casbin-ruby 1.0.4 → 1.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +25 -15
- data/lib/casbin-ruby/management_enforcer.rb +1 -1
- data/lib/casbin-ruby/model/policy.rb +3 -6
- data/lib/casbin-ruby/util.rb +1 -1
- data/lib/casbin-ruby/util/thread_lock.rb +4 -1
- data/lib/casbin-ruby/version.rb +1 -1
- data/spec/casbin/enforcer_spec.rb +20 -0
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 52748f22fb42a7b98e526eb475ed1826028679e2c85396cb6951bf2f007c082d
|
|
4
|
+
data.tar.gz: 40f1e3d7ad0cf3d49fd21fe4cb2b5312416bbba7b9d8e23001674d9dbebefff4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d714d3c773d7d65df64051133979f5c099baa5c683d46323e63c4855c8e612ffc010cc0f3c8b28bab8dec1de1e1d3c052c94212ed4a889664eb75ec935dbb6ca
|
|
7
|
+
data.tar.gz: a1c09f4287fbd1244fa189efc539a115f5c32c34fef9e9ab310b41800600d9913567a63bccc9ac36166cdbf7a479efe7cccd379a371d096b2703fc86734a846f
|
data/README.md
CHANGED
|
@@ -8,6 +8,7 @@ at: http://casbin.org/editor/
|
|
|
8
8
|
|
|
9
9
|
Casbin is a powerful and efficient open-source access control library for Ruby projects. It provides support for
|
|
10
10
|
enforcing authorization based on various [access control models](https://en.wikipedia.org/wiki/Computer_security_model).
|
|
11
|
+
Ruby version is ported & [supported by Evrone](https://evrone.com/?utm_campaign=casbinruby). More information you can find in articles [in English](https://evrone.com/casbin-ruby?utm_campaign=casbinruby).
|
|
11
12
|
|
|
12
13
|
## All the languages supported by Casbin:
|
|
13
14
|
|
|
@@ -130,7 +131,7 @@ What Casbin does NOT do:
|
|
|
130
131
|
## Installation
|
|
131
132
|
|
|
132
133
|
```
|
|
133
|
-
gem 'casbin
|
|
134
|
+
gem 'casbin-ruby'
|
|
134
135
|
```
|
|
135
136
|
|
|
136
137
|
## Documentation
|
|
@@ -151,7 +152,7 @@ https://casbin.org/docs/en/tutorials
|
|
|
151
152
|
|
|
152
153
|
```ruby
|
|
153
154
|
# TODO: correct `require`
|
|
154
|
-
require 'casbin'
|
|
155
|
+
require 'casbin-ruby'
|
|
155
156
|
enforcer = Casbin::Enforcer.new("path/to/model.conf", "path/to/policy.csv")
|
|
156
157
|
```
|
|
157
158
|
|
|
@@ -186,8 +187,8 @@ See [Policy management APIs](#policy-management) for more usage.
|
|
|
186
187
|
|
|
187
188
|
Casbin provides two sets of APIs to manage permissions:
|
|
188
189
|
|
|
189
|
-
- [Management API](https://github.com/casbin/casbin/blob/
|
|
190
|
-
- [RBAC API](https://github.com/casbin/casbin/blob/
|
|
190
|
+
- [Management API](https://github.com/casbin/casbin/blob/main/management_api.go): the primitive API that provides full support for Casbin policy management. See [here](https://github.com/casbin/casbin/blob/main/management_api_test.go) for examples.
|
|
191
|
+
- [RBAC API](https://github.com/casbin/casbin/blob/main/rbac_api.go): a more friendly API for RBAC. This API is a subset of Management API. The RBAC users could use this API to simplify the code. See [here](https://github.com/casbin/casbin/blob/main/rbac_api_test.go) for examples.
