j 4NddlmZddlmZddlmZmZmZGddeZdS))partial)ManagementEnforcer) join_slicearray_remove_duplicates set_subtractceZdZdZ dZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZd dZd!dZd!dZdZdZdZdZdZdZdZdZdZdZdS)"EnforcerzI Enforcer = ManagementEnforcer + RBAC_API + RBAC_WITH_DOMAIN_API cb|jjddj|S)zgets the roles that a user has.gmodelrm get_rolesselfnames Y/lsinfo/ai/hellotax_ai/base_platform/venv/lib/python3.11/site-packages/casbin/enforcer.pyget_roles_for_userzEnforcer.get_roles_for_user#(z$S),66t<<<cb|jjddj|S)zgets the users that has a role.r r r get_usersrs rget_users_for_rolezEnforcer.get_users_for_role'rrcd||}tfd|DS)z%determines whether a user has a role.c3$K|] }|kV dSN).0rroles r z-Enforcer.has_role_for_user...s',,19,,,,,,r)rany)rrr!roless ` rhas_role_for_userzEnforcer.has_role_for_user+s9''--,,,,e,,,,,,rc.|||S)zt adds a role for a user. Returns false if the user already has the role (aka not affected). add_grouping_policyruserr!s radd_role_for_userzEnforcer.add_role_for_user0s ''d333rc.|||S)zy deletes a role for a user. Returns false if the user does not have the role (aka not affected). )remove_grouping_policyr)s rdelete_role_for_userzEnforcer.delete_role_for_user7s **4666rc.|d|S)z} deletes all roles for a user. Returns false if the user does not have any roles (aka not affected). rremove_filtered_grouping_policyrr*s rdelete_roles_for_userzEnforcer.delete_roles_for_user>s 33At<<> Q $4466K  ;*d2216::F $ $DGGt'8@VVbK JJ{ # # # # rcd|}|jddd}|jddd}t||z}t }t ||}|D]0}t |g|R}|j|} | r||1|S)aJ gets implicit users for a permission. For example: p, admin, data1, read p, bob, data1, read g, alice, admin get_implicit_users_for_permission("data1", "read") will get: ["alice", "bob"]. Note: only users will be returned, roles (2nd arg in "g") will be excluded. r r<r) get_all_subjectsr get_values_for_field_in_policyrlistrrenforcerV) rr@ p_subjects g_inherit g_subjectssubjectsrXr*reqalloweds r!get_implicit_users_for_permissionz*Enforcer.get_implicit_users_for_permissions**,, J==c3JJ Z>>sCKK *: +BCCff)44 ! !DT/J///C"dlC(G ! 4    rcd|jjddj||S)z/gets the roles that a user has inside a domain.r r rrrWs rget_roles_for_user_in_domainz%Enforcer.get_roles_for_user_in_domain*z$S),66tVDDDrcd|jjddj||S)z/gets the users that has a role inside a domain.r rrus rget_users_for_role_in_domainz%Enforcer.get_users_for_role_in_domainrwrc2 ||||S)z'adds a role for a user inside a domain.r'rr*r!rWs radd_role_for_user_in_domainz$Enforcer.add_role_for_user_in_domainsP''dF;;;rc4 |d|||S)z*deletes a role for a user inside a domain.rr0r{s rdelete_roles_for_user_in_domainz(Enforcer.delete_roles_for_user_in_domainsS33AtT6JJJrc0|d||S)z2gets permissions for a user or role inside domain.r\)rd)rr*rWs r"get_permissions_for_user_in_domainz+Enforcer.get_permissions_for_user_in_domains<z.5RRR1tAwwRRRrc34K|]}t|VdSrrrkeys rr"z;Enforcer.get_implicit_users_for_resource..5((Q(Qsc(Q(Q(Q(Q(Q(Qr) dictget_field_indexrb get_all_roles get_policytuplercopykeys) rresourcerg subject_index object_indexrr$rulerusersr* implicit_rules rget_implicit_users_for_resourcez(Enforcer.get_implicit_users_for_resources/ff ,,S%88 ++C77  " " $ $""$$OO%% A ADL!X--=)e##/3Kd ,,LL--E %AA(, 7; m4<@ E-$8$899RR(Q(Qk>N>N>P>P(Q(Q(QRRR rcrt}|dd}|dd}|dd}|}||}|D]} | ||krr| |} | |vrd|t | <-|| |kr:|| |} | D]-} | } | | |<d|t | <.dd|DD}|S)ztget implicit user based on resource and domain. Compared to GetImplicitUsersForResource, domain is supportedr\rrdomTc,g|]}t|Srrrs rrzFEnforcer.get_implicit_users_for_resource_by_domain..Prrc34K|]}t|VdSrrrs rr"zEEnforcer.get_implicit_users_for_resource_by_domain..Prr) rrrbrrrrrr)rrrWrgrr dom_indexrr$rrrr*rs r)get_implicit_users_for_resource_by_domainz2Enforcer.get_implicit_users_for_resource_by_domain8sZff ,,S%88 ++C77 ((e44  " " $ $,,V44OO%% A ADL!X--=)e##/3Kd ,,i00 LLf55E %AA(, 7; m4<@ E-$8$899RR(Q(Qk>N>N>P>P(Q(Q(QRRR rN)rQ)rQT)__name__ __module__ __qualname____doc__rrr%r+r.r3r9r=rArErHrJrMrPrZr_r]rsrvryr|r~rrdrrrrrrr r s======--- 444777===;;;>>>AAA444111 >>> 4bbbb(####J8EEEEEE<<< KKK PPPFFF   @rr N) functoolsrcasbin.management_enforcerr casbin.utilrrrr rrrrs999999IIIIIIIIII|||||!|||||r