feat: support map in ABAC (#1341)

casbin · Nov 22, 2023 · 4d1349a · 4d1349a · github-actions · Nov 22, 2023
1 parent 17becae
commit 4d1349a
Show file tree

Hide file tree

Showing 10 changed files with 32 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -116,7 +116,7 @@ m = r.obj == p.obj && r.act == p.act || r.obj in ('data2', 'data3')
 
 But you **SHOULD** make sure that the length of the array is **MORE** than **1**, otherwise there will cause it to panic.
 
-For more operators, you may take a look at [govaluate](https://github.com/Knetic/govaluate)
+For more operators, you may take a look at [govaluate](https://github.com/casbin/govaluate)
 
 ## Features
 

diff --git a/enforcer.go b/enforcer.go
@@ -31,7 +31,7 @@ import (
 	defaultrolemanager "github.com/casbin/casbin/v2/rbac/default-role-manager"
 	"github.com/casbin/casbin/v2/util"
 
-	"github.com/Knetic/govaluate"
+	"github.com/casbin/govaluate"
 	"github.com/tidwall/gjson"
 )
 

diff --git a/enforcer_interface.go b/enforcer_interface.go
@@ -15,11 +15,11 @@
 package casbin
 
 import (
-	"github.com/Knetic/govaluate"
 	"github.com/casbin/casbin/v2/effector"
 	"github.com/casbin/casbin/v2/model"
 	"github.com/casbin/casbin/v2/persist"
 	"github.com/casbin/casbin/v2/rbac"
+	"github.com/casbin/govaluate"
 )
 
 var _ IEnforcer = &Enforcer{}

diff --git a/enforcer_synced.go b/enforcer_synced.go
@@ -19,7 +19,7 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/Knetic/govaluate"
+	"github.com/casbin/govaluate"
 
 	"github.com/casbin/casbin/v2/persist"
 	"github.com/casbin/casbin/v2/rbac"

diff --git a/go.mod b/go.mod
@@ -1,7 +1,7 @@
 module github.com/casbin/casbin/v2
 
 require (
-	github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible
+	github.com/casbin/govaluate v1.1.0
 	github.com/golang/mock v1.4.4
 	github.com/tidwall/gjson v1.14.4
 )

diff --git a/go.sum b/go.sum
@@ -1,5 +1,5 @@
-github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible h1:1G1pk05UrOh0NlF1oeaaix1x8XzrfjIDK47TY0Zehcw=
-github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
+github.com/casbin/govaluate v1.1.0 h1:6xdCWIpE9CwHdZhlVQW+froUrCsjb6/ZYNcXODfLT+E=
+github.com/casbin/govaluate v1.1.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM=

diff --git a/management_api.go b/management_api.go
@@ -19,8 +19,8 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/Knetic/govaluate"
 	"github.com/casbin/casbin/v2/util"
+	"github.com/casbin/govaluate"
 )
 
 // GetAllSubjects gets the list of subjects that show up in the current policy.

diff --git a/model/function.go b/model/function.go
@@ -17,8 +17,8 @@ package model
 import (
 	"sync"
 
-	"github.com/Knetic/govaluate"
 	"github.com/casbin/casbin/v2/util"
+	"github.com/casbin/govaluate"
 )
 
 // FunctionMap represents the collection of Function.

diff --git a/model_test.go b/model_test.go
@@ -452,6 +452,28 @@ func TestABACModel(t *testing.T) {
 	testEnforce(t, e, "bob", data2, "write", true)
 }
 
+func TestABACMapRequest(t *testing.T) {
+	e, _ := NewEnforcer("examples/abac_model.conf")
+
+	data1 := map[string]interface{}{
+		"Name":  "data1",
+		"Owner": "alice",
+	}
+	data2 := map[string]interface{}{
+		"Name":  "data2",
+		"Owner": "bob",
+	}
+
+	testEnforce(t, e, "alice", data1, "read", true)
+	testEnforce(t, e, "alice", data1, "write", true)
+	testEnforce(t, e, "alice", data2, "read", false)
+	testEnforce(t, e, "alice", data2, "write", false)
+	testEnforce(t, e, "bob", data1, "read", false)
+	testEnforce(t, e, "bob", data1, "write", false)
+	testEnforce(t, e, "bob", data2, "read", true)
+	testEnforce(t, e, "bob", data2, "write", true)
+}
+
 func TestABACJsonRequest(t *testing.T) {
 	e, _ := NewEnforcer("examples/abac_model.conf")
 	e.EnableAcceptJsonRequest(true)

diff --git a/util/builtin_operators.go b/util/builtin_operators.go
@@ -26,7 +26,7 @@ import (
 
