feat: add examples and add basic model-enforcer tests.

casbin · Jun 28, 2020 · b3d64af · b3d64af
1 parent bd4e66c
commit b3d64af
Show file tree

Hide file tree

Showing 17 changed files with 752 additions and 12 deletions.
diff --git a/casbin/effect/default_effector.cpp b/casbin/effect/default_effector.cpp
@@ -33,27 +33,25 @@ DefaultEffector* DefaultEffector :: NewDefaultEffector(){
 bool DefaultEffector :: MergeEffects(string expr, vector<Effect> effects, vector<float> results) {
     bool result;
 
-    unsigned int number_of_effects = sizeof(effects) / sizeof(effects[0]);
-
     if (!expr.compare("some(where (p_eft == allow))")) {
         result = false;
-        for(unsigned int index = 0 ; index < number_of_effects ; index++){
+        for(unsigned int index = 0 ; index < effects.size() ; index++){
             if (effects[index] == Effect::Allow) {
                 result = true;
                 break;
             }
         }
     } else if (!expr.compare("!some(where (p_eft == deny))")) {
         result = true;
-        for(unsigned int index = 0 ; index < number_of_effects ; index++){
+        for(unsigned int index = 0 ; index < effects.size(); index++){
             if (effects[index] == Effect::Deny) {
                 result = false;
                 break;
             }
         }
     } else if (!expr.compare("some(where (p_eft == allow)) && !some(where (p_eft == deny))")) {
         result = false;
-        for(unsigned int index = 0 ; index < number_of_effects ; index++){
+        for(unsigned int index = 0 ; index < effects.size(); index++){
             if (effects[index] == Effect::Allow) {
                 result = true;
             } else if (effects[index] == Effect::Deny) {
@@ -63,7 +61,7 @@ bool DefaultEffector :: MergeEffects(string expr, vector<Effect> effects, vector
         }
     } else if (!expr.compare("priority(p_eft) || deny")) {
         result = false;
-        for(unsigned int index = 0 ; index < number_of_effects ; index++){
+        for(unsigned int index = 0 ; index < effects.size(); index++){
             if (effects[index] != Effect::Indeterminate) {
                 if (effects[index] == Effect::Allow) {
                     result = true;

diff --git a/casbin/model/model.cpp b/casbin/model/model.cpp
@@ -91,10 +91,10 @@ bool Model :: AddDef(string sec, string key, string value) {
         ast->tokens = Split(ast->value, ",");
         for (int i = 0; i < ast->tokens.size() ; i++)
             ast->tokens[i] = key + "_" + Trim(ast->tokens[i]);
-    } else if(sec == "e")
-        ast->value = RemoveComments(EscapeAssertion(ast->value));
-    else
+    } else if(sec == "m")
         ast->value = RemoveComments(ast->value);
+    else
+        ast->value = RemoveComments(EscapeAssertion(ast->value));
 
     if (m.find(sec) != m.end())
         m[sec] = AssertionMap();

diff --git a/casbin/persist/file_adapter/file_adapter.cpp b/casbin/persist/file_adapter/file_adapter.cpp
@@ -20,9 +20,8 @@ FileAdapter* FileAdapter :: NewAdapter(string file_path) {
 
 // LoadPolicy loads all policy rules from the storage.
 void FileAdapter :: LoadPolicy(Model* model) {
-    if (this->file_path == "") {
+    if (this->file_path == "")
         throw CasbinAdapterException("Invalid file path, file path cannot be empty");
-    }
 
     this->LoadPolicyFile(model, LoadPolicyLine);
 }

diff --git a/examples/abac_rule_model.conf b/examples/abac_rule_model.conf
@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub_rule, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = eval(p.sub_rule) && r.obj == p.obj && r.act == p.act
diff --git a/examples/abac_rule_policy.csv b/examples/abac_rule_policy.csv
@@ -0,0 +1,2 @@
+p, r.sub.Age > 18, /data1, read
+p, r.sub.Age < 60, /data2, write
diff --git a/examples/basic_model_without_spaces.conf b/examples/basic_model_without_spaces.conf
@@ -0,0 +1,11 @@
+[request_definition]
+r = sub,obj,act
+
+[policy_definition]
+p = sub,obj,act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
diff --git a/examples/comment_model.conf b/examples/comment_model.conf
@@ -0,0 +1,12 @@
+[request_definition]
+r = sub, obj, act ; Request definition
+
+[policy_definition]
+p = sub, obj, act 
+
+[policy_effect]
+e = some(where (p.eft == allow)) # This is policy effect.
+
+# Matchers
+[matchers]
+m = r.sub == p.sub && r.obj == p.obj && r.act == p.act  
diff --git a/examples/glob_model.conf b/examples/glob_model.conf
@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && globMatch(r.obj, p.obj) && r.act == p.act
diff --git a/examples/glob_policy.csv b/examples/glob_policy.csv
@@ -0,0 +1,4 @@
+p, u1, /foo/*, read
+p, u2, /foo*, read
+p, u3, /*/foo/*, read
+p, u4, *, read
diff --git a/examples/rbac_with_all_pattern_model.conf b/examples/rbac_with_all_pattern_model.conf
@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, dom, obj, act
+
+[policy_definition]
+p = sub, dom, obj, act
+
+[role_definition]
+g = _, _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && g(r.obj, p.obj, r.dom) && r.dom == p.dom && r.act == p.act 
diff --git a/examples/rbac_with_all_pattern_policy.csv b/examples/rbac_with_all_pattern_policy.csv
@@ -0,0 +1,4 @@
+p, alice, domain1, book_group, read
+p, alice, domain2, book_group, write
+
+g, /book/:id, book_group, *
diff --git a/examples/rbac_with_domain_pattern_model.conf b/examples/rbac_with_domain_pattern_model.conf
@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, dom, obj, act
+
+[policy_definition]
+p = sub, dom, obj, act
+
+[role_definition]
+g = _, _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act 
diff --git a/examples/rbac_with_domain_pattern_policy.csv b/examples/rbac_with_domain_pattern_policy.csv
@@ -0,0 +1,7 @@
+p, admin, domain1, data1, read
+p, admin, domain1, data1, write
+p, admin, domain2, data2, read
+p, admin, domain2, data2, write
+
+g, alice, admin, *
+g, bob, admin, domain2
diff --git a/examples/rbac_with_pattern_policy.csv b/examples/rbac_with_pattern_policy.csv
@@ -6,10 +6,11 @@ p, pen_admin, pen_group, GET
 g, alice, book_admin
 g, bob, pen_admin
 
-g, /book/*, book_group
 g, cathy, /book/1/2/3/4/5
 g, cathy, pen_admin
 
+g2, /book/*, book_group
+
 g2, /book/:id, book_group
 g2, /pen/:id, pen_group
 

diff --git a/test/test.vcxproj b/test/test.vcxproj
@@ -168,6 +168,7 @@
     <ClCompile Include="test_built_in_functions.cpp" />
     <ClCompile Include="test_config.cpp" />
     <ClCompile Include="test_model.cpp" />
+    <ClCompile Include="test_model_enforcer.cpp" />
     <ClCompile Include="test_role_manager.cpp" />
     <ClCompile Include="test_util.cpp" />
   </ItemGroup>

diff --git a/test/test.vcxproj.filters b/test/test.vcxproj.filters
@@ -33,6 +33,9 @@
     <ClCompile Include="test_role_manager.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="test_model_enforcer.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="pch.h">