casbin-ruby 1.0.3 → 1.0.4

data/lib/casbin-ruby/model/assertion.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'logger'
+
+module Casbin
+  module Model
+    class Assertion
+      attr_accessor :key, :value, :tokens, :policy, :rm
+      attr_reader :logger
+
+      def initialize(hash = {})
+        @key = hash[:key].to_s
+        @value = hash[:value].to_s
+        @tokens = [*hash[:tokens]]
+        @policy = [*hash[:policy]]
+        @logger = hash[:logger] || Logger.new($stdout)
+      end
+
+      def build_role_links(rm)
+        @rm = rm
+        count = value.count('_')
+        policy.each do |rule|
+          raise 'the number of "_" in role definition should be at least 2' if count < 2
+          raise 'grouping policy elements do not meet role definition' if rule.size < count
+
+          rm.add_link(*rule)
+          logger.info("Role links for: #{key}")
+          rm.print_roles
+        end
+      end
+    end
+  end
+end

data/lib/casbin-ruby/model/function_map.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Casbin
+  module Model
+    class FunctionMap
+      def initialize
+        @fm = {}
+      end
+
+      attr_reader :fm
+      alias get_functions fm
+
+      def add_function(name, func)
+        fm[name] = func
+      end
+
+      # It might be better to move this to initialize
+      def self.load_function_map
+        fm = FunctionMap.new
+        fm.add_function('keyMatch', ->(*args) { Util::BuiltinOperators.key_match_func(*args) })
+        fm.add_function('keyMatch2', ->(*args) { Util::BuiltinOperators.key_match2_func(*args) })
+        fm.add_function('regexMatch', ->(*args) { Util::BuiltinOperators.regex_match_func(*args) })
+        fm.add_function('ipMatch', ->(*args) { Util::BuiltinOperators.ip_match_func(*args) })
+        fm.add_function('globMatch', ->(*args) { Util::BuiltinOperators.glob_match_func(*args) })
+
+        fm
+      end
+    end
+  end
+end

data/lib/casbin-ruby/model/model.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'casbin-ruby/model/policy'
+require 'casbin-ruby/model/assertion'
+require 'casbin-ruby/config/config'
+require 'casbin-ruby/util'
+
+module Casbin
+  module Model
+    class Model < Model::Policy
+      SECTION_NAME_MAP = {
+        r: 'request_definition',
+        p: 'policy_definition',
+        g: 'role_definition',
+        e: 'policy_effect',
+        m: 'matchers'
+      }.freeze
+
+      def load_model(path)
+        cfg = Config::Config.new_config(path)
+        load_sections(cfg)
+      end
+
+      def load_model_from_text(text)
+        cfg = Config::Config.new_config_from_text(text)
+        load_sections(cfg)
+      end
+
+      def add_def(sec, key, value)
+        return false if value == ''
+
+        ast = Assertion.new(key: key, value: value, logger: logger)
+        %w[r p].include?(sec) ? ast_tokens_set(ast, key) : model_sec_set(ast)
+
+        model[sec] ||= {}
+        model[sec][key] = ast
+      end
+
+      def print_model
+        logger.info 'Model:'
+
+        model.each do |k, v|
+          v.each do |i, j|
+            logger.info "#{k}.#{i}: #{j.value}"
+          end
+        end
+      end
+
+      private
+
+      def ast_tokens_set(ast, key)
+        ast.tokens = ast.value.split(',')
+        ast.tokens.each_with_index { |token, i| ast.tokens[i] = "#{key}_#{token.strip}" }
+      end
+
+      def model_sec_set(ast)
+        ast.value = Util.remove_comments(Util.escape_assertion(ast.value))
+      end
+
+      def load_section(cfg, sec)
+        loop.with_index do |_, i|
+          break unless load_assertion(cfg, sec, "#{sec}#{get_key_suffix(i + 1)}")
+        end
+      end
+
+      def load_sections(cfg)
+        SECTION_NAME_MAP.each_key { |key| load_section(cfg, key.to_s) }
+      end
+
+      def load_assertion(cfg, sec, key)
+        value = cfg.get("#{SECTION_NAME_MAP[sec.to_sym]}::#{key}")
+        add_def(sec, key, value)
+      end
+
+      def get_key_suffix(i)
+        i == 1 ? '' : i
+      end
+    end
+  end
+end

