d|t | <.dd|DD}|S) ztget implicit user based on resource and domain. Compared to GetImplicitUsersForResource, domain is supportedr\rNrdomTc,g|]}t|Srrrs rrzKAsyncEnforcer.get_implicit_users_for_resource_by_domain..Grrc34K|]}t|VdSrrrs rr"zJAsyncEnforcer.get_implicit_users_for_resource_by_domain..Grr) rrrbrrrrrr)rrrWrgrr dom_indexrr$rrrr*rs r)get_implicit_users_for_resource_by_domainz7AsyncEnforcer.get_implicit_users_for_resource_by_domain/sff "223>>>>>>>> !11#u======== ..sE::::::::  " " $ $226::::::::OO%% A ADL!X--=)e##/3Kd ,,i00 LLf55E %AA(, 7; m4<@ E-$8$899RR(Q(Qk>N>N>P>P(Q(Q(QRRR rN)rQ)rQT)__name__ __module__ __qualname____doc__rrr%r+r.r3r9r=rArErHrJrMrPrZr_r]rsrvryr|r~rrdrrrrrrr r s======--- :::===CCCAAADDDGGG:::111 >>> 4hhhh(####J8EEEEEEBBB QQQ VVVFFF   @rr N) functoolsr casbin.async_management_enforcerr casbin.utilrrrr rrrrsDDDDDDIIIIIIIIIIsssss+sssssr