Skip to content

Commit 8f4c866

Browse files
hsluoyzhsluoyz
authored
Merge pull request #53 from divy9881/fix_iteration
feat: add basic model enforcer tests and fix enforcer for expression evaluation.
2 parents cbd2038 + dd50662 commit 8f4c866

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

41 files changed

+1370
-357
lines changed

casbin/casbin.vcxproj

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -196,7 +196,7 @@
196196
<ClCompile Include="persist\default_watcher_ex.cpp" />
197197
<ClCompile Include="persist\file_adapter\batch_file_adapter.cpp" />
198198
<ClCompile Include="persist\file_adapter\file_adapter.cpp" />
199-
<ClCompile Include="persist\file_adapter\filtered_adapter.cpp" />
199+
<ClCompile Include="persist\file_adapter\filtered_file_adapter.cpp" />
200200
<ClCompile Include="rbac\default_role_manager.cpp" />
201201
<ClCompile Include="rbac_api.cpp" />
202202
<ClCompile Include="rbac_api_with_domains.cpp" />
@@ -267,14 +267,14 @@
267267
<ClInclude Include="model\scope_config.h" />
268268
<ClInclude Include="persist.h" />
269269
<ClInclude Include="persist\adapter.h" />
270-
<ClInclude Include="persist\adapter_filtered.h" />
271270
<ClInclude Include="persist\batch_adapter.h" />
272271
<ClInclude Include="persist\default_watcher.h" />
273272
<ClInclude Include="persist\default_watcher_ex.h" />
274273
<ClInclude Include="persist\file-adapter\batch_file_adapter.h" />
275274
<ClInclude Include="persist\file-adapter\file_adapter.h" />
276-
<ClInclude Include="persist\file-adapter\filtered_adapter.h" />
277275
<ClInclude Include="persist\file-adapter\pch.h" />
276+
<ClInclude Include="persist\file_adapter\filtered_file_adapter.h" />
277+
<ClInclude Include="persist\filtered_adapter.h" />
278278
<ClInclude Include="persist\pch.h" />
279279
<ClInclude Include="persist\watcher.h" />
280280
<ClInclude Include="persist\watcher_ex.h" />

casbin/casbin.vcxproj.filters

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -222,9 +222,6 @@
222222
<ClCompile Include="persist\file_adapter\file_adapter.cpp">
223223
<Filter>Source Files\persist\file_adapter</Filter>
224224
</ClCompile>
225-
<ClCompile Include="persist\file_adapter\filtered_adapter.cpp">
226-
<Filter>Source Files\persist\file_adapter</Filter>
227-
</ClCompile>
228225
<ClCompile Include="persist\adapter.cpp">
229226
<Filter>Source Files\persist</Filter>
230227
</ClCompile>
@@ -255,6 +252,9 @@
255252
<ClCompile Include="ip_parser\parser\parseIPv4.cpp">
256253
<Filter>Source Files\ip_parser\parser</Filter>
257254
</ClCompile>
255+
<ClCompile Include="persist\file_adapter\filtered_file_adapter.cpp">
256+
<Filter>Source Files\persist\file_adapter</Filter>
257+
</ClCompile>
258258
</ItemGroup>
259259
<ItemGroup>
260260
<ClInclude Include="config\config_interface.h">
@@ -272,9 +272,6 @@
272272
<ClInclude Include="persist\adapter.h">
273273
<Filter>Header Files\persist</Filter>
274274
</ClInclude>
275-
<ClInclude Include="persist\adapter_filtered.h">
276-
<Filter>Header Files\persist</Filter>
277-
</ClInclude>
278275
<ClInclude Include="persist\watcher.h">
279276
<Filter>Header Files\persist</Filter>
280277
</ClInclude>
@@ -416,9 +413,6 @@
416413
<ClInclude Include="duktape\pch.h">
417414
<Filter>Header Files\duktape</Filter>
418415
</ClInclude>
419-
<ClInclude Include="persist\file-adapter\filtered_adapter.h">
420-
<Filter>Header Files\persist\file_adapter</Filter>
421-
</ClInclude>
422416
<ClInclude Include="effect\default_effector.h">
423417
<Filter>Header Files\effect</Filter>
424418
</ClInclude>
@@ -467,5 +461,11 @@
467461
<ClInclude Include="model\scope_config.h">
468462
<Filter>Header Files\model</Filter>
469463
</ClInclude>
464+
<ClInclude Include="persist\filtered_adapter.h">
465+
<Filter>Header Files\persist</Filter>
466+
</ClInclude>
467+
<ClInclude Include="persist\file_adapter\filtered_file_adapter.h">
468+
<Filter>Header Files\persist\file_adapter</Filter>
469+
</ClInclude>
470470
</ItemGroup>
471471
</Project>

