Skip to content

Commit

Permalink
fix: duplicated policies inside rules to add
Browse files Browse the repository at this point in the history 
Signed-off-by: Cheng JIANG <jiang.cheng@vip.163.com>
  • Loading branch information
Cheng JIANG committed Jul 15, 2020
1 parent b2d6dac commit a14ef52
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 4 deletions.
4 changes: 4 additions & 0 deletions management_api_test.go
View file
Expand Up @@ -155,9 +155,13 @@ func TestModifyPolicyAPI(t *testing.T) {
e.AddPolicy("eve", "data3", "read")

rules := [][]string{
{"jack", "data4", "read"},
{"jack", "data4", "read"},
{"jack", "data4", "read"},
{"katy", "data4", "write"},
{"leyo", "data4", "read"},
{"katy", "data4", "write"},
{"katy", "data4", "write"},
{"ham", "data4", "write"},
}

Expand Down
11 changes: 8 additions & 3 deletions model/policy.go
View file
Expand Up @@ -31,7 +31,7 @@ const (
PolicyRemove
)

var DefaultSep = ","
const DefaultSep = ","

// BuildIncrementalRoleLinks provides incremental build the role inheritance relations.
func (model Model) BuildIncrementalRoleLinks(rm rbac.RoleManager, op PolicyOp, sec string, ptype string, rules [][]string) error {
Expand Down Expand Up @@ -130,8 +130,13 @@ func (model Model) AddPolicy(sec string, ptype string, rule []string) {
// AddPolicies adds policy rules to the model.
func (model Model) AddPolicies(sec string, ptype string, rules [][]string) {
for _, rule := range rules {
hashKey := strings.Join(rule, DefaultSep)
_, ok := model[sec][ptype].PolicyMap[hashKey]
if ok {
continue
}
model[sec][ptype].Policy = append(model[sec][ptype].Policy, rule)
model[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)] = len(model[sec][ptype].Policy) - 1
model[sec][ptype].PolicyMap[hashKey] = len(model[sec][ptype].Policy) - 1
}
}

Expand Down Expand Up @@ -187,7 +192,7 @@ func (model Model) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int
if firstIndex == -1 {
firstIndex = index
}
delete(model[sec][ptype].PolicyMap, strings.Join(rule, ","))
delete(model[sec][ptype].PolicyMap, strings.Join(rule, DefaultSep))
effects = append(effects, rule)
res = true
} else {
Expand Down
2 changes: 1 addition & 1 deletion util/util.go
View file
Expand Up @@ -20,7 +20,7 @@ import (
"strings"
)

var evalReg *regexp.Regexp = regexp.MustCompile(`\beval\((?P<rule>[^),]*)\)`)
var evalReg *regexp.Regexp = regexp.MustCompile(`\beval\((?P<rule>[^)]*)\)`)

// EscapeAssertion escapes the dots in the assertion, because the expression evaluation doesn't support such variable names.
func EscapeAssertion(s string) string {
Expand Down

0 comments on commit a14ef52

Please sign in to comment.