 	"github.com/casbin/casbin/v2/rbac"
 
-	"github.com/Knetic/govaluate"
+	"github.com/casbin/govaluate"
 )
 
 var (
Benchmark suite	Current: `4d1349a`	Previous: `17becae`	Ratio
`BenchmarkCachedRaw - ns/op`	`17.55` ns/op	`20.63` ns/op	`0.85`
`BenchmarkCachedRaw - B/op`	`0` B/op	`0` B/op	`NaN`
`BenchmarkCachedRaw - allocs/op`	`0` allocs/op	`0` allocs/op	`NaN`
`BenchmarkCachedBasicModel - ns/op`	`165.3` ns/op	`236.9` ns/op	`0.70`
`BenchmarkCachedBasicModel - B/op`	`104` B/op	`104` B/op	`1`
`BenchmarkCachedBasicModel - allocs/op`	`4` allocs/op	`4` allocs/op	`1`
`BenchmarkCachedRBACModel - ns/op`	`168.9` ns/op	`250.4` ns/op	`0.67`
`BenchmarkCachedRBACModel - B/op`	`104` B/op	`104` B/op	`1`
`BenchmarkCachedRBACModel - allocs/op`	`4` allocs/op	`4` allocs/op	`1`
`BenchmarkCachedRBACModelSmall - ns/op`	`177.5` ns/op	`262.2` ns/op	`0.68`
`BenchmarkCachedRBACModelSmall - B/op`	`104` B/op	`104` B/op	`1`
`BenchmarkCachedRBACModelSmall - allocs/op`	`4` allocs/op	`4` allocs/op	`1`
`BenchmarkCachedRBACModelMedium - ns/op`	`179.7` ns/op	`263.8` ns/op	`0.68`
`BenchmarkCachedRBACModelMedium - B/op`	`104` B/op	`104` B/op	`1`
`BenchmarkCachedRBACModelMedium - allocs/op`	`4` allocs/op	`4` allocs/op	`1`
`BenchmarkCachedRBACModelLarge - ns/op`	`156.6` ns/op	`244.6` ns/op	`0.64`
`BenchmarkCachedRBACModelLarge - B/op`	`96` B/op	`96` B/op	`1`
`BenchmarkCachedRBACModelLarge - allocs/op`	`3` allocs/op	`3` allocs/op	`1`
`BenchmarkCachedRBACModelWithResourceRoles - ns/op`	`167.3` ns/op	`248` ns/op	`0.67`
`BenchmarkCachedRBACModelWithResourceRoles - B/op`	`104` B/op	`104` B/op	`1`
`BenchmarkCachedRBACModelWithResourceRoles - allocs/op`	`4` allocs/op	`4` allocs/op	`1`
`BenchmarkCachedRBACModelWithDomains - ns/op`	`179.6` ns/op	`284.5` ns/op	`0.63`
`BenchmarkCachedRBACModelWithDomains - B/op`	`120` B/op	`120` B/op	`1`
`BenchmarkCachedRBACModelWithDomains - allocs/op`	`4` allocs/op	`4` allocs/op	`1`
`BenchmarkCachedABACModel - ns/op`	`3048` ns/op	`3971` ns/op	`0.77`
`BenchmarkCachedABACModel - B/op`	`1544` B/op	`1520` B/op	`1.02`
`BenchmarkCachedABACModel - allocs/op`	`18` allocs/op	`18` allocs/op	`1`
`BenchmarkCachedKeyMatchModel - ns/op`	`183.9` ns/op	`270.9` ns/op	`0.68`
`BenchmarkCachedKeyMatchModel - B/op`	`152` B/op	`152` B/op	`1`
`BenchmarkCachedKeyMatchModel - allocs/op`	`4` allocs/op	`4` allocs/op	`1`
`BenchmarkCachedRBACModelWithDeny - ns/op`	`168.2` ns/op	`249.5` ns/op	`0.67`
`BenchmarkCachedRBACModelWithDeny - B/op`	`104` B/op	`104` B/op	`1`
`BenchmarkCachedRBACModelWithDeny - allocs/op`	`4` allocs/op	`4` allocs/op	`1`
`BenchmarkCachedPriorityModel - ns/op`	`170.7` ns/op	`259.1` ns/op	`0.66`
`BenchmarkCachedPriorityModel - B/op`	`104` B/op	`104` B/op	`1`
`BenchmarkCachedPriorityModel - allocs/op`	`4` allocs/op	`4` allocs/op	`1`
