feat: Better support tokens with substring relation and use two more …

…complex test cases (casbin#319) * fix: err filter logic Signed-off-by: sagilio <sagilio@outlook.com> * docs: updated broken links and formatting (casbin#305) * docs: updated broken links * docs: formatting * Update README.md Co-authored-by: hsluoyz <hsluoyz@qq.com> * feat: Support tokens with substring relation Signed-off-by: Yuan <2912363476@qq.com> * feat: Support tokens with substring relation Signed-off-by: Yuan <2912363476@qq.com> * feat: Support tokens with substring relation Signed-off-by: Tan <2912363476@qq.com> * fix: Fixed an invalid test case Signed-off-by: Tan <2912363476@qq.com> --------- Signed-off-by: sagilio <sagilio@outlook.com> Signed-off-by: Yuan <2912363476@qq.com> Signed-off-by: Tan <2912363476@qq.com> Co-authored-by: sagilio <sagilio@outlook.com> Co-authored-by: r4wand <26229485+r4wand@users.noreply.github.com> Co-authored-by: hsluoyz <hsluoyz@qq.com>
dacongda · Jun 13, 2023 · 520bb17 · 520bb17
1 parent fe9c386
commit 520bb17
Show file tree

Hide file tree

Showing 8 changed files with 123 additions and 12 deletions.
diff --git a/Casbin.UnitTests/Casbin.UnitTests.csproj b/Casbin.UnitTests/Casbin.UnitTests.csproj
@@ -13,8 +13,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.1.0"/>
-    <PackageReference Include="xunit" Version="2.4.1"/>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.1.0" />
+    <PackageReference Include="xunit" Version="2.4.1" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
@@ -26,7 +26,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <ProjectReference Include="..\Casbin\Casbin.csproj"/>
+    <ProjectReference Include="..\Casbin\Casbin.csproj" />
   </ItemGroup>
 
   <ItemGroup>
@@ -207,6 +207,18 @@
     <None Update="Examples\rbac_comment.conf">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
+    <None Update="examples\tokens_with_substring_relation_rbac.csv">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="examples\tokens_with_substring_relation_rbac.conf">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="examples\tokens_with_substring_relation_abac.csv">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="examples\tokens_with_substring_relation_abac.conf">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
     <None Update="examples\comma_quotations_model.conf">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
@@ -216,7 +228,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <Folder Include="Mock\"/>
+    <Folder Include="Mock\" />
   </ItemGroup>
 
 </Project>
diff --git a/Casbin.UnitTests/Fixtures/TestModelFixture.cs b/Casbin.UnitTests/Fixtures/TestModelFixture.cs
@@ -88,6 +88,12 @@ public class TestModelFixture
     // https://github.com/casbin/Casbin.NET/issues/229
     internal readonly string _supportCountModelText = ReadTestFile("support_count_model.conf");
 
+    // https://github.com/casbin/Casbin.NET/issues/308
+    internal readonly string _RbacTokensWithSubstringRelationModelText = ReadTestFile("tokens_with_substring_relation_rbac.conf");
+    internal readonly string _RbacTokensWithSubstringRelationPolicyText = ReadTestFile("tokens_with_substring_relation_rbac.csv");
+    internal readonly string _AbacTokensWithSubstringRelationModelText = ReadTestFile("tokens_with_substring_relation_abac.conf");
+    internal readonly string _AbacTokensWithSubstringRelationPolicyText = ReadTestFile("tokens_with_substring_relation_abac.csv");
+
     public IModel GetNewAbacModel() => GetNewTestModel(_abacModelText);
 
     public IModel GetNewAbacWithEvalModel() => GetNewTestModel(_abacWithEvalModelText, _abacWithEvalPolicyText);

diff --git a/Casbin.UnitTests/ModelTests/ModelTest.cs b/Casbin.UnitTests/ModelTests/ModelTest.cs
@@ -644,6 +644,54 @@ public void TestModelWithCommaAndQuotations()
         TestEnforce(e, "cindy", "\"\"Muti Quotations Test\"", "Get", false);
     }
 
