概述
Introduction
All users associated with a single Casdoor organization share access to the organization's applications. 然而,可能会有一些情况,你希望限制用户访问某些应用程序或应用程序内的特定资源。 在这种情况下,您可以利用Casbin提供的Permission功能。
Understanding Casbin Concepts
Before delving deeper into the topic, it is important to have a basic understanding of how Casbin works and its related concepts:
- Model: Defines the structure of your permission policies and the criteria for matching requests against these policies and their outcomes. You can configure models in the Models page in Casdoor.
- Policy: Describes the specific permission rules (who can access what resources with what actions). You configure policies in the Permissions page in Casdoor.
- Adapter: An abstraction layer that shields Casbin's executor from the source of the Policy, allowing the storage of Policies in various locations like files or databases. Learn more about Adapters.
Learn More About Casbin
Visit the Casbin documentation to learn more about access control models and patterns. You can also use the Casbin Online Editor to create and test Model and Policy files for your specific scenarios.
Configuring Permissions in Casdoor
Where to Configure
In the Casdoor Web UI, you'll work with two main pages:
Models Page: Navigate to Models in the sidebar to add or edit Models for your organization.
Permissions Page: Navigate to Permissions in the sidebar to configure permission policies.
How Permissions Work
Returning to the subject of permission configuration in Casdoor:
- Add a Model: First, create a Model for your organization in the Models page within the Casdoor Web UI.
- Configure a Policy: Then, add a Policy (permission rules) for your organization in the Permissions page.
Casbin在线编辑器可以为您提供针对您特定使用场景定制的模型和策略文件。 您可以轻松地通过其Web UI将Model文件导入到Casdoor中,供内置的Casbin使用。 For the Policy configuration (i.e., the Permissions page in the Casdoor Web UI), refer to the Permission Configuration guide for detailed instructions.
Using Permissions with Your Application
就像你的应用程序需要通过Casdoor内置的Casbin来执行权限控制一样,Casdoor本身也利用自己的模型和策略通过Casbin来规范API接口的访问权限。 尽管Casdoor可以从内部代码调用Casbin,但外部应用程序无法这样做。
作为一种解决方案,Casdoor为外部应用程序提供了一个API,以调用内置的Casbin。 See the Exposed Casbin APIs documentation for definitions of these API interfaces and instructions on how to use them.
Related Features
Account Item Permissions
Casdoor also provides fine-grained permission control at the user account field level through the Edit Organization page:
- View rule: Control who can view specific user account fields
- Modify rule: Control who can modify specific user account fields
These rules can be set to:
- Public: Everyone has permission
- Self: Each user has their own permission
- Admin: Only administrators have permission
Learn more in the Account Customization documentation.
Role-Based Access Control
Casdoor supports role-based permissions where you can assign roles to users and configure permission policies for these roles. This allows you to manage permissions at the role level rather than individual user level.
Next Steps
- Permission Configuration: Learn how to configure each field in the Permission page
- Exposed Casbin APIs: Use Casbin APIs in your external applications
- Adapters: Configure adapters for policy storage
- Account Customization: Configure field-level permissions for user accounts
让我们开始吧!