`BenchmarkCachedWithEnforceContext - ns/op`	`312.8` ns/op	`472` ns/op	`0.66`
`BenchmarkCachedWithEnforceContext - B/op`	`240` B/op	`240` B/op	`1`
`BenchmarkCachedWithEnforceContext - allocs/op`	`5` allocs/op	`5` allocs/op	`1`
`BenchmarkCachedRBACModelMediumParallel - ns/op`	`123.9` ns/op	`219.5` ns/op	`0.56`
`BenchmarkCachedRBACModelMediumParallel - B/op`	`105` B/op	`105` B/op	`1`
`BenchmarkCachedRBACModelMediumParallel - allocs/op`	`4` allocs/op	`4` allocs/op	`1`
`BenchmarkHasPolicySmall - ns/op`	`460.3` ns/op	`743.1` ns/op	`0.62`
`BenchmarkHasPolicySmall - B/op`	`150` B/op	`150` B/op	`1`
`BenchmarkHasPolicySmall - allocs/op`	`6` allocs/op	`6` allocs/op	`1`
`BenchmarkHasPolicyMedium - ns/op`	`499.7` ns/op	`759.1` ns/op	`0.66`
`BenchmarkHasPolicyMedium - B/op`	`157` B/op	`157` B/op	`1`
`BenchmarkHasPolicyMedium - allocs/op`	`6` allocs/op	`6` allocs/op	`1`
`BenchmarkHasPolicyLarge - ns/op`	`509.3` ns/op	`852.5` ns/op	`0.60`
`BenchmarkHasPolicyLarge - B/op`	`165` B/op	`165` B/op	`1`
`BenchmarkHasPolicyLarge - allocs/op`	`7` allocs/op	`7` allocs/op	`1`
`BenchmarkAddPolicySmall - ns/op`	`467.3` ns/op	`748.8` ns/op	`0.62`
`BenchmarkAddPolicySmall - B/op`	`152` B/op	`152` B/op	`1`
`BenchmarkAddPolicySmall - allocs/op`	`6` allocs/op	`6` allocs/op	`1`
`BenchmarkAddPolicyMedium - ns/op`	`627.4` ns/op	`1049` ns/op	`0.60`
`BenchmarkAddPolicyMedium - B/op`	`173` B/op	`182` B/op	`0.95`
`BenchmarkAddPolicyMedium - allocs/op`	`7` allocs/op	`7` allocs/op	`1`
`BenchmarkAddPolicyLarge - ns/op`	`1278` ns/op	`1653` ns/op	`0.77`
`BenchmarkAddPolicyLarge - B/op`	`473` B/op	`423` B/op	`1.12`
`BenchmarkAddPolicyLarge - allocs/op`	`9` allocs/op	`9` allocs/op	`1`
`BenchmarkRemovePolicySmall - ns/op`	`481.4` ns/op	`743.5` ns/op	`0.65`
`BenchmarkRemovePolicySmall - B/op`	`166` B/op	`166` B/op	`1`
`BenchmarkRemovePolicySmall - allocs/op`	`7` allocs/op	`7` allocs/op	`1`
`BenchmarkRemovePolicyMedium - ns/op`	`537.3` ns/op	`876` ns/op	`0.61`
`BenchmarkRemovePolicyMedium - B/op`	`176` B/op	`178` B/op	`0.99`
`BenchmarkRemovePolicyMedium - allocs/op`	`7` allocs/op	`7` allocs/op	`1`
`BenchmarkRemovePolicyLarge - ns/op`	`1243` ns/op	`1976` ns/op	`0.63`
`BenchmarkRemovePolicyLarge - B/op`	`289` B/op	`291` B/op	`0.99`
`BenchmarkRemovePolicyLarge - allocs/op`	`13` allocs/op	`13` allocs/op	`1`
`BenchmarkRaw - ns/op`	`17.53` ns/op	`20.59` ns/op	`0.85`
`BenchmarkRaw - B/op`	`0` B/op	`0` B/op	`NaN`
`BenchmarkRaw - allocs/op`	`0` allocs/op	`0` allocs/op	`NaN`
`BenchmarkBasicModel - ns/op`	`3706` ns/op	`4872` ns/op	`0.76`
`BenchmarkBasicModel - B/op`	`1510` B/op	`1489` B/op	`1.01`
`BenchmarkBasicModel - allocs/op`	`17` allocs/op	`17` allocs/op	`1`
`BenchmarkRBACModel - ns/op`	`5613` ns/op	`7256` ns/op	`0.77`
`BenchmarkRBACModel - B/op`	`2070` B/op	`2034` B/op	`1.02`