data/lib/casbin-ruby/model/policy.rb

@@ -0,0 +1,161 @@
+# frozen_string_literal: true
+
+require 'logger'
+
+module Casbin
+  module Model
+    class Policy
+      attr_reader :model, :logger
+
+      def initialize(logger: Logger.new($stdout))
+        @model = {}
+        @logger = logger
+      end
+
+      # initializes the roles in RBAC.
+      def build_role_links(rm_map)
+        return unless model.key? 'g'
+
+        model['g'].each do |ptype, ast|
+          rm = rm_map[ptype]
+          ast.build_role_links(rm)
+        end
+      end
+
+      # Log using info
+      def print_policy
+        logger.info 'Policy:'
+
+        %w[p g].each do |sec|
+          next unless model.key? sec
+
+          model[sec].each do |key, ast|
+            logger.info "#{key} : #{ast.value} : #{ast.policy}"
+          end
+        end
+      end
+
+      # clears all current policy.
+      def clear_policy
+        %w[p g].each do |sec|
+          next unless model.key? sec
+
+          model[sec].each do |key, _ast|
+            model[sec][key].policy = []
+          end
+        end
+      end
+
+      # adds a policy rule to the model.
+      def add_policy(sec, ptype, rule)
+        return false if has_policy(sec, ptype, rule)
+
+        model[sec][ptype].policy << rule
+
+        true
+      end
+
+      # adds policy rules to the model.
+      def add_policies(sec, ptype, rules)
+        rules.each do |rule|
+          return false if has_policy(sec, ptype, rule)
+        end
+
+        model[sec][ptype].policy += rules
+
+        true
+      end
+
+      # update a policy rule from the model.
+      def update_policy(sec, ptype, old_rule, new_rule)
+        return false unless has_policy(sec, ptype, old_rule)
+
+        remove_policy(sec, ptype, old_rule) && add_policy(sec, ptype, new_rule)
+      end
+
+      # update policy rules from the model.
+      def update_policies(sec, ptype, old_rules, new_rules)
+        old_rules.each do |rule|
+          return false unless has_policy(sec, ptype, rule)
+        end
+
+        remove_policies(sec, ptype, old_rules) && add_policies(sec, ptype, new_rules)
+      end
+
+      # gets all rules in a policy.
+      def get_policy(sec, ptype)
+        model[sec][ptype].policy
+      end
+
+      # determines whether a model has the specified policy rule.
+      def has_policy(sec, ptype, rule)
+        model.key?(sec) && model[sec].key?(ptype) && model[sec][ptype].policy.include?(rule)
+      end
+
+      # removes a policy rule from the model.
+      def remove_policy(sec, ptype, rule)
+        return false unless has_policy(sec, ptype, rule)
+
+        model[sec][ptype].policy.delete(rule)
+
+        true
+      end
+
+      # removes policy rules from the model.
+      def remove_policies(sec, ptype, rules)
+        rules.each do |rule|
+          return false unless has_policy(sec, ptype, rule)
+        end
+
+        model[sec][ptype].policy.reject! { |rule| rules.include? rule }
+
+        true
+      end
+
+      # removes policy rules based on field filters from the model.
+      def remove_filtered_policy(sec, ptype, field_index, *field_values)
+        return false unless model.key?(sec) && model[sec].include?(ptype)
+
+        state = { tmp: [], res: false }
+        model[sec][ptype].policy.each do |rule|
+          state = filtered_rule(state, rule, field_values, field_index)
+        end
+
+        model[sec][ptype].policy = state[:tmp]
+        state[:res]
+      end
+
+      # gets all values for a field for all rules in a policy, duplicated values are removed.
+      def get_values_for_field_in_policy(sec, ptype, field_index)
+        values = []
+        return values unless model.keys.include?(sec)
+        return values unless model[sec].include?(ptype)
+
+        model[sec][ptype].policy.each do |rule|
+          value = rule[field_index]
+          values << value if values.include?(value)
+        end
+
+        values
+      end
+
+      private
+
+      def filtered_rule(state, rule, field_values, field_index)
+        matched = true
+
+        field_values.each_with_index do |field_value, index|
+          next matched = false if field_value != '' && field_value != rule[field_index + index]
+
+          if matched
+            state[:res] = true
+          else
+            state[:tmp] << rule
+          end
+        end
+
+        state
+      end
+    end
+  end
+end

