Skip to content

Commit

Permalink
feat: Add policy filter
Browse files Browse the repository at this point in the history 
Signed-off-by: sagilio <sagilio@outlook.com>
  • Loading branch information
@sagilio
sagilio committed Oct 23, 2022
1 parent 6dec197 commit 8a77971
Show file tree
Hide file tree
Showing 20 changed files with 884 additions and 569 deletions.
146 changes: 70 additions & 76 deletions Casbin.UnitTests/ModelTests/EnforcerTest.cs
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
using System;
using System.Collections.Generic;
using System.Collections.Generic;
using System.IO;
using System.Text;
using System.Threading.Tasks;
using Casbin.Adapter.File;
using Casbin.Adapter.Stream;
using Casbin.Model;
using Casbin.Persist;
using Casbin.Rbac;
Expand Down Expand Up @@ -73,10 +73,10 @@ public void TestEnforceWithoutAutoLoadPolicy()

FileAdapter a = new("examples/keymatch_policy.csv");

IEnforcer e = DefaultEnforcer.Create(m, a, options => { options.AutoLoadPolicy = false; });
IEnforcer e = new Enforcer(m, a, options => { options.AutoLoadPolicy = false; });
Assert.Empty(e.GetPolicy());

e = DefaultEnforcer.Create(m, a);
e = new Enforcer(m, a);
Assert.NotEmpty(e.GetPolicy());
}

Expand Down Expand Up @@ -257,19 +257,11 @@ public void TestInOperator()
_testModelFixture._rbacInOperatorModelText,
_testModelFixture._rbacInOperatorPolicyText));

TestEnforce(e, new
{
Name = "Alice",
Amount = 5100,
Roles = new string[] { "Manager", "DepartmentDirector" }
}, "authorization", "grant", true);
TestEnforce(e, new { Name = "Alice", Amount = 5100, Roles = new[] { "Manager", "DepartmentDirector" } },
"authorization", "grant", true);

TestEnforce(e, new
{
Name = "Alice",
Amount = 5100,
Roles = new string[] { "DepartmentDirector" }
}, "authorization", "grant", false);
TestEnforce(e, new { Name = "Alice", Amount = 5100, Roles = new[] { "DepartmentDirector" } },
"authorization", "grant", false);
}

[Fact]
Expand Down Expand Up @@ -354,16 +346,16 @@ public void TestRbacBatchEnforceInMemory()

IEnumerable<(RequestValues<string, string, string>, bool)> testCases =
new (RequestValues<string, string, string>, bool)[]
{
(Request.CreateValues("alice", "data1", "read"), true),
(Request.CreateValues("alice", "data1", "write"), false),
(Request.CreateValues("alice", "data2", "read"), true),
(Request.CreateValues("alice", "data2", "write"), true),
(Request.CreateValues("bob", "data1", "read"), false),
(Request.CreateValues("bob", "data1", "write"), false),
(Request.CreateValues("bob", "data2", "read"), false),
(Request.CreateValues("bob", "data2", "write"), true)
};
{
(Request.CreateValues("alice", "data1", "read"), true),
(Request.CreateValues("alice", "data1", "write"), false),
(Request.CreateValues("alice", "data2", "read"), true),
(Request.CreateValues("alice", "data2", "write"), true),
(Request.CreateValues("bob", "data1", "read"), false),
(Request.CreateValues("bob", "data1", "write"), false),
(Request.CreateValues("bob", "data2", "read"), false),
(Request.CreateValues("bob", "data2", "write"), true)
};

TestBatchEnforce(e, testCases);
}
Expand All @@ -388,16 +380,16 @@ public void TestRbacParallelBatchEnforceInMemory()

IEnumerable<(RequestValues<string, string, string>, bool)> testCases =
new (RequestValues<string, string, string>, bool)[]
{
(Request.CreateValues("alice", "data1", "read"), true),
(Request.CreateValues("alice", "data1", "write"), false),
(Request.CreateValues("alice", "data2", "read"), true),
(Request.CreateValues("alice", "data2", "write"), true),
(Request.CreateValues("bob", "data1", "read"), false),
(Request.CreateValues("bob", "data1", "write"), false),
(Request.CreateValues("bob", "data2", "read"), false),
(Request.CreateValues("bob", "data2", "write"), true)
};
{
(Request.CreateValues("alice", "data1", "read"), true),
(Request.CreateValues("alice", "data1", "write"), false),
(Request.CreateValues("alice", "data2", "read"), true),
(Request.CreateValues("alice", "data2", "write"), true),
(Request.CreateValues("bob", "data1", "read"), false),
(Request.CreateValues("bob", "data1", "write"), false),
(Request.CreateValues("bob", "data2", "read"), false),
(Request.CreateValues("bob", "data2", "write"), true)
};