casbin/config/config.cpp

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -156,9 +156,10 @@ void Config :: Set(string key, string value) {
156156
if (keys.size() >= 2) {
157157
section = keys[0];
158158
option = keys[1];
159-
} else {
160-
option = keys[0];
161159
}
160+
else
161+
option = keys[0];
162+
162163
AddConfig(section, option, value);
163164
mtx_lock.unlock();
164165
}

casbin/effect/default_effector.cpp

Lines changed: 8 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -33,37 +33,35 @@ DefaultEffector* DefaultEffector :: NewDefaultEffector(){
3333
bool DefaultEffector :: MergeEffects(string expr, vector<Effect> effects, vector<float> results) {
3434
bool result;
3535

36-
unsigned int number_of_effects = sizeof(effects) / sizeof(effects[0]);
37-
38-
if (!expr.compare("some(where (p_eft == allow))")) {
36+
if (!expr.compare("some(where (p.eft == allow))")) {
3937
result = false;
40-
for(unsigned int index = 0 ; index < number_of_effects ; index++){
38+
for(unsigned int index = 0 ; index < effects.size() ; index++){
4139
if (effects[index] == Effect::Allow) {
4240
result = true;
4341
break;
4442
}
4543
}
46-
} else if (!expr.compare("!some(where (p_eft == deny))")) {
44+
} else if (!expr.compare("!some(where (p.eft == deny))")) {
4745
result = true;
48-
for(unsigned int index = 0 ; index < number_of_effects ; index++){
46+
for(unsigned int index = 0 ; index < effects.size(); index++){
4947
if (effects[index] == Effect::Deny) {
5048
result = false;
5149
break;
5250
}
5351
}
54-
} else if (!expr.compare("some(where (p_eft == allow)) && !some(where (p_eft == deny))")) {
52+
} else if (!expr.compare("some(where (p.eft == allow)) && !some(where (p.eft == deny))")) {
5553
result = false;
56-
for(unsigned int index = 0 ; index < number_of_effects ; index++){
54+
for(unsigned int index = 0 ; index < effects.size(); index++){
5755
if (effects[index] == Effect::Allow) {
5856
result = true;
5957
} else if (effects[index] == Effect::Deny) {
6058
result = false;
6159
break;
6260
}
6361
}
64-
} else if (!expr.compare("priority(p_eft) || deny")) {
62+
} else if (!expr.compare("priority(p.eft) || deny")) {
6563
result = false;
66-
for(unsigned int index = 0 ; index < number_of_effects ; index++){
64+
for(unsigned int index = 0 ; index < effects.size(); index++){
6765
if (effects[index] != Effect::Indeterminate) {
6866
if (effects[index] == Effect::Allow) {
6967
result = true;

casbin/enforcer.cpp

Lines changed: 50 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@
1818

1919
#include "pch.h"
2020

21+
#include <algorithm>
22+
2123
#include "./enforcer.h"
2224
#include "./persist/watcher_ex.h"
2325
#include "./persist/file_adapter/file_adapter.h"
@@ -37,117 +39,123 @@ bool Enforcer :: enforce(string matcher, Scope scope) {
3739
// }()
3840

3941
this->func_map.scope = scope;
42+
this->func_map.LoadFunctionMap();
4043

41-
if(this->enabled)
44+
if(!this->enabled)
4245
return true;
4346

4447
// for(unordered_map <string, Function> :: iterator it = this->fm.fmap.begin() ; it != this->fm.fmap.end() ; it++)
4548
// this->fm.AddFunction(it->first, it->second);
4649

47-
string expString;
50+
string exp_string;
4851
if(matcher == "")
49-
expString = this->model->m["m"].assertion_map["m"]->value;
52+
exp_string = this->model->m["m"].assertion_map["m"]->value;
5053
else
51-
expString = matcher;
54+
exp_string = matcher;
55+
5256