data/lib/casbin-ruby/persist/adapter.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Casbin
+  module Persist
+    # the interface for Casbin adapters.
+    class Adapter
+      # loads all policy rules from the storage.
+      def load_policy(_model); end
+
+      # saves all policy rules to the storage.
+      def save_policy(_model); end
+
+      # adds a policy rule to the storage.
+      def add_policy(_sec, _ptype, _rule); end
+
+      # removes a policy rule from the storage.
+      def remove_policy(_sec, _ptype, _rule); end
+
+      # removes policy rules that match the filter from the storage.
+      # This is part of the Auto-Save feature.
+      def remove_filtered_policy(_sec, _ptype, _field_index, *_field_values); end
+
+      protected
+
+      # loads a text line as a policy rule to model.
+      def load_policy_line(line, model)
+        return if line == '' || line[0] == '#'
+
+        tokens = line.split(', ')
+        key = tokens[0]
+        sec = key[0]
+        return unless model.model.key?(sec)
+        return unless model.model[sec].key?(key)
+
+        model.model[sec][key].policy << tokens[1..tokens.size]
+      end
+    end
+  end
+end

data/lib/casbin-ruby/persist/adapters/file_adapter.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'casbin-ruby/persist/adapter'
+
+module Casbin
+  module Persist
+    module Adapters
+      # the file adapter for Casbin.
+      # It can load policy from file or save policy to file.
+      class FileAdapter < Persist::Adapter
+        def initialize(file_path)
+          super()
+          @file_path = file_path
+        end
+
+        def load_policy(model)
+          raise 'invalid file path, file path cannot be empty' unless File.file?(file_path)
+
+          load_policy_file(model)
+        end
+
+        def save_policy(model)
+          raise 'invalid file path, file path cannot be empty' unless File.file?(file_path)
+
+          save_policy_file(model)
+        end
+
+        private
+
+        attr_reader :file_path
+
+        def load_policy_file(model)
+          File.foreach(file_path) { |line| load_policy_line(line.chomp.strip, model) }
+        end
+
+        def save_policy_file(model)
+          # 'w:UTF-8' required for Windows
+          File.open(file_path, 'w:UTF-8') do |file|
+            file.write %w[p g].map { |root_key| policy_lines(model, root_key) }.flatten.join "\n"
+          end
+        end
+
+        def policy_lines(model, root_key)
+          return [] unless model.model.key?(root_key)
+
+          model.model[root_key].map do |key, ast|
+            ast.policy.map { |policy_values| "#{key}, #{policy_values.join ', '}" }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/casbin-ruby/persist/batch_adapter.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'casbin-ruby/persist/adapter'
+
+module Casbin
+  module Persist
+    # BatchAdapter is the interface for Casbin adapters with multiple add and remove policy functions.
+    class BatchAdapter < Persist::Adapter
+      # AddPolicies adds policy rules to the storage.
+      def add_policies(_sec, _ptype, _rules); end
+
+      # LRemovePolicies removes policy rules from the storage.
+      def remove_policies(_sec, _ptype, _rules); end
+    end
+  end
+end

data/lib/casbin-ruby/persist/filtered_adapter.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'casbin-ruby/persist/adapter'
+
+module Casbin
+  module Persist
+    # FilteredAdapter is the interface for Casbin adapters supporting filtered policies.
+    class FilteredAdapter < Persist::Adapter
+      # IsFiltered returns true if the loaded policy has been filtered
+      # Marks if the loaded policy is filtered or not
+      def filtered?; end
+
+      # Loads policy rules that match the filter from the storage.
+      def load_filtered_policy(_model, _filter); end
+    end
+  end
+end

data/lib/casbin-ruby/rbac/default_role_manager/role.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Casbin
+  module Rbac
+    module DefaultRoleManager
+      # represents the data structure for a role in RBAC.
+      class Role
+        attr_accessor :name, :roles
+
+        def initialize(name)
+          @name = name
+          @roles = []
+        end
+
+        def add_role(role)
+          return if roles.any? { |rr| rr.name == role.name }
+
+          roles << role
+        end
+
+        def delete_role(role)
+          roles.delete_if { |rr| rr.name == role.name }
+        end
+
+        def has_role(role_name, hierarchy_level)
+          return true if role_name == name
+          return false if hierarchy_level.to_i <= 0
+
+          roles.each { |role| return true if role.has_role(role_name, hierarchy_level - 1) }
+          false
+        end
+
+        def get_roles
+          roles.map(&:name)
+        end
+
+        def has_direct_role(name)
+          roles.any? { |role| role.name == name }
+        end
+
+        def to_string
+          return if roles.empty?
+
+          names = get_roles.join(', ')
+          if roles.size == 1
+            "#{name} < #{names}"
+          else
+            "#{name} < (#{names})"
+          end
+        end
+      end
+    end
+  end
+end