Model Storage
Unlike the policy, the model can be loaded only, it cannot be saved. Because we think the model is not a dynamic component and should not be modified at run-time, so we don't implement an API to save the model into a storage.
However, the good news is, we provide three equivalent ways to load a model either statically or dynamically:
Load model from .CONF file
This is the most common way to use Casbin. It's easy to understand for beginners and convenient for sharing when you ask Casbin team for help.
The content of the .CONF
file examples/rbac_model.conf:
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
Then you can load the model file as:
e := casbin.NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
Load model from code
The model can be initialized dynamically from code instead of using .CONF
file. Here's an example for the RBAC model:
import (
"github.com/casbin/casbin/v2"
"github.com/casbin/casbin/v2/model"
"github.com/casbin/casbin/v2/persist/file-adapter"
)
// Initialize the model from Go code.
m := model.NewModel()
m.AddDef("r", "r", "sub, obj, act")
m.AddDef("p", "p", "sub, obj, act")
m.AddDef("g", "g", "_, _")
m.AddDef("e", "e", "some(where (p.eft == allow))")
m.AddDef("m", "m", "g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act")
// Load the policy rules from the .CSV file adapter.
// Replace it with your adapter to avoid files.
a := fileadapter.NewAdapter("examples/rbac_policy.csv")
// Create the enforcer.
e := casbin.NewEnforcer(m, a)
Load model from string
Or you can just load the entire model text from a multi-line string. The good point for this way is that you do not need to maintain a model file.
import (
"github.com/casbin/casbin/v2"
"github.com/casbin/casbin/v2/model"
)
// Initialize the model from a string.
text :=
`
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
`
m, _ := model.NewModelFromString(text)
// Load the policy rules from the .CSV file adapter.
// Replace it with your adapter to avoid files.
a := fileadapter.NewAdapter("examples/rbac_policy.csv")
// Create the enforcer.
e := casbin.NewEnforcer(m, a)