New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Support pattern function in 3rd args of g #475
feat: Support pattern function in 3rd args of g #475
Conversation
Looks like there are still some problems, I will fix it immediately |
@dovics I think |
It may be that I am not expressing clearly enough, what I mean here is that we can use pattern in policy.domain,Otherwise the user needs to write
This is just an incidental feature, If we don't need it, we only need to make r.dom == p.dom The |
0f4845b
to
62c1c17
Compare
@dovics Can we only use the |
@dovics OK. I understood it now. But how to know which is |
@hsluoyz the matcher is
The data in memory is like this
The key to being able to write like this is |
I'm not sure if we will need:
because normally different The importance is to make:
AND
works. Currently if we use pattern the domain and user/obj are mixed, normally we have 3 cases: 1. pure domain pattern
2. user/obj pattern (already supported)
3. domain + user/obj pattern
To solve 2, we let To solve 1, I believe we can still do everything in
is this right? About 3, I don't have an idea yet |
@GopherJ I think you are right. Let me first state my implementation. If call
but I just need one matchFunc, and It is easy to support case 3, I added a new function to support it.
Do you really think we have to deal with it in In addition, I removed the part about |
@dovics Because our previous design can't meet the current feature, so you don't have to follow the current design. |
Since I'm afraid of having bad bench on pattern(because we always need to iterate over all). I'm thinking if we can change all_roles' structure. The idea is to stop using The advantage here is:
we do first do you think it may work? |
I'm worried about that, too. Your idea looks good. |
@GopherJ I think It's a good idea, but I still have a little question
if we create the matched domain first, and then create pattern domain, we couldn't clone the pattern domain's graph to matched domain, so we still need create the pattern domain first, and then merge the two graph to matched domain. so I think the general step of
If I'm missing something, please point it out |
I think |
@dovics I have been exploring my solution for a while but I didn't succeed to find a simple way to merge two graphs. simple and efficient. My requirement is:
I don't want to call any
I don't need to do any cleanup. |
@GopherJ I don't see a good enough way either, but I think we could use the worst way to add link one by one to the new graph, which is still more efficient than this implementation. I'm going to implement the current idea what you say now, and then take longer to think of a good enough solution |
f9d9b93
to
d1b6a0c
Compare
d1b6a0c
to
c40e8e5
Compare
@GopherJ I'm basically done what I understand, but I don’t know if it is far from your expectations, please give me some suggestions. |
7d8f470
to
0a70de8
Compare
🎉 This PR is included in version 2.7.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
@dovics @nodece please update this exciting change to our docs: https://casbin.org/docs/en/rbac#use-pattern-matching-in-rbac |
@hsluoyz I have a PR for the feature here: casbin/casbin-website#102 |
@nodece awesome! |
This commit not only supports pattern function in 3rd args of g, but also can be used in policy, such as