5357
unordered_map <string, RoleManager*> rm_map;
5458
bool ok = this->model->m.find("g") != this->model->m.end();
59+
5560
if(ok) {
5661
for(unordered_map <string, Assertion*> :: iterator it = this->model->m["g"].assertion_map.begin() ; it != this->model->m["g"].assertion_map.end() ; it++){
5762
RoleManager* rm = it->second->rm;
58-
int index = int(expString.find((it->first)+"("));
63+
int char_count = int(count(it->second->value.begin(), it->second->value.end(), '_'));
64+
int index = int(exp_string.find((it->first)+"("));
5965
if(index != string::npos)
60-
expString.insert(index+(it->first+"(").length()-1, (it->first)+"_rm");
61-
PushPointer(this->func_map.scope, (void *)rm, (it->first)+"_rm");
62-
this->func_map.AddFunction(it->first, GFunction);
66+
exp_string.insert(index+(it->first+"(").length(), "rm, ");
67+
PushPointer(this->func_map.scope, (void *)rm, "rm");
68+
this->func_map.AddFunction(it->first, GFunction, char_count + 1);
6369
}
6470
}
6571

66-
unordered_map <string, int> pIntTokens;
72+
unordered_map <string, int> p_int_tokens;
6773
for(int i = 0 ; i < this->model->m["p"].assertion_map["p"]->tokens.size() ; i++)
68-
pIntTokens[this->model->m["p"].assertion_map["p"]->tokens[i]] = i;
74+
p_int_tokens[this->model->m["p"].assertion_map["p"]->tokens[i]] = i;
6975

70-
vector <string> pTokens = this->model->m["p"].assertion_map["p"]->tokens;
76+
vector <string> p_tokens = this->model->m["p"].assertion_map["p"]->tokens;
7177

72-
vector <Effect> policyEffects;
73-
vector <float> matcherResults;
78+
int policy_len = int(this->model->m["p"].assertion_map["p"]->policy.size());
7479

75-
int policyLen = int(this->model->m["p"].assertion_map["p"]->policy.size());
80+
vector <Effect> policy_effects(policy_len, Effect :: Indeterminate);
81+
vector <float> matcher_results;
7682

77-
if(policyLen != 0) {
83+
if(policy_len != 0) {
7884
if(this->model->m["r"].assertion_map["r"]->tokens.size() != this->func_map.GetRLen())
7985
return false;
8086

8187
//TODO
82-
for( int i = 0 ; i < this->model->m["p"].assertion_map["p"]->policy.size() ; i++){
88+
for( int i = 0 ; i < policy_len ; i++){
8389
// log.LogPrint("Policy Rule: ", pvals)
84-
vector<string> pVals = this->model->m["p"].assertion_map["p"]->policy[i];
85-
if(this->model->m["p"].assertion_map["p"]->tokens.size() != pVals.size())
90+
vector<string> p_vals = this->model->m["p"].assertion_map["p"]->policy[i];
91+
if(this->model->m["p"].assertion_map["p"]->tokens.size() != p_vals.size())
8692
return false;
8793

8894
PushObject(this->func_map.scope, "p");
89-
for(int j = 0 ; j < pTokens.size() ; j++){
90-
int index = int(pTokens[j].find("_"));
91-
string token = pTokens[j].substr(index+1);
92-
PushStringPropToObject(this->func_map.scope, "p", pVals[j], token);
95+
for(int j = 0 ; j < p_tokens.size() ; j++){
96+
int index = int(p_tokens[j].find("_"));
97+
string token = p_tokens[j].substr(index+1);
98+
PushStringPropToObject(this->func_map.scope, "p", p_vals[j], token);
9399
}
94100

95-
this->func_map.Eval(expString);
101+
this->func_map.Evaluate(exp_string);
102+
96103
//TODO
97104
// log.LogPrint("Result: ", result)
98-
99105
if(CheckType(this->func_map.scope) == Type :: Bool){
100106
bool result = GetBoolean(this->func_map.scope);
101107
if(!result) {
102-
policyEffects[i] = Effect :: Indeterminate;
108+
policy_effects[i] = Effect :: Indeterminate;
103109
continue;
104110
}
105111
}
106112
else if(CheckType(this->func_map.scope) == Type :: Float){
107113
bool result = GetFloat(this->func_map.scope);
108114
if(result == 0) {
109-
policyEffects[i] = Effect :: Indeterminate;
115+
policy_effects[i] = Effect :: Indeterminate;
110116
continue;
111117
} else
112-
matcherResults[i] = result;
118+
matcher_results[i] = result;
113119
}
114120
else
115121
return false;
116122

