feat: enforceWithMatcher & EnforceExWithMatcher

casbin · Aug 30, 2023 · 7b430c3 · 7b430c3
1 parent ff0ddaf
commit 7b430c3
Showing 1 changed file with 55 additions and 9 deletions.
diff --git a/src/coreEnforcer.ts b/src/coreEnforcer.ts
@@ -31,6 +31,7 @@ import {
   generatorRunAsync,
   customIn,
   bracketCompatible,
+  removeComments,
 } from './util';
 import { getLogger, logPrint } from './log';
 import { MatchingFunc } from './rbac';
@@ -417,6 +418,7 @@ export class CoreEnforcer {
   private *privateEnforce(
     asyncCompile = true,
     explain = false,
+    matcher: string,
     enforceContext: EnforceContext = new EnforceContext('r', 'p', 'e', 'm'),
     ...rvals: any[]
   ): EnforceResult {
@@ -437,8 +439,15 @@ export class CoreEnforcer {
       const rm = value.rm;
       functions[key] = asyncCompile ? generateGFunction(rm) : generateSyncedGFunction(rm);
     });
+
+    let expString;
 
-    const expString = this.model.model.get('m')?.get(enforceContext.mType)?.value;
+    if (!matcher) {
+      expString = this.model.model.get('m')?.get(enforceContext.mType)?.value;
+    } else {
+      expString = removeComments(escapeAssertion(matcher));
+    }
+
     if (!expString) {
       throw new Error('Unable to find matchers in model');
     }
@@ -604,9 +613,9 @@ export class CoreEnforcer {
   public enforceSync(...rvals: any[]): boolean {
     if (rvals[0] instanceof EnforceContext) {
       const enforceContext: EnforceContext = rvals.shift();
-      return generatorRunSync(this.privateEnforce(false, false, enforceContext, ...rvals));
+      return generatorRunSync(this.privateEnforce(false, false, '', enforceContext, ...rvals));
     }
-    return generatorRunSync(this.privateEnforce(false, false, this.defaultEnforceContext, ...rvals));
+    return generatorRunSync(this.privateEnforce(false, false, '', this.defaultEnforceContext, ...rvals));
   }
 
   /**
@@ -622,9 +631,9 @@ export class CoreEnforcer {
   public enforceExSync(...rvals: any[]): [boolean, string[]] {
     if (rvals[0] instanceof EnforceContext) {
       const enforceContext: EnforceContext = rvals.shift();
-      return generatorRunSync(this.privateEnforce(false, true, enforceContext, ...rvals));
+      return generatorRunSync(this.privateEnforce(false, true, '', enforceContext, ...rvals));
     }
-    return generatorRunSync(this.privateEnforce(false, true, this.defaultEnforceContext, ...rvals));
+    return generatorRunSync(this.privateEnforce(false, true, '', this.defaultEnforceContext, ...rvals));
   }
 
   /**
@@ -645,11 +654,30 @@ export class CoreEnforcer {
   public async enforce(...rvals: any[]): Promise<boolean> {
     if (rvals[0] instanceof EnforceContext) {
       const enforceContext: EnforceContext = rvals.shift();
-      return generatorRunAsync(this.privateEnforce(true, false, enforceContext, ...rvals));
+      return generatorRunAsync(this.privateEnforce(true, false, '', enforceContext, ...rvals));
     }
-    return generatorRunAsync(this.privateEnforce(true, false, this.defaultEnforceContext, ...rvals));
+    return generatorRunAsync(this.privateEnforce(true, false, '', this.defaultEnforceContext, ...rvals));
   }
 
+  /**
+   * enforceWithMatcher decides whether a "subject" can access a "object" with
+   * the operation "action" but with the matcher passed,
+   * input parameters are usually: (matcher, sub, obj, act).
+   *
+   * @param matcher matcher string.
+   * @param rvals the request needs to be mediated, usually an array
+   *              of strings, can be class instances if ABAC is used.
+   * @return whether to allow the request.
+   */
+  public async enforceWithMatcher(matcher: string, ...rvals: any[]): Promise<boolean> {
+    if (rvals[0] instanceof EnforceContext) {
+      const enforceContext: EnforceContext = rvals.shift();
+      return generatorRunAsync(this.privateEnforce(true, false, matcher, enforceContext, ...rvals));
+    }
+    return generatorRunAsync(this.privateEnforce(true, false, matcher, this.defaultEnforceContext, ...rvals));
+  }
+
+
   /**
    * enforce decides whether a "subject" can access a "object" with
    * the operation "action", input parameters are usually: (sub, obj, act).
@@ -661,9 +689,27 @@ export class CoreEnforcer {
   public async enforceEx(...rvals: any[]): Promise<[boolean, string[]]> {
     if (rvals[0] instanceof EnforceContext) {
       const enforceContext: EnforceContext = rvals.shift();
-      return generatorRunAsync(this.privateEnforce(true, true, enforceContext, ...rvals));
+      return generatorRunAsync(this.privateEnforce(true, true, '', enforceContext, ...rvals));
+    }
+    return generatorRunAsync(this.privateEnforce(true, true, '', this.defaultEnforceContext, ...rvals));
+  }
+
+  /**
+   * enforceExWithMatcher decides whether a "subject" can access a "object" with
+   * the operation "action" but with the matcher passed,
+   *  input parameters are usually: (matcher, sub, obj, act).
+   *
+   * @param matcher matcher string.
+   * @param rvals the request needs to be mediated, usually an array
+   *              of strings, can be class instances if ABAC is used.
+   * @return whether to allow the request and the reason rule.
+   */
+  public async enforceExWithMatcher(matcher: string, ...rvals: any[]): Promise<[boolean, string[]]> {
+      if (rvals[0] instanceof EnforceContext) {
+      const enforceContext: EnforceContext = rvals.shift();
+      return generatorRunAsync(this.privateEnforce(true, true, matcher, enforceContext, ...rvals));
     }
-    return generatorRunAsync(this.privateEnforce(true, true, this.defaultEnforceContext, ...rvals));
+    return generatorRunAsync(this.privateEnforce(true, true, matcher, this.defaultEnforceContext, ...rvals));
   }
 
   /**