feat: exprtk evalutor support RBAC model and test (#187)

* chore: separate source and header file

Signed-off-by: stonex <[email protected]>

* feat: exprtk evalutor support g_function and test

Signed-off-by: stonex <[email protected]>

Co-authored-by: Yash Pandey (YP) <[email protected]>

Author: sheny1xuan

casbin/enforcer.cpp

@@ -59,13 +59,18 @@ bool Enforcer::m_enforce(const std::string& matcher, std::shared_ptr<IEvaluator>
         for (auto [assertion_name, assertion] : m_model->m["g"].assertion_map) {
             std::shared_ptr<RoleManager>& rm = assertion->rm;
 
-            int char_count = static_cast<int>(std::count(assertion->value.begin(), assertion->value.end(), '_'));
-            size_t index = exp_string.find(assertion_name + "(");
+            if (dynamic_cast<DuktapeEvaluator*>(m_func_map.evalator.get()) != nullptr) {
+                int char_count = static_cast<int>(std::count(assertion->value.begin(), assertion->value.end(), '_'));
+                size_t index = exp_string.find(assertion_name + "(");
 
-            if (index != std::string::npos)
-                exp_string.insert(index + assertion_name.length() + 1, "rm, ");
+                if (index != std::string::npos)
+                    exp_string.insert(index + assertion_name.length() + 1, "rm, ");
+
+                m_func_map.evalator->LoadGFunction(rm, assertion_name, char_count + 1);
+            } else {
+                m_func_map.evalator->LoadGFunction(rm, assertion_name, 0);
+            }
 
-            m_func_map.evalator->LoadGFunction(rm, assertion_name, char_count + 1);
         }
     }
 

casbin/model/evaluator.cpp

@@ -16,6 +16,7 @@
 #include <regex>
 
 #include "casbin/model/evaluator.h"
+#include "casbin/model/exprtk_config.h"
 #include "casbin/util/util.h"
 
 namespace casbin {
@@ -45,11 +46,12 @@ namespace casbin {
     }
 
     void ExprtkEvaluator::LoadFunctions() {
-
+        
     }
 
     void ExprtkEvaluator::LoadGFunction(std::shared_ptr<RoleManager> rm, const std::string& name, int narg) {
-
+        std::shared_ptr<exprtk_func_t> func = std::make_shared<ExprtkGFunction<numerical_type>>(rm);
+        this->AddFunction(name, func);
     }
 
     void ExprtkEvaluator::ProcessFunctions(const std::string& expression) {
@@ -87,6 +89,11 @@ namespace casbin {
         }
     }
 
+    void ExprtkEvaluator::AddFunction(const std::string& func_name, std::shared_ptr<exprtk_func_t> func) {
+        this->Functions.push_back(func);
+        symbol_table.add_function(func_name, *func);
+    }
+
     void ExprtkEvaluator::PrintSymbol() {
         std::vector<std::string> var_list;
         symbol_table.get_stringvar_list(var_list);

include/casbin/model/evaluator.h

@@ -19,6 +19,7 @@
 #define CASBIN_CPP_MODEL_EVALATOR_CONFIG
 
 #include <string>
+#include <vector>
 #include <nlohmann/json.hpp>
 
 #include "../exprtk/exprtk.hpp"
@@ -32,6 +33,7 @@ namespace casbin {
     using symbol_table_t = exprtk::symbol_table<numerical_type>;
     using expression_t = exprtk::expression<numerical_type>;
     using parser_t = exprtk::parser<numerical_type>;
+    using exprtk_func_t = exprtk::igeneric_function<numerical_type>;
 
     class IEvaluator {
         public:
@@ -64,6 +66,7 @@ namespace casbin {
             symbol_table_t symbol_table;
             expression_t expression;
             parser_t parser;
+            std::vector<std::shared_ptr<exprtk_func_t>> Functions;
         public:
             bool Eval(const std::string& expression);
 
@@ -88,6 +91,8 @@ namespace casbin {
             void Clean(AssertionMap& section);
 
             void PrintSymbol();
+
+            void AddFunction(const std::string& func_name, std::shared_ptr<exprtk_func_t> func);
     };
 
