Merge 6adf0e0 into ba9c988

examples/basic_keyget2_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj
+
+[policy_definition]
+p = sub, obj
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = keyGet2(r.obj, p.obj, 'id')

examples/basic_keyget2_policy.csv

@@ -0,0 +1 @@
+p, alice, /data/:id

src/coreEnforcer.ts

@@ -465,8 +465,15 @@ export class CoreEnforcer {
               eftRes = result;
             }
             break;
+          case 'string':
+            if (result === '') {
+              eftRes = Effect.Indeterminate;
+            } else {
+              eftRes = Effect.Allow;
+            }
+            break;
           default:
-            throw new Error('matcher result should be boolean or number');
+            throw new Error('matcher result should only be of type boolean, number, or string');
         }
 
         const eft = parameters['p_eft'];

src/enforcer.ts

@@ -408,6 +408,30 @@ export class Enforcer extends ManagementEnforcer {
     return Array.from(res);
   }
 
+  /**
+   * getRolesForUserInDomain gets the roles that a user has inside a domain
+   * An alias for getRolesForUser with the domain params.
+   *
+   * @param name the user.
+   * @param domain the domain.
+   * @return the roles that the user has.
+   */
+  public async getRolesForUserInDomain(name: string, domain: string): Promise<string[]> {
+    return this.getRolesForUser(name, domain);
+  }
+
+  /**
+   * getUsersForRoleInFomain gets the users that has a role inside a domain
+   * An alias for getUsesForRole with the domain params.
+   *
+   * @param name the role.
+   * @param domain the domain.
+   * @return the users that has the role.
+   */
+  public async getUsersForRoleInDomain(name: string, domain: string): Promise<string[]> {
+    return this.getUsersForRole(name, domain);
+  }
+
   /**
    * getImplicitUsersForPermission gets implicit users for a permission.
    * For example:

src/model/functionMap.ts

@@ -37,6 +37,7 @@ export class FunctionMap {
     fm.addFunction('keyGet2', util.keyGet2Func);
     fm.addFunction('keyMatch3', util.keyMatch3Func);
     fm.addFunction('keyMatch4', util.keyMatch4Func);
+    fm.addFunction('keyMatch5', util.keyMatch5Func);
     fm.addFunction('regexMatch', util.regexMatchFunc);
     fm.addFunction('ipMatch', util.ipMatchFunc);
     fm.addFunction('globMatch', util.globMatch);

src/util/builtinOperators.ts

@@ -233,6 +233,26 @@ function keyMatch4Func(...args: any[]): boolean {
   return keyMatch4(name1, name2);
 }
 
+// KeyMatch determines whether key1 matches the pattern of key2 and ignores the parameters in key2.
+// For example, "/foo/bar?status=1&type=2" matches "/foo/bar"
+function KeyMatch5(key1: string, key2: string): boolean {
+  const i: number = key1.indexOf('?');
+  if (i === -1) {
+    return key1 === key2;
+  }
+
+  return key1.slice(0, i) === key2;
+}
+
+// keyMatch5Func is the wrapper for KeyMatch5.
+function keyMatch5Func(...args: any[]): boolean {
+  const [arg0, arg1] = args;
+  const name1: string = (arg0 || '').toString();
+  const name2: string = (arg1 || '').toString();
+
+  return KeyMatch5(name1, name2);
+}
+
 // regexMatchFunc is the wrapper for regexMatch.
 function regexMatchFunc(...args: any[]): boolean {
   const [arg0, arg1] = args;
@@ -332,5 +352,6 @@ export {
   ipMatchFunc,
   generateGFunction,
   keyMatch4Func,
+  keyMatch5Func,
   globMatch,
 };

test/rbacwDomainAPI.test.ts

@@ -0,0 +1,32 @@
+// Copyright 2019 The Casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import { newEnforcer } from '../src';
+import { getEnforcerWithPath } from './utils';
+
+test('test getRolesForUserInDomain', async () => {
+  const e = await getEnforcerWithPath('examples/rbac_with_domains_model.conf', 'examples/rbac_with_domains_policy.csv');
+  expect(await e.getRolesForUserInDomain('alice', 'domain1')).toEqual(['admin']);
+  expect(await e.getRolesForUserInDomain('alice', 'domain2')).toEqual([]);
+  expect(await e.getRolesForUserInDomain('bob', 'domain1')).toEqual([]);
+  expect(await e.getRolesForUserInDomain('bob', 'domain2')).toEqual(['admin']);
+});
+
+test('test getUsersForRoleInDomain', async () => {
+  const e = await getEnforcerWithPath('examples/rbac_with_domains_model.conf', 'examples/rbac_with_domains_policy.csv');
+  expect(await e.getUsersForRoleInDomain('admin', 'domain1')).toEqual(['alice']);
+  expect(await e.getUsersForRoleInDomain('admin', 'domain2')).toEqual(['bob']);
+  expect(await e.getUsersForRoleInDomain('superadmin', 'domain1')).toEqual([]);
+  expect(await e.getUsersForRoleInDomain('superadmin', 'domain2')).toEqual([]);
+});

test/util.test.ts

@@ -92,6 +92,15 @@ test('test keyMatch4Func', () => {
   expect(util.keyMatch4Func('/parent/123/child/456', '/parent/{id}/child/{id}/book/{id}')).toEqual(false);
 });
 
+test('test keyMatch5Func', () => {
+  expect(util.keyMatch5Func('/parent/child?status=1&type=2', '/parent/child')).toEqual(true);
+  expect(util.keyMatch5Func('/parent?status=1&type=2', '/parent/child')).toEqual(false);
+
+  expect(util.keyMatch5Func('/parent/child/?status=1&type=2', '/parent/child/')).toEqual(true);
+  expect(util.keyMatch5Func('/parent/child/?status=1&type=2', '/parent/child')).toEqual(false);
+  expect(util.keyMatch5Func('/parent/child?status=1&type=2', '/parent/child/')).toEqual(false);
+});
+
 test('test ipMatchFunc', () => {
   expect(util.ipMatchFunc('::1', '::0:1')).toEqual(true);
   expect(util.ipMatchFunc('192.168.1.1', '192.168.1.1')).toEqual(true);