ci: add KeyMatch to RBAC inheritance (#343)

Co-authored-by: ‘dizzzy’ <‘dizzyd969@gmail.com’>
casbin · Jun 7, 2023 · 4092936 · 4092936
1 parent 98432aa
commit 4092936
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 1 deletion.
diff --git a/examples/keymatch_with_rbac_in_domain.conf b/examples/keymatch_with_rbac_in_domain.conf
@@ -0,0 +1,15 @@
+[request_definition]
+r = sub, dom, obj, act
+
+[policy_definition]
+p = sub, dom, obj, act
+
+[role_definition]
+g = _, _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+#RBAC
+m = g(r.sub, p.sub, r.dom) && keyMatch(r.dom, p.dom) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
diff --git a/examples/keymatch_with_rbac_in_domain.csv b/examples/keymatch_with_rbac_in_domain.csv
@@ -0,0 +1,8 @@
+g,can_manage,can_use,*
+
+#engine
+p,can_manage,engines/*,*,(pause)|(resume)
+p,can_use,engines/*,*,(attach)|(detach)
+
+
+g,Username==test2,can_manage,engines/engine1
diff --git a/src/main/java/org/casbin/jcasbin/main/CoreEnforcer.java b/src/main/java/org/casbin/jcasbin/main/CoreEnforcer.java
@@ -350,11 +350,22 @@ private void initRmMap() {
             if (rmMap.containsKey(ptype)) {
                 rmMap.get(ptype).clear();
             } else {
-                rmMap.put(ptype, new DomainManager(10));
+                addOrUpdateDomainManagerMatching(ptype);
             }
         }
     }
 
+    /**
+     * add or update the DomainManager object in rmMap and associate it with a specific domain matching function
+     */
+    private void addOrUpdateDomainManagerMatching(String ptype) {
+        rmMap.put(ptype, new DomainManager(10));
+        String matchFun = "keyMatch(r_dom, p_dom)";
+        if (model.model.get("m").get("m").value.contains(matchFun)) {
+            addNamedDomainMatchingFunc(ptype, "g", BuiltInFunctions::keyMatch);
+        }
+    }
+
     private void initBuiltInFunction() {
         for (Map.Entry<String, AviatorFunction> entry : fm.fm.entrySet()) {
             AviatorFunction function = entry.getValue();

diff --git a/src/test/java/org/casbin/jcasbin/main/EnforcerUnitTest.java b/src/test/java/org/casbin/jcasbin/main/EnforcerUnitTest.java
@@ -221,6 +221,11 @@ public void testNotUsedRBACModelInMemory() {
         testEnforce(e, "bob", "data2", "write", true);
     }
 
+    @Test
+    public void testRBACModelInDomain(){
+        Enforcer e = new Enforcer("examples/keymatch_with_rbac_in_domain.conf","examples/keymatch_with_rbac_in_domain.csv");
+        testDomainEnforce(e,"Username==test2","engines/engine1","*","attach",true);
+    }
     @Test
     public void testInOp() {
         Enforcer e = new Enforcer("examples/in_op_sytanx.conf", "examples/in_op_sytanx.csv");