     class DuktapeEvaluator : public IEvaluator {

include/casbin/model/exprtk_config.h

@@ -0,0 +1,98 @@
+/*
+* Copyright 2020 The casbin Authors. All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+#ifndef CASBIN_CPP_MODEL_EXPRTK_CONFIG
+#define CASBIN_CPP_MODEL_EXPRTK_CONFIG
+
+#include <memory>
+
+#include "casbin/exprtk/exprtk.hpp"
+#include "casbin/rbac/role_manager.h"
+
+namespace casbin {
+
+    template <typename T>
+    struct ExprtkGFunction : public exprtk::igeneric_function<T>
+    {
+        typedef typename exprtk::igeneric_function<T>::generic_type
+                                                        generic_type;
+
+        typedef typename generic_type::scalar_view scalar_t;
+        typedef typename generic_type::vector_view vector_t;
+        typedef typename generic_type::string_view string_t;
+
+        typedef typename exprtk::igeneric_function<T>::parameter_list_t
+                                                        parameter_list_t;
+    private:
+        std::shared_ptr<casbin::RoleManager> rm_;
+    public:
+        ExprtkGFunction()
+        : exprtk::igeneric_function<T>("SS"), rm_(nullptr)
+        {}
+
+        ExprtkGFunction(std::shared_ptr<RoleManager> rm)
+        : exprtk::igeneric_function<T>("SS"), rm_(rm)
+        {}
+
+        bool UpdateRoleManager(std::shared_ptr<RoleManager> rm) {
+            this->rm_ = rm;
+
+            return true;
+        }
+
+        inline T operator()(parameter_list_t parameters) {        
+            bool res = false;
+
+            // check value cnt
+            if (parameters.size() < 2 || parameters.size() > 3) {
+                return T(res);
+            }
+
+            // check value type
+            for (std::size_t i = 0; i < parameters.size(); ++i) {
+                generic_type& gt = parameters[i];
+
+                if (generic_type::e_scalar == gt.type) {
+                    return T(res);
+                }
+                else if (generic_type::e_vector == gt.type) {
+                    return T(res);
+                }
+            }
+
+            std::string name1 = exprtk::to_str(string_t(parameters[0]));
+            std::string name2 = exprtk::to_str(string_t(parameters[1]));
+            std::string domain;
+            std::vector<std::string> domains;
+
+            if (parameters.size() == 3) {
+                domain = exprtk::to_str(string_t(parameters[2]));
+                domains.push_back(domain);
+            }
+
+            if(this->rm_ == nullptr)
+                res = name1 == name2;
+            else {
+                res = rm_->HasLink(name1, name2, domains);
+            }
+
+            return T(res);
+        }
+    };
+}
+
+
+#endif

tests/model_enforcer_test.cpp

@@ -374,6 +374,23 @@ TEST(TestModelEnforcer, TestRBACModel) {
     TestEnforce(e, evaluator, false);
     evaluator = InitializeParams<casbin::DuktapeEvaluator>("bob", "data2", "write");
     TestEnforce(e, evaluator, true);
+
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
+    TestEnforce(e, evaluator, false); 
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
+    TestEnforce(e, evaluator, true);
 }
 
 TEST(TestModelEnforcer, TestRBACModelWithResourceRoles) {
@@ -397,6 +414,23 @@ TEST(TestModelEnforcer, TestRBACModelWithResourceRoles) {
     TestEnforce(e, evaluator, false);
     evaluator = InitializeParams<casbin::DuktapeEvaluator>("bob", "data2", "write");
     TestEnforce(e, evaluator, true);
+
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
+    TestEnforce(e, evaluator, true);
 }
 
 TEST(TestModelEnforcer, TestRBACModelWithDomains) {
@@ -545,6 +579,23 @@ TEST(TestModelEnforcer, TestRBACModelWithDeny) {
     TestEnforce(e, evaluator, false);
     evaluator = InitializeParams<casbin::DuktapeEvaluator>("bob", "data2", "write");
     TestEnforce(e, evaluator, true);
+
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
+    TestEnforce(e, evaluator, true);
 }
 
 TEST(TestModelEnforcer, TestRBACModelWithOnlyDeny) {
@@ -580,6 +631,23 @@ TEST(TestModelEnforcer, TestRBACModelWithCustomData) {
     evaluator = InitializeParams<casbin::DuktapeEvaluator>("bob", "data2", "write");
     TestEnforce(e, evaluator, true);
 
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
+    TestEnforce(e, evaluator, true);
+
     // You should also take the custom data as a parameter when deleting a grouping policy.
     // e.RemoveGroupingPolicy("bob", "data2_admin") won't work.
     // Or you can remove it by using RemoveFilteredGroupingPolicy().
@@ -602,6 +670,23 @@ TEST(TestModelEnforcer, TestRBACModelWithCustomData) {
     TestEnforce(e, evaluator, false);
     evaluator = InitializeParams<casbin::DuktapeEvaluator>("bob", "data2", "write");
     TestEnforce(e, evaluator, true);
+
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "read");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data1", "write");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "read");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("alice", "data2", "write");
+    TestEnforce(e, evaluator, true);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "read");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data1", "write");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "read");
+    TestEnforce(e, evaluator, false);
+    evaluator = InitializeParams<casbin::ExprtkEvaluator>("bob", "data2", "write");
+    TestEnforce(e, evaluator, true);
 }
 
 TEST(TestModelEnforcer, TestRBACModelWithPattern) {