`BenchmarkRBACModel - allocs/op`	`35` allocs/op	`35` allocs/op	`1`
`BenchmarkRBACModelSizes/small - ns/op`	`49082` ns/op	`68988` ns/op	`0.71`
`BenchmarkRBACModelSizes/small - B/op`	`20214` B/op	`19976` B/op	`1.01`
`BenchmarkRBACModelSizes/small - allocs/op`	`480` allocs/op	`480` allocs/op	`1`
`BenchmarkRBACModelSizes/medium - ns/op`	`516834` ns/op	`811189` ns/op	`0.64`
`BenchmarkRBACModelSizes/medium - B/op`	`191758` B/op	`191283` B/op	`1.00`
`BenchmarkRBACModelSizes/medium - allocs/op`	`4830` allocs/op	`4828` allocs/op	`1.00`
`BenchmarkRBACModelSizes/large - ns/op`	`5709390` ns/op	`9028181` ns/op	`0.63`
`BenchmarkRBACModelSizes/large - B/op`	`1899742` B/op	`1903188` B/op	`1.00`
`BenchmarkRBACModelSizes/large - allocs/op`	`48170` allocs/op	`48274` allocs/op	`1.00`
`BenchmarkRBACModelSmall - ns/op`	`61393` ns/op	`81659` ns/op	`0.75`
`BenchmarkRBACModelSmall - B/op`	`20339` B/op	`20044` B/op	`1.01`
`BenchmarkRBACModelSmall - allocs/op`	`615` allocs/op	`615` allocs/op	`1`
`BenchmarkRBACModelMedium - ns/op`	`579667` ns/op	`815797` ns/op	`0.71`
`BenchmarkRBACModelMedium - B/op`	`194721` B/op	`194452` B/op	`1.00`
`BenchmarkRBACModelMedium - allocs/op`	`6021` allocs/op	`6023` allocs/op	`1.00`
`BenchmarkRBACModelLarge - ns/op`	`6169723` ns/op	`9981906` ns/op	`0.62`
`BenchmarkRBACModelLarge - B/op`	`1941098` B/op	`1951923` B/op	`0.99`
`BenchmarkRBACModelLarge - allocs/op`	`60621` allocs/op	`61076` allocs/op	`0.99`
`BenchmarkRBACModelWithResourceRoles - ns/op`	`4716` ns/op	`6110` ns/op	`0.77`
`BenchmarkRBACModelWithResourceRoles - B/op`	`1847` B/op	`1820` B/op	`1.01`
`BenchmarkRBACModelWithResourceRoles - allocs/op`	`27` allocs/op	`27` allocs/op	`1`
`BenchmarkRBACModelWithDomains - ns/op`	`5296` ns/op	`6915` ns/op	`0.77`
`BenchmarkRBACModelWithDomains - B/op`	`1828` B/op	`1805` B/op	`1.01`
`BenchmarkRBACModelWithDomains - allocs/op`	`25` allocs/op	`25` allocs/op	`1`
`BenchmarkABACModel - ns/op`	`2876` ns/op	`3716` ns/op	`0.77`
`BenchmarkABACModel - B/op`	`1536` B/op	`1512` B/op	`1.02`
`BenchmarkABACModel - allocs/op`	`17` allocs/op	`17` allocs/op	`1`
`BenchmarkABACRuleModel - ns/op`	`3977634` ns/op	`5064636` ns/op	`0.79`
`BenchmarkABACRuleModel - B/op`	`1327819` B/op	`1303104` B/op	`1.02`
`BenchmarkABACRuleModel - allocs/op`	`40092` allocs/op	`40088` allocs/op	`1.00`
`BenchmarkKeyMatchModel - ns/op`	`6287` ns/op	`8119` ns/op	`0.77`
`BenchmarkKeyMatchModel - B/op`	`3072` B/op	`3021` B/op	`1.02`
`BenchmarkKeyMatchModel - allocs/op`	`37` allocs/op	`37` allocs/op	`1`
`BenchmarkRBACModelWithDeny - ns/op`	`7103` ns/op	`9458` ns/op	`0.75`
`BenchmarkRBACModelWithDeny - B/op`	`2484` B/op	`2444` B/op	`1.02`
`BenchmarkRBACModelWithDeny - allocs/op`	`49` allocs/op	`49` allocs/op	`1`
`BenchmarkPriorityModel - ns/op`	`4310` ns/op	`5611` ns/op	`0.77`
