From abf90921b6b3688ede8126bbb5427dd810cbd9c0 Mon Sep 17 00:00:00 2001 From: ailiujiarui <115072567+ailiujiarui@users.noreply.github.com> Date: Wed, 1 May 2024 09:54:38 +0800 Subject: [PATCH] feat: improve the synced enforcer like Go casbin (#248) --- casbin/enforcer_synced.cpp | 77 +++++++++++++++++++++++++++++++- include/casbin/enforcer_synced.h | 36 ++++++++++++++- tests/enforcer_synced_test.cpp | 24 ++++++++++ 3 files changed, 135 insertions(+), 2 deletions(-) diff --git a/casbin/enforcer_synced.cpp b/casbin/enforcer_synced.cpp index 44560353..cf8c1c7d 100644 --- a/casbin/enforcer_synced.cpp +++ b/casbin/enforcer_synced.cpp @@ -513,6 +513,81 @@ bool SyncedEnforcer ::RemoveFilteredNamedGroupingPolicy(const std::string& ptype return Enforcer::RemoveFilteredNamedGroupingPolicy(ptype, fieldIndex, fieldValues); } +// GetAllActions gets the list of actions that show up in the current policy. +std::vector SyncedEnforcer::GetAllActions() { + std::unique_lock lock(policyMutex); + return Enforcer::GetAllActions(); +} + +// GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified. +PoliciesValues SyncedEnforcer::GetFilteredPolicy(int fieldIndex, std::vector fieldValues) { + std::unique_lock lock(policyMutex); + return Enforcer::GetFilteredPolicy(fieldIndex, fieldValues); +} + +// EnforceExWithMatcher use a custom matcher and explain enforcement by informing matched rules. +bool SyncedEnforcer::SyncedEnforceExWithMatcher(const std::string& matcher, std::shared_ptr evalator, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceExWithMatcher(matcher, evalator, explain); +} + +bool SyncedEnforcer::SyncedEnforceExWithMatcher(const std::string& matcher, const DataList& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceExWithMatcher(matcher, params, explain); +} + +bool SyncedEnforcer::SyncedEnforceExWithMatcher(const std::string& matcher, const DataVector& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceExWithMatcher(matcher, params, explain); +} + +bool SyncedEnforcer::SyncedEnforceExWithMatcher(const std::string& matcher, const DataMap& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceExWithMatcher(matcher, params, explain); +} + +// EnforceEx explain enforcement by informing matched rules. +bool SyncedEnforcer::SyncedEnforceEx(std::shared_ptr evalator, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceEx(evalator, explain); +} + +bool SyncedEnforcer::SyncedEnforceEx(const DataList& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceEx(params, explain); +} + +bool SyncedEnforcer::SyncedEnforceEx(const DataVector& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceEx(params, explain); +} + +bool SyncedEnforcer::SyncedEnforceEx(const DataMap& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceEx(params, explain); +} + +// EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "". +bool SyncedEnforcer::SyncedEnforceWithMatcher(const std::string& matcher, std::shared_ptr evalator) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceWithMatcher(matcher, evalator); +} + +bool SyncedEnforcer::SyncedEnforceWithMatcher(const std::string& matcher, const DataList& params) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceWithMatcher(matcher, params); +} + +bool SyncedEnforcer::SyncedEnforceWithMatcher(const std::string& matcher, const DataVector& params) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceWithMatcher(matcher, params); +} + +bool SyncedEnforcer::SyncedEnforceWithMatcher(const std::string& matcher, const DataMap& params) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceWithMatcher(matcher, params); +} + } // namespace casbin -#endif // ENFORCER_SYNCED_CPP +#endif // ENFORCER_SYNCED_CPP \ No newline at end of file diff --git a/include/casbin/enforcer_synced.h b/include/casbin/enforcer_synced.h index 45103c5f..fccd00d5 100644 --- a/include/casbin/enforcer_synced.h +++ b/include/casbin/enforcer_synced.h @@ -292,8 +292,42 @@ class SyncedEnforcer : public Enforcer { // RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified. bool RemoveFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; + + // GetAllActions gets the list of actions that show up in the current policy. + + std::vector GetAllActions() override; + + // GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified. + PoliciesValues GetFilteredPolicy(int fieldIndex, std::vector fieldValues); + + // EnforceExWithMatcher use a custom matcher and explain enforcement by informing matched rules. + bool SyncedEnforceExWithMatcher(const std::string& matcher, std::shared_ptr evalator, std::vector& explain); + + bool SyncedEnforceExWithMatcher(const std::string& matcher, const DataList& params, std::vector& explain); + + bool SyncedEnforceExWithMatcher(const std::string& matcher, const DataVector& params, std::vector& explain); + + bool SyncedEnforceExWithMatcher(const std::string& matcher, const DataMap& params, std::vector& explain); + + // EnforceEx explain enforcement by informing matched rules. + bool SyncedEnforceEx(std::shared_ptr evalator, std::vector& explain); + + bool SyncedEnforceEx(const DataList& params, std::vector& explain); + + bool SyncedEnforceEx(const DataVector& params, std::vector& explain); + + bool SyncedEnforceEx(const DataMap& params, std::vector& explain); + + // EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model + bool SyncedEnforceWithMatcher(const std::string& matcher, std::shared_ptr evalator); + + bool SyncedEnforceWithMatcher(const std::string& matcher, const DataList& params); + + bool SyncedEnforceWithMatcher(const std::string& matcher, const DataVector& params); + + bool SyncedEnforceWithMatcher(const std::string& matcher, const DataMap& params); }; } // namespace casbin -#endif +#endif \ No newline at end of file diff --git a/tests/enforcer_synced_test.cpp b/tests/enforcer_synced_test.cpp index c96db25c..6d517461 100644 --- a/tests/enforcer_synced_test.cpp +++ b/tests/enforcer_synced_test.cpp @@ -334,4 +334,28 @@ TEST(TestEnforcerSynced, TestMultiThreadBatchEnforce) { EXPECT_EQ(e.IsAutoLoadingRunning(), false); } +void testSyncedEnforcerGetPolicy(casbin::SyncedEnforcer& e, PoliciesVector expected) { + auto myRes = e.GetPolicy(); + PoliciesVector actual; + for (auto it = myRes.begin(); it != myRes.end(); ++it) { + actual.push_back(*it); + } + std::sort(actual.begin(), actual.end()); + std::sort(expected.begin(), expected.end()); + ASSERT_EQ(expected, actual); +} + +TEST(TestSyncedEnforcer, GetPolicy) { + casbin::SyncedEnforcer e(basic_model_path, basic_policy_path); + + PoliciesVector expected_policy = { + {"alice", "data1", "read"}, + {"bob", "data2", "write"}, + }; + + testSyncedEnforcerGetPolicy(e, expected_policy); +} + + + } // namespace