Skip to content

Commit c93da99

Browse files
PokIsemainePokIsemaine
authored
feat: support EnforceEx & EnforceExWithMatcher (#224)
1 parent 87d88c1 commit c93da99

File tree

4 files changed

+342
-22
lines changed

4 files changed

+342
-22
lines changed

casbin/enforcer.cpp

Lines changed: 58 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,10 @@ namespace casbin {
3737
// with the operation "action", input parameters are usually: (matcher, sub, obj, act),
3838
// use model matcher by default when matcher is "".
3939
bool Enforcer::m_enforce(const std::string& matcher, std::vector<std::string>& explains, std::shared_ptr<IEvaluator> evalator) {
40+
if (!explains.empty()) {
41+
explains.clear();
42+
}
43+
4044
// when Casbin is disabled, all access will be allowed by the m_enforce()
4145
if (!m_enabled) {
4246
return true;
@@ -211,12 +215,11 @@ bool Enforcer::m_enforce(const std::string& matcher, std::vector<std::string>& e
211215
}
212216

213217
std::vector<std::vector<std::string>> logExplains;
214-
if (!explains.empty()) {
218+
219+
logExplains.push_back(explains);
220+
if (explainIndex != -1 && (p_policy.size() > explainIndex)) {
221+
explains = p_policy[explainIndex];
215222
logExplains.push_back(explains);
216-
if (explainIndex != -1 && (p_policy.size() > explainIndex)) {
217-
explains = p_policy[explainIndex];
218-
logExplains.push_back(explains);
219-
}
220223
}
221224

222225
// effect --> result
@@ -531,12 +534,55 @@ bool Enforcer::Enforce(const DataMap& params) {
531534

532535
// EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "".
533536
bool Enforcer::EnforceWithMatcher(const std::string& matcher, std::shared_ptr<IEvaluator> evalator) {
534-
std::vector<std::string> explains;
535-
return m_enforce(matcher, explains, evalator);
537+
std::vector<std::string> explain;
538+
bool result = EnforceExWithMatcher(matcher, evalator, explain);
539+
return result;
536540
}
537541

538542
// EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "".
539543
bool Enforcer::EnforceWithMatcher(const std::string& matcher, const DataList& params) {
544+
std::vector<std::string> explain;
545+
bool result = EnforceExWithMatcher(matcher, params, explain);
546+
return result;
547+
}
548+
549+
// EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "".
550+
bool Enforcer::EnforceWithMatcher(const std::string& matcher, const DataVector& params) {
551+
std::vector<std::string> explain;
552+
bool result = EnforceExWithMatcher(matcher, params, explain);
553+
return result;
554+
}
555+
556+
// EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object"
557+
// with the operation "action", input parameters are usually: (matcher, sub, obj, act),
558+
// use model matcher by default when matcher is "".
559+
bool Enforcer::EnforceWithMatcher(const std::string& matcher, const DataMap& params) {
560+
std::vector<std::string> explain;
561+
bool result = EnforceExWithMatcher(matcher, params, explain);
562+
return result;
563+
}
564+
565+
bool Enforcer::EnforceEx(std::shared_ptr<IEvaluator> evalator, std::vector<std::string>& explain) {
566+
return this->EnforceExWithMatcher("", evalator, explain);
567+
}
568+
569+
bool Enforcer::EnforceEx(const DataList& params, std::vector<std::string>& explain) {
570+
return this->EnforceExWithMatcher("", params, explain);
571+
}
572+
573+
bool Enforcer::EnforceEx(const DataVector& params, std::vector<std::string>& explain) {
574+
return this->EnforceExWithMatcher("", params, explain);
575+
}
576+
577+
bool Enforcer::EnforceEx(const DataMap& params, std::vector<std::string>& explain) {
578+
return this->EnforceExWithMatcher("", params, explain);
579+
}
580+
581+
bool Enforcer::EnforceExWithMatcher(const std::string& matcher, std::shared_ptr<IEvaluator> evalator, std::vector<std::string>& explain) {
582+
return m_enforce(matcher, explain, evalator);
583+
}
584+
585+
bool Enforcer::EnforceExWithMatcher(const std::string& matcher, const DataList& params, std::vector<std::string>& explain) {
540586
const std::vector<std::string>& r_tokens = m_model->m["r"].assertion_map["r"]->tokens;
541587

542588
size_t r_cnt = r_tokens.size();
@@ -564,14 +610,12 @@ bool Enforcer::EnforceWithMatcher(const std::string& matcher, const DataList& pa
564610
++i;
565611
}
566612

567-
std::vector<std::string> explains;
568-
bool result = m_enforce(matcher, explains, m_evalator);
613+
bool result = m_enforce(matcher, explain, m_evalator);
569614