117-
bool ok = pIntTokens.find("p_eft") != pIntTokens.end();
118-
if(ok) {
119-
int j = pIntTokens["p_eft"];
120-
string eft = pVals[j];
123+
bool is_p_eft = p_int_tokens.find("p_eft") != p_int_tokens.end();
124+
if(is_p_eft) {
125+
int j = p_int_tokens["p_eft"];
126+
string eft = p_vals[j];
121127
if(eft == "allow")
122-
policyEffects[i] = Effect :: Allow;
128+
policy_effects[i] = Effect :: Allow;
123129
else if(eft == "deny")
124-
policyEffects[i] = Effect :: Deny;
130+
policy_effects[i] = Effect :: Deny;
125131
else
126-
policyEffects[i] = Effect :: Indeterminate;
132+
policy_effects[i] = Effect :: Indeterminate;
127133
}
128134
else
129-
policyEffects[i] = Effect :: Allow;
135+
policy_effects[i] = Effect :: Allow;
130136

131137
if(this->model->m["e"].assertion_map["e"]->value == "priority(p_eft) || deny")
132138
break;
133139
}
134140
} else {
135-
this->func_map.Eval(expString);
141+
bool isValid = this->func_map.Evaluate(exp_string);
142+
if(!isValid)
143+
return false;
136144
bool result = this->func_map.GetBooleanResult();
145+
137146
//TODO
138147
// log.LogPrint("Result: ", result)
139-
140148
if(result)
141-
policyEffects[0] = Effect::Allow;
149+
policy_effects.push_back(Effect::Allow);
142150
else
143-
policyEffects[0] = Effect::Indeterminate;
151+
policy_effects.push_back(Effect::Indeterminate);
144152
}
145153

146154
//TODO
147155
// log.LogPrint("Rule Results: ", policyEffects)
148156

149-
bool result = this->eft->MergeEffects(this->model->m["e"].assertion_map["e"]->value, policyEffects, matcherResults);
150-
157+
bool result = this->eft->MergeEffects(this->model->m["e"].assertion_map["e"]->value, policy_effects, matcher_results);
158+
151159
return result;
152160
}
153161

@@ -198,7 +206,7 @@ Enforcer* Enforcer :: NewEnforcer(Model* m, Adapter* adapter) {
198206

199207
e->Initialize();
200208

201-
if (e->adapter != NULL) {
209+
if (e->adapter->file_path != "") {
202210
e->LoadPolicy();
203211
}
204212
return e;
@@ -344,7 +352,6 @@ void Enforcer :: ClearPolicy() {
344352
void Enforcer :: LoadPolicy() {
345353
this->model->ClearPolicy();
346354
this->adapter->LoadPolicy(this->model);
347-
348355
this->model->PrintPolicy();
349356

350357
if(this->auto_build_role_links) {

casbin/enforcer.h

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
#include "./rbac/role_manager.h"
2121
#include "./model/function.h"
2222
#include "./enforcer_interface.h"
23-
#include "./persist/adapter_filtered.h"
23+
#include "./persist/filtered_adapter.h"
2424

2525
// Enforcer is the main interface for authorization enforcement and policy management.
2626
class Enforcer : public IEnforcer{
@@ -33,7 +33,6 @@ class Enforcer : public IEnforcer{
3333

3434
Adapter* adapter;
3535
Watcher* watcher;
36-
RoleManager* rm;
3736

3837
bool enabled;
3938
bool auto_save;
@@ -45,6 +44,8 @@ class Enforcer : public IEnforcer{
4544

4645
public:
4746

47+
RoleManager* rm;
48+
4849
/**
4950
* Enforcer is the default constructor.
5051
*/
@@ -190,7 +191,7 @@ class Enforcer : public IEnforcer{
190191
bool RemoveNamedGroupingPolicy(string ptype, vector<string> params);
191192
bool RemoveNamedGroupingPolicies(string p_type, vector<vector<string>> rules);
192193
bool RemoveFilteredNamedGroupingPolicy(string ptype, int field_index, vector<string> field_values);
193-
void AddFunction(string name, Function);
194+
void AddFunction(string name, Function function, Index nargs);
194195

195196
/*RBAC API member functions.*/
196197
vector<string> GetRolesForUser(string name);

casbin/enforcer_interface.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ class IEnforcer {
119119
virtual bool RemoveNamedGroupingPolicy(string ptype, vector<string> params) = 0;
120120
virtual bool RemoveNamedGroupingPolicies(string p_type, vector<vector<string>> rules) = 0;
121121
virtual bool RemoveFilteredNamedGroupingPolicy(string ptype, int fieldIndex, vector<string> fieldValues) = 0;
122-
virtual void AddFunction(string name, Function) = 0;
122+
virtual void AddFunction(string name, Function function, Index nargs) = 0;
123123

124124
/* Internal API member functions */
125125
virtual bool addPolicy(string sec, string ptype, vector<string> rule) = 0;

0 commit comments

Comments
 (0)