`BenchmarkPriorityModel - B/op`	`1765` B/op	`1738` B/op	`1.02`
`BenchmarkPriorityModel - allocs/op`	`22` allocs/op	`22` allocs/op	`1`
`BenchmarkRBACModelWithDomainPatternLarge - ns/op`	`24622` ns/op	`32155` ns/op	`0.77`
`BenchmarkRBACModelWithDomainPatternLarge - B/op`	`16756` B/op	`16607` B/op	`1.01`
`BenchmarkRBACModelWithDomainPatternLarge - allocs/op`	`164` allocs/op	`164` allocs/op	`1`
`BenchmarkRoleManagerSmall - ns/op`	`70429` ns/op	`103921` ns/op	`0.68`
`BenchmarkRoleManagerSmall - B/op`	`11955` B/op	`11953` B/op	`1.00`
`BenchmarkRoleManagerSmall - allocs/op`	`797` allocs/op	`797` allocs/op	`1`
`BenchmarkRoleManagerMedium - ns/op`	`755138` ns/op	`1078905` ns/op	`0.70`
`BenchmarkRoleManagerMedium - B/op`	`125915` B/op	`125908` B/op	`1.00`
`BenchmarkRoleManagerMedium - allocs/op`	`8741` allocs/op	`8741` allocs/op	`1`
`BenchmarkRoleManagerLarge - ns/op`	`9329911` ns/op	`14234567` ns/op	`0.66`
`BenchmarkRoleManagerLarge - B/op`	`1349925` B/op	`1349916` B/op	`1.00`
`BenchmarkRoleManagerLarge - allocs/op`	`89741` allocs/op	`89741` allocs/op	`1`
`BenchmarkBuildRoleLinksWithPatternLarge - ns/op`	`6212283114` ns/op	`8272593298` ns/op	`0.75`
`BenchmarkBuildRoleLinksWithPatternLarge - B/op`	`5348304072` B/op	`5286619240` B/op	`1.01`
`BenchmarkBuildRoleLinksWithPatternLarge - allocs/op`	`60949962` allocs/op	`60936912` allocs/op	`1.00`
`BenchmarkBuildRoleLinksWithDomainPatternLarge - ns/op`	`169952935` ns/op	`228995351` ns/op	`0.74`
`BenchmarkBuildRoleLinksWithDomainPatternLarge - B/op`	`141455876` B/op	`139829358` B/op	`1.01`
`BenchmarkBuildRoleLinksWithDomainPatternLarge - allocs/op`	`1676533` allocs/op	`1676195` allocs/op	`1.00`
`BenchmarkBuildRoleLinksWithPatternAndDomainPatternLarge - ns/op`	`6435645526` ns/op	`9100464673` ns/op	`0.71`
`BenchmarkBuildRoleLinksWithPatternAndDomainPatternLarge - B/op`	`5483027224` B/op	`5423310544` B/op	`1.01`
`BenchmarkBuildRoleLinksWithPatternAndDomainPatternLarge - allocs/op`	`62559972` allocs/op	`62547182` allocs/op	`1.00`
`BenchmarkHasLinkWithPatternLarge - ns/op`	`10668` ns/op	`14292` ns/op	`0.75`
`BenchmarkHasLinkWithPatternLarge - B/op`	`7603` B/op	`7538` B/op	`1.01`
`BenchmarkHasLinkWithPatternLarge - allocs/op`	`111` allocs/op	`111` allocs/op	`1`
`BenchmarkHasLinkWithDomainPatternLarge - ns/op`	`497.3` ns/op	`744.5` ns/op	`0.67`
`BenchmarkHasLinkWithDomainPatternLarge - B/op`	`80` B/op	`80` B/op	`1`
`BenchmarkHasLinkWithDomainPatternLarge - allocs/op`	`5` allocs/op	`5` allocs/op	`1`
`BenchmarkHasLinkWithPatternAndDomainPatternLarge - ns/op`	`10322` ns/op	`14261` ns/op	`0.72`
`BenchmarkHasLinkWithPatternAndDomainPatternLarge - B/op`	`7612` B/op	`7536` B/op	`1.01`
`BenchmarkHasLinkWithPatternAndDomainPatternLarge - allocs/op`	`111` allocs/op	`111` allocs/op	`1`