570615
return result;
571616
}
572617

573-
// EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "".
574-
bool Enforcer::EnforceWithMatcher(const std::string& matcher, const DataVector& params) {
618+
bool Enforcer::EnforceExWithMatcher(const std::string& matcher, const DataVector& params, std::vector<std::string>& explain) {
575619
const std::vector<std::string>& r_tokens = m_model->m["r"].assertion_map["r"]->tokens;
576620

577621
size_t r_cnt = r_tokens.size();
@@ -601,16 +645,11 @@ bool Enforcer::EnforceWithMatcher(const std::string& matcher, const DataVector&
601645
++i;
602646
}
603647

604-
std::vector<std::string> explains;
605-
bool result = m_enforce(matcher, explains, m_evalator);
648+
bool result = m_enforce(matcher, explain, m_evalator);
606649

607650
return result;
608651
}
609-
610-
// EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object"
611-
// with the operation "action", input parameters are usually: (matcher, sub, obj, act),
612-
// use model matcher by default when matcher is "".
613-
bool Enforcer::EnforceWithMatcher(const std::string& matcher, const DataMap& params) {
652+
bool Enforcer::EnforceExWithMatcher(const std::string& matcher, const DataMap& params, std::vector<std::string>& explain) {
614653
if (this->m_evalator == nullptr) {
615654
this->m_evalator = std::make_shared<ExprtkEvaluator>();
616655
}
@@ -626,8 +665,7 @@ bool Enforcer::EnforceWithMatcher(const std::string& matcher, const DataMap& par
626665
}
627666
}
628667

629-
std::vector<std::string> explains;
630-
bool result = m_enforce(matcher, explains, m_evalator);
668+
bool result = m_enforce(matcher, explain, m_evalator);
631669

632670
return result;
633671
}

include/casbin/enforcer.h

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -176,10 +176,21 @@ class Enforcer : public IEnforcer {
176176
// EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model
177177
// matcher by default when matcher is "".
178178
bool EnforceWithMatcher(const std::string& matcher, const DataMap& params);
179+
180+
bool EnforceEx(std::shared_ptr<IEvaluator> evalator, std::vector<std::string>& explain) override;
181+
bool EnforceEx(const DataList& params, std::vector<std::string>& explain);
182+
bool EnforceEx(const DataVector& params, std::vector<std::string>& explain);
183+
bool EnforceEx(const DataMap& params, std::vector<std::string>& explain);
184+
185+
bool EnforceExWithMatcher(const std::string& matcher, std::shared_ptr<IEvaluator> evalator, std::vector<std::string>& explain) override;
186+
bool EnforceExWithMatcher(const std::string& matcher, const DataList& params, std::vector<std::string>& explain);
187+
bool EnforceExWithMatcher(const std::string& matcher, const DataVector& params, std::vector<std::string>& explain);
188+
bool EnforceExWithMatcher(const std::string& matcher, const DataMap& params, std::vector<std::string>& explain);
189+
179190
// BatchEnforce enforce in batches
180-
std::vector<bool> BatchEnforce(const std::initializer_list<DataList>& requests);
191+
std::vector<bool> BatchEnforce(const std::initializer_list<DataList>& requests) override;
181192
// BatchEnforceWithMatcher enforce with matcher in batches
182-
std::vector<bool> BatchEnforceWithMatcher(const std::string& matcher, const std::initializer_list<DataList>& requests);
193+
std::vector<bool> BatchEnforceWithMatcher(const std::string& matcher, const std::initializer_list<DataList>& requests) override;
183194

184195
/*Management API member functions.*/
185196
std::vector<std::string> GetAllSubjects();

include/casbin/enforcer_interface.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,8 @@ class IEnforcer {
6161
virtual bool m_enforce(const std::string& matcher, std::vector<std::string>& explains, std::shared_ptr<IEvaluator> evalator) = 0;
6262
virtual bool Enforce(std::shared_ptr<IEvaluator> evalator) = 0;
6363
virtual bool EnforceWithMatcher(const std::string& matcher, std::shared_ptr<IEvaluator> evalator) = 0;
64+
virtual bool EnforceEx(std::shared_ptr<IEvaluator> evalator, std::vector<std::string>& explain) = 0;
65+
virtual bool EnforceExWithMatcher(const std::string& matcher, std::shared_ptr<IEvaluator> evalator, std::vector<std::string>& explain) = 0;
6466
virtual std::vector<bool> BatchEnforce(const std::initializer_list<DataList>& requests) = 0;
6567
virtual std::vector<bool> BatchEnforceWithMatcher(const std::string& matcher, const std::initializer_list<DataList>& requests) = 0;
6668

0 commit comments

Comments
 (0)