feat: Add GetImplicitUsersForPermission and AddRolesForUser.

Signed-off-by: DivyPatel9881 <[email protected]>

Author: divy9881

casbin/enforcer.h

@@ -214,6 +214,7 @@ class Enforcer : public IEnforcer{
         vector<string> GetUsersForRole(string name, vector<string> domain);
         bool HasRoleForUser(string name, string role);
         bool AddRoleForUser(string user, string role);
+        bool AddRolesForUser(string user, vector<string> roles);
         bool AddPermissionForUser(string user, vector<string> permission);
         bool DeletePermissionForUser(string user, vector<string> permission);
         bool DeletePermissionsForUser(string user);

casbin/enforcer_interface.h

@@ -64,6 +64,7 @@ class IEnforcer {
         virtual vector<string> GetUsersForRole(string name, vector<string> domain) = 0;
         virtual bool HasRoleForUser(string name, string role) = 0;
         virtual bool AddRoleForUser(string user, string role) = 0;
+        virtual bool AddRolesForUser(string user, vector<string> roles) = 0;
         virtual bool AddPermissionForUser(string user, vector<string> permission) = 0;
         virtual bool DeletePermissionForUser(string user, vector<string> permission) = 0;
         virtual bool DeletePermissionsForUser(string user) = 0;

casbin/rbac_api.cpp

@@ -57,6 +57,18 @@ bool Enforcer :: AddRoleForUser(string user, string role) {
     return this->AddGroupingPolicy(params);
 }
 
+// AddRolesForUser adds roles for a user.
+// Returns false if the user already has the roles (aka not affected).
+bool Enforcer :: AddRolesForUser(string user, vector<string> roles) {
+    bool f = false;
+    for(int i=0;i<roles.size();i++) {
+        bool b = this->AddGroupingPolicy({user, roles[i]});
+        if(b)
+            f = true;
+    }
+    return f;
+}
+
 // DeleteRoleForUser deletes a role for a user.
 // Returns false if the user does not have the role (aka not affected).
 bool Enforcer :: DeleteRoleForUser(string user, string role) {
@@ -210,24 +222,23 @@ vector<vector<string>> Enforcer :: GetImplicitPermissionsForUser(string user, ve
 // GetImplicitUsersForPermission("data1", "read") will get: ["alice", "bob"].
 // Note: only users will be returned, roles (2nd arg in "g") will be excluded.
 vector<string> Enforcer :: GetImplicitUsersForPermission(vector<string> permission) {
-    vector<string> subjects = this->GetAllSubjects();
-    vector<string> roles = this->GetAllRoles();
+    vector<string> p_subjects = this->GetAllSubjects();
+    vector<string> g_inherit = this->model->GetValuesForFieldInPolicyAllTypes("g", 1);
+    vector<string> g_subjects = this->model->GetValuesForFieldInPolicyAllTypes("g", 0);
 
-    vector<string> users = SetSubtract(subjects, roles);
+    vector<string> subjects(p_subjects);
+    subjects.insert(subjects.end(), g_subjects.begin(), g_subjects.end());
+    ArrayRemoveDuplicates(subjects);
 
     vector<string> res;
-    for (int i = 0 ; i < users.size() ; i++) {
-        Scope scope = InitializeScope();
-        PushObject(scope);
-        PushStringPropToObject(scope, "r", users[i], "sub");
-        PushStringPropToObject(scope, "r", permission[0], "obj");
-        PushStringPropToObject(scope, "r", permission[1], "act");
-        
-        bool allowed = this->Enforce(scope);
-
-        if (allowed)
-            res.push_back(users[i]);
+    for(int i=0;i<subjects.size();i++) {
+        bool allowed = this->Enforce({subjects[i], permission[0], permission[1]});
+
+        if(allowed) {
+            res.push_back(subjects[i]);
+        }
     }
 
+    res = SetSubtract(res, g_inherit);
     return res;
 }

casbin/util/array_equals.cpp

@@ -18,6 +18,8 @@
 
 #include "pch.h"
 
+#include <algorithm>
+
 #include "./util.h"
 
 using namespace std;
@@ -28,6 +30,8 @@ bool ArrayEquals(vector<string> a, vector<string> b) {
         return false;
     }
 
+    sort(a.begin(), a.end());
+    sort(b.begin(), b.end());
     for (int i = 0 ; i < a.size() ; i++) {
         if (a[i] != b[i]) {
             return false;