TestParallelBatchEnforce(e, testCases);
}
Expand Down Expand Up @@ -450,16 +442,16 @@ public void TestRbacBatchEnforceInMemoryAsync()

IEnumerable<(RequestValues<string, string, string>, bool)> testCases =
new (RequestValues<string, string, string>, bool)[]
{
(Request.CreateValues("alice", "data1", "read"), true),
(Request.CreateValues("alice", "data1", "write"), false),
(Request.CreateValues("alice", "data2", "read"), true),
(Request.CreateValues("alice", "data2", "write"), true),
(Request.CreateValues("bob", "data1", "read"), false),
(Request.CreateValues("bob", "data1", "write"), false),
(Request.CreateValues("bob", "data2", "read"), false),
(Request.CreateValues("bob", "data2", "write"), true)
};
{
(Request.CreateValues("alice", "data1", "read"), true),
(Request.CreateValues("alice", "data1", "write"), false),
(Request.CreateValues("alice", "data2", "read"), true),
(Request.CreateValues("alice", "data2", "write"), true),
(Request.CreateValues("bob", "data1", "read"), false),
(Request.CreateValues("bob", "data1", "write"), false),
(Request.CreateValues("bob", "data2", "read"), false),
(Request.CreateValues("bob", "data2", "write"), true)
};

TestBatchEnforceAsync(e, testCases);
}
Expand Down Expand Up @@ -1178,16 +1170,16 @@ public void TestBatchEnforceWithMatcherApi()

IEnumerable<(RequestValues<string, string, string>, bool)> testCases =
new (RequestValues<string, string, string>, bool)[]
{
(Request.CreateValues("alice", "data1", "read"), false),
(Request.CreateValues("alice", "data1", "write"), false),
(Request.CreateValues("alice", "data2", "read"), false),
(Request.CreateValues("alice", "data2", "write"), true),
(Request.CreateValues("bob", "data1", "read"), true),
(Request.CreateValues("bob", "data1", "write"), false),
(Request.CreateValues("bob", "data2", "read"), false),
(Request.CreateValues("bob", "data2", "write"), false)
};
{
(Request.CreateValues("alice", "data1", "read"), false),
(Request.CreateValues("alice", "data1", "write"), false),
(Request.CreateValues("alice", "data2", "read"), false),
(Request.CreateValues("alice", "data2", "write"), true),
(Request.CreateValues("bob", "data1", "read"), true),
(Request.CreateValues("bob", "data1", "write"), false),
(Request.CreateValues("bob", "data2", "read"), false),
(Request.CreateValues("bob", "data2", "write"), false)
};

e.TestBatchEnforceWithMatcher(matcher, testCases);
}
Expand All @@ -1200,16 +1192,16 @@ public void TestBatchEnforceWithMatcherParallel()

IEnumerable<(RequestValues<string, string, string>, bool)> testCases =
new (RequestValues<string, string, string>, bool)[]
{
(Request.CreateValues("alice", "data1", "read"), false),
(Request.CreateValues("alice", "data1", "write"), false),
(Request.CreateValues("alice", "data2", "read"), false),
(Request.CreateValues("alice", "data2", "write"), true),
(Request.CreateValues("bob", "data1", "read"), true),
(Request.CreateValues("bob", "data1", "write"), false),
(Request.CreateValues("bob", "data2", "read"), false),
(Request.CreateValues("bob", "data2", "write"), false)
};
{
(Request.CreateValues("alice", "data1", "read"), false),
(Request.CreateValues("alice", "data1", "write"), false),
(Request.CreateValues("alice", "data2", "read"), false),
(Request.CreateValues("alice", "data2", "write"), true),
(Request.CreateValues("bob", "data1", "read"), true),
(Request.CreateValues("bob", "data1", "write"), false),
(Request.CreateValues("bob", "data2", "read"), false),
(Request.CreateValues("bob", "data2", "write"), false)
};

e.TestBatchEnforceWithMatcherParallel(matcher, testCases);
}
Expand Down Expand Up @@ -1238,16 +1230,16 @@ public void TestBatchEnforceWithMatcherApiAsync()