+    [Fact]
+    public void TestRbacTokensWithSubstringRelation()
+    {
+        Enforcer e = new(TestModelFixture.GetNewTestModel(
+            _testModelFixture._RbacTokensWithSubstringRelationModelText,
+            _testModelFixture._RbacTokensWithSubstringRelationPolicyText));
+        e.BuildRoleLinks();
+
+        TestDomainEnforce(e, "alice", "tenant1", "data1", "read", true);
+        TestDomainEnforce(e, "alice", "tenant1", "freeread", "read", true);
+        TestDomainEnforce(e, "alice", "tenant2", "data2", "read", false);
+        TestDomainEnforce(e, "alice", "tenant1", "data1", "write", false);
+        TestDomainEnforce(e, "bob", "tenant1", "data1", "read", false);
+        TestDomainEnforce(e, "alice", "tenant3", "freeread", "read", false);
+        TestDomainEnforce(e, "alice", "tenant1", "freeread", "write", false);
+
+    }
+
+    [Fact]
+    public void TestAbacTokensWithSubstringRelation()
+    {
+        Enforcer e = new(TestModelFixture.GetNewTestModel(
+            _testModelFixture._AbacTokensWithSubstringRelationModelText,
+            _testModelFixture._AbacTokensWithSubstringRelationPolicyText));
+
+        TestResource data1 = new("data1", "alice");
+        TestResource data2 = new("data2", "bob");
+        TestSubject subjecta = new("alice", 16);
+        TestSubject subjectb = new("bob", 65);
+        TestSubject subjectc = new("candy", 30);
+        TestSubject subjectd = new("donale", -1);
+        TestSubject subjecte = new("eleena", 1000000009);
+
+        TestEnforce(e, subjecta, data1, "read", true);
+        TestEnforce(e, subjectb, data2, "write", true);
+        TestEnforce(e, subjectc, data1, "read", true);
+        TestEnforce(e, subjectc, data2, "write", true);
+        TestEnforce(e, subjecta, data2, "write", true);
+        TestEnforce(e, subjectb, data1, "read", true);
+
+        TestEnforce(e, subjecta, data1, "write", true);
+        TestEnforce(e, subjectb, data2, "read", true);
+
+        TestEnforce(e, subjectc, data1, "write", false);
+        TestEnforce(e, subjectc, data2, "read", false);
+        TestEnforce(e, subjectd, data1, "read", false);
+        TestEnforce(e, subjecte, data2, "write", false);
+    }
     public class TestResource
     {
         public TestResource(string name, string owner)

