Merge pull request #2 from wf-yamaday/feat/load_filtered_policy_with_raw_query

Support load_filtered_policy() with raw query

Author: wf-yamaday

README.md

@@ -16,6 +16,39 @@ With this library, Casbin can load policy from MongoDB or save policy to it.
 Motor support a coroutine-based API for non-blocking access to MongoDB.  
 So that, this adapter allows you to use pycasbin's [AsyncEnforcer](https://github.com/casbin/pycasbin/blob/master/casbin/async_enforcer.py).
 
+### `load_policy()`
+
+`load_policy()` loads all policies from storage.
+
+```py
+import casbin_motor_adapter
+import casbin
+
+adapter = casbin_motor_adapter.Adapter('mongodb://localhost:27017/', "dbname")
+
+e = casbin.AsyncEnforcer('path/to/model.conf', adapter, True)
+await e.load_policy()
+
+sub = "alice"  # the user that wants to access a resource.
+obj = "data1"  # the resource that is going to be accessed.
+act = "read"  # the operation that the user performs on the resource.
+
+if e.enforce(sub, obj, act):
+    # permit alice to read data1
+    pass
+else:
+    # deny the request, show an error
+    pass
+```
+
+### `load_filtered_policy()`
+
+`load_filtered_policy()` loads filtered policies from storage. This is useful for performance optimization.
+
+> Policy Subset Loading, https://casbin.org/docs/policy-subset-loading
+
+Additionally, `load_filtered_policy()` supports the MongoDB native queries for filtering conditions.
+
 ```py
 import casbin_motor_adapter
 import casbin
@@ -24,6 +57,22 @@ adapter = casbin_motor_adapter.Adapter('mongodb://localhost:27017/', "dbname")
 
 e = casbin.AsyncEnforcer('path/to/model.conf', adapter, True)
 
+# define filter conditions
+filter = Filter()
+filter.ptype = ["p"]
+filter.v0 = ["alice"]
+
+# support MongoDB native query
+filter.raw_query = {
+    "ptype": "p",
+    "v0": {
+        "$in": ["alice"]
+    }
+}
+
+# In this case, load only policies with sub value alice
+await e.load_filtered_policy(filter)
+
 sub = "alice"  # the user that wants to access a resource.
 obj = "data1"  # the resource that is going to be accessed.
 act = "read"  # the operation that the user performs on the resource.
@@ -34,6 +83,7 @@ if e.enforce(sub, obj, act):
 else:
     # deny the request, show an error
     pass
+
 ```
 
 ## Acknowledgments

casbin_motor_adapter/adapter.py

@@ -25,6 +25,10 @@ class Filter:
     v4 = []
     v5 = []
 
+    # `raw_query` expected dict.
+    # if set `raw_query`, all other filters are ignored
+    raw_query = None
+
 
 class CasbinRule:
     """
@@ -108,10 +112,13 @@ async def load_filtered_policy(self, model, filter):
             filter (Filter): Filter rule object
         """
         query = {}
-        for attr in ("ptype", "v0", "v1", "v2", "v3", "v4", "v5"):
-            if len(getattr(filter, attr)) > 0:
-                value = getattr(filter, attr)
-                query[attr] = {'$in': value}
+        if getattr(filter, "raw_query", None) is None:
+            for attr in ("ptype", "v0", "v1", "v2", "v3", "v4", "v5"):
+                if len(getattr(filter, attr)) > 0:
+                    value = getattr(filter, attr)
+                    query[attr] = {'$in': value}
+        else:
+            query = getattr(filter, "raw_query")
 
         async for line in self._collection.find(query):
             if "ptype" not in line:

tests/test_adapter.py

@@ -268,4 +268,25 @@ async def test_filtered_policy(self):
         self.assertFalse(e.enforce("bob", "data2", "read"))
         self.assertTrue(e.enforce("bob", "data2", "write"))
         self.assertFalse(e.enforce("data2_admin", "data2", "read"))
-        self.assertTrue(e.enforce("data2_admin", "data2", "write"))
+        self.assertTrue(e.enforce("data2_admin", "data2", "write"))
+
+    async def test_filtered_policy_with_raw_query(self):
+        """
+        test filtered_policy
+        """
+        e = await get_enforcer()
+        filter = Filter()
+        filter.raw_query = {
+            "ptype": "p",
+            "v0": {"$in": ["alice", "bob"]}
+        }
+
+        await e.load_filtered_policy(filter)
+        self.assertTrue(e.enforce("alice", "data1", "read"))
+        self.assertFalse(e.enforce("alice", "data1", "write"))
+        self.assertFalse(e.enforce("alice", "data2", "read"))
+        self.assertFalse(e.enforce("alice", "data2", "write"))
+        self.assertFalse(e.enforce("bob", "data1", "read"))
+        self.assertFalse(e.enforce("bob", "data1", "write"))
+        self.assertFalse(e.enforce("bob", "data2", "read"))
+        self.assertTrue(e.enforce("bob", "data2", "write"))