IEnumerable<(RequestValues<string, string, string>, bool)> testCases =
new (RequestValues<string, string, string>, bool)[]
{
(Request.CreateValues("alice", "data1", "read"), false),
(Request.CreateValues("alice", "data1", "write"), false),
(Request.CreateValues("alice", "data2", "read"), false),
(Request.CreateValues("alice", "data2", "write"), true),
(Request.CreateValues("bob", "data1", "read"), true),
(Request.CreateValues("bob", "data1", "write"), false),
(Request.CreateValues("bob", "data2", "read"), false),
(Request.CreateValues("bob", "data2", "write"), false)
};
{
(Request.CreateValues("alice", "data1", "read"), false),
(Request.CreateValues("alice", "data1", "write"), false),
(Request.CreateValues("alice", "data2", "read"), false),
(Request.CreateValues("alice", "data2", "write"), true),
(Request.CreateValues("bob", "data1", "read"), true),
(Request.CreateValues("bob", "data1", "write"), false),
(Request.CreateValues("bob", "data2", "read"), false),
(Request.CreateValues("bob", "data2", "write"), false)
};

TestBatchEnforceWithMatcherAsync(e, matcher, testCases);
}
Expand Down Expand Up @@ -1288,3 +1280,5 @@ public async Task TestEnforceExWithMatcherAsync()

#endregion
}


13 changes: 0 additions & 13 deletions Casbin/Abstractions/IEnforcer.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,18 +22,6 @@ namespace Casbin
/// </summary>
public interface IEnforcer
{
public class EnforcerOptions
{
public bool Enabled { get; set; } = true;
public bool EnabledCache { get; set; } = true;

public bool AutoBuildRoleLinks { get; set; } = true;
public bool AutoNotifyWatcher { get; set; } = true;
public bool AutoCleanEnforceCache { get; set; } = true;
public bool AutoLoadPolicy { get; set; } = true;
public Filter AutoLoadPolicyFilter { get; set; } = null;
}

/// <summary>
/// Decides whether a "subject" can access a "object" with the operation
/// "action", input parameters are usually: (sub, obj, act).
Expand Down Expand Up @@ -88,7 +76,6 @@ public IEnumerable<bool> BatchEnforce<TRequest>(EnforceContext context, IEnumera

#region Options

public EnforcerOptions Options { get; set; }
public bool Enabled { get; set; }
public bool EnabledCache { get; set; }
public bool AutoBuildRoleLinks { get; set; }
Expand Down
4 changes: 2 additions & 2 deletions Casbin/Abstractions/Persist/IFilteredAdapter.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ public interface IFilteredAdapter
{
bool IsFiltered { get; }

void LoadFilteredPolicy(IPolicyStore store, Filter filter);
void LoadFilteredPolicy(IPolicyStore store, IPolicyFilter filter);

Task LoadFilteredPolicyAsync(IPolicyStore store, Filter filter);
Task LoadFilteredPolicyAsync(IPolicyStore store, IPolicyFilter filter);
}
}
22 changes: 22 additions & 0 deletions Casbin/Abstractions/Persist/IPersistedPolicy.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
using Casbin.Model;

namespace Casbin.Persist;

public interface IPersistantPolicy
{
public string Type { get; set; }
public string Value1 { get; set; }
public string Value2 { get; set; }
public string Value3 { get; set; }
public string Value4 { get; set; }
public string Value5 { get; set; }
public string Value6 { get; set; }
public string Value7 { get; set; }
public string Value8 { get; set; }
public string Value9 { get; set; }
public string Value10 { get; set; }
public string Value11 { get; set; }
public string Value12 { get; set; }
public IPolicyValues Values { get; }
}

13 changes: 13 additions & 0 deletions Casbin/Abstractions/Persist/IPolicyFilter.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
using System.Linq;

namespace Casbin.Persist;

public interface IPolicyFilter : IPolicyFilter<IPersistantPolicy>
{
}

public interface IPolicyFilter<T> where T : IPersistantPolicy
{
public IQueryable<T> ApplyFilter(IQueryable<T> policies);
}

0 comments on commit 8a77971

Please sign in to comment.