diff --git a/Casbin.UnitTests/examples/tokens_with_substring_relation_abac.conf b/Casbin.UnitTests/examples/tokens_with_substring_relation_abac.conf
@@ -0,0 +1,15 @@
+[request_definition]
+r = sub, 1sub, 1sub2
+
+[policy_definition]
+p = sub, 1sub, 1sub2
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = (eval(p.sub) && r.1sub.Name == p.1sub &&r.1sub2 == p.1sub2) || r.sub.Name == r.1sub.Owner
+
+#sub is sub
+#1sub is obj
+#1sub2 is act
diff --git a/Casbin.UnitTests/examples/tokens_with_substring_relation_abac.csv b/Casbin.UnitTests/examples/tokens_with_substring_relation_abac.csv
@@ -0,0 +1,2 @@
+p, r.sub.Age > 18, data1, read
+p, r.sub.Age < 60, data2, write
diff --git a/Casbin.UnitTests/examples/tokens_with_substring_relation_rbac.conf b/Casbin.UnitTests/examples/tokens_with_substring_relation_rbac.conf
@@ -0,0 +1,19 @@
+[request_definition]
+r = sub, 1sub, sub2, 1sub2
+
+[policy_definition]
+p = sub, 1sub, sub2, 1sub2
+
+[role_definition]
+g = _, _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub, r.1sub) && r.1sub == p.1sub && ((r.sub2 == p.sub2 && r.1sub2 == p.1sub2 ) || (r.sub2 == "freeread" && r.1sub2 == "read"))
+# m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
+#sub is sub
+#1sub is dom
+#sub2 is obj
+#1sub2 is act
diff --git a/Casbin.UnitTests/examples/tokens_with_substring_relation_rbac.csv b/Casbin.UnitTests/examples/tokens_with_substring_relation_rbac.csv
@@ -0,0 +1,5 @@
+p, admin, tenant1, data1, read
+p, admin, tenant2, data2, read
+
+g, alice, admin, tenant1
+g, alice, user, tenant2
diff --git a/Casbin/EnforceView.cs b/Casbin/EnforceView.cs
@@ -1,7 +1,9 @@
 using System;
 using System.Collections.Generic;
+using System.Diagnostics;
 using System.Diagnostics.CodeAnalysis;
 using System.Linq;
+using System.Text.RegularExpressions;
 using Casbin.Effect;
 using Casbin.Model;
 using Casbin.Util;
@@ -117,33 +119,35 @@ public static EnforceView CreateWithMatcher(
         [SuppressMessage("ReSharper", "UseDeconstruction")]
         public static string TransformMatcher(in EnforceView view, string matcher)
         {
+            string perfix = @"(?<=(\s|^|\||&|!|=|\(|\)|<|>|,|\+|-|\*|\/|\\)\s*)";
+            string suffix = @"(?=\s*(\s|$|\||&|!|=|\(|\)|<|>|,|\+|-|\*|\/|\\|\.|in))";
             if (view.SupportGeneric is false)
             {
                 foreach (KeyValuePair<string, int> tokenPair in view.RequestAssertion.Tokens)
                 {
-                    matcher = matcher.Replace($"{view.RequestType}.{tokenPair.Key}",
-                        $"{view.RequestType}[{tokenPair.Value}]");
+                    Regex reg = new Regex(perfix + $@"{view.RequestType}\.{tokenPair.Key}" + suffix);
+                    matcher = reg.Replace(matcher, $"{view.RequestType}[{tokenPair.Value}]");
                 }
 
                 foreach (KeyValuePair<string, int> tokenPair in view.PolicyAssertion.Tokens)
                 {
-                    matcher = matcher.Replace($"{view.PolicyType}.{tokenPair.Key}",
-                        $"{view.PolicyType}[{tokenPair.Value}]");
+                    Regex reg = new Regex(perfix + $@"{view.PolicyType}\.{tokenPair.Key}" + suffix);
+                    matcher = reg.Replace(matcher, $"{view.PolicyType}[{tokenPair.Value}]");
                 }
 
                 return matcher;
             }
 
             foreach (KeyValuePair<string, int> tokenPair in view.RequestAssertion.Tokens)
             {
-                matcher = matcher.Replace($"{view.RequestType}.{tokenPair.Key}",
-                    $"{view.RequestType}.Value{tokenPair.Value + 1}");
+                Regex reg = new Regex(perfix + $@"{view.RequestType}\.{tokenPair.Key}" + suffix);
+                matcher = reg.Replace(matcher, $"{view.RequestType}.Value{tokenPair.Value + 1}");
             }
 
             foreach (KeyValuePair<string, int> tokenPair in view.PolicyAssertion.Tokens)
             {
-                matcher = matcher.Replace($"{view.PolicyType}.{tokenPair.Key}",
-                    $"{view.PolicyType}.Value{tokenPair.Value + 1}");
+                Regex reg = new Regex(perfix + $@"{view.PolicyType}\.{tokenPair.Key}" + suffix);
+                matcher = reg.Replace(matcher, $"{view.PolicyType}.Value{tokenPair.Value + 1}");
             }
 
             return matcher;