|
|
191
192
|
|
|
192
193
|
We also provide a web-based UI for model management and policy management:
|
|
193
194
|
|
|
@@ -211,17 +212,17 @@ https://casbin.org/docs/en/benchmark
|
|
|
211
212
|
|
|
212
213
|
Model | Model file | Policy file
|
|
213
214
|
----|------|----
|
|
214
|
-
ACL | [basic_model.conf](https://github.com/casbin/casbin/blob/
|
|
215
|
-
ACL with superuser | [basic_model_with_root.conf](https://github.com/casbin/casbin/blob/
|
|
216
|
-
ACL without users | [basic_model_without_users.conf](https://github.com/casbin/casbin/blob/
|
|
217
|
-
ACL without resources | [basic_model_without_resources.conf](https://github.com/casbin/casbin/blob/
|
|
218
|
-
RBAC | [rbac_model.conf](https://github.com/casbin/casbin/blob/
|
|
219
|
-
RBAC with resource roles | [rbac_model_with_resource_roles.conf](https://github.com/casbin/casbin/blob/
|
|
220
|
-
RBAC with domains/tenants | [rbac_model_with_domains.conf](https://github.com/casbin/casbin/blob/
|
|
221
|
-
ABAC | [abac_model.conf](https://github.com/casbin/casbin/blob/
|
|
222
|
-
RESTful | [keymatch_model.conf](https://github.com/casbin/casbin/blob/
|
|
223
|
-
Deny-override | [rbac_model_with_deny.conf](https://github.com/casbin/casbin/blob/
|
|
224
|
-
Priority | [priority_model.conf](https://github.com/casbin/casbin/blob/
|
|
215
|
+
ACL | [basic_model.conf](https://github.com/casbin/casbin/blob/main/examples/basic_model.conf) | [basic_policy.csv](https://github.com/casbin/casbin/blob/main/examples/basic_policy.csv)
|
|
216
|
+
ACL with superuser | [basic_model_with_root.conf](https://github.com/casbin/casbin/blob/main/examples/basic_with_root_model.conf) | [basic_policy.csv](https://github.com/casbin/casbin/blob/main/examples/basic_policy.csv)
|
|
217
|
+
ACL without users | [basic_model_without_users.conf](https://github.com/casbin/casbin/blob/main/examples/basic_without_users_model.conf) | [basic_policy_without_users.csv](https://github.com/casbin/casbin/blob/main/examples/basic_without_users_policy.csv)
|
|
218
|
+
ACL without resources | [basic_model_without_resources.conf](https://github.com/casbin/casbin/blob/main/examples/basic_without_resources_model.conf) | [basic_policy_without_resources.csv](https://github.com/casbin/casbin/blob/main/examples/basic_without_resources_policy.csv)
|
|
219
|
+
RBAC | [rbac_model.conf](https://github.com/casbin/casbin/blob/main/examples/rbac_model.conf) | [rbac_policy.csv](https://github.com/casbin/casbin/blob/main/examples/rbac_policy.csv)
|
|
220
|
+
RBAC with resource roles | [rbac_model_with_resource_roles.conf](https://github.com/casbin/casbin/blob/main/examples/rbac_with_resource_roles_model.conf) | [rbac_policy_with_resource_roles.csv](https://github.com/casbin/casbin/blob/main/examples/rbac_with_resource_roles_policy.csv)
|
|
221
|
+
RBAC with domains/tenants | [rbac_model_with_domains.conf](https://github.com/casbin/casbin/blob/main/examples/rbac_with_domains_model.conf) | [rbac_policy_with_domains.csv](https://github.com/casbin/casbin/blob/main/examples/rbac_with_domains_policy.csv)
|
|
222
|
+
ABAC | [abac_model.conf](https://github.com/casbin/casbin/blob/main/examples/abac_model.conf) | N/A
|
|
223
|
+
RESTful | [keymatch_model.conf](https://github.com/casbin/casbin/blob/main/examples/keymatch_model.conf) | [keymatch_policy.csv](https://github.com/casbin/casbin/blob/main/examples/keymatch_policy.csv)
|
|
224
|
+
Deny-override | [rbac_model_with_deny.conf](https://github.com/casbin/casbin/blob/main/examples/rbac_with_deny_model.conf) | [rbac_policy_with_deny.csv](https://github.com/casbin/casbin/blob/main/examples/rbac_with_deny_policy.csv)
|
|
225
|
+
Priority | [priority_model.conf](https://github.com/casbin/casbin/blob/main/examples/priority_model.conf) | [priority_policy.csv](https://github.com/casbin/casbin/blob/main/examples/priority_policy.csv)
|
|
225
226
|
|
|
226
227
|
## Middlewares
|
|
227
228
|
|
|
@@ -233,6 +234,15 @@ In process
|
|
|
233
234
|
|
|
234
235
|
## Contributors
|
|
235
236
|
|
|
237
|
+
## Sponsors
|
|
238
|
+
|
|
239
|
+
<p>
|
|
240
|
+
<a href="https://evrone.com/?utm_source=github&utm_campaign=casbin-ruby">
|
|
241
|
+
<img src="https://camo.githubusercontent.com/433f193098927e4e7229c229c8920f77898282063d4fc3cbafb04ea3d24d73df/68747470733a2f2f6576726f6e652e636f6d2f6c6f676f2f6576726f6e652d73706f6e736f7265642d6c6f676f2e706e67"
|
|
242
|
+
alt="Sponsored by Evrone" width="210">
|
|
243
|
+
</a>
|
|
244
|
+
</p>
|
|
245
|
+
|
|
236
246
|
## License
|
|
237
247
|
|
|
238
248
|
## Contact
|
|
@@ -114,7 +114,8 @@ module Casbin
|
|
|
114
114
|
|
|
115
115
|
# removes policy rules based on field filters from the model.
|
|
116
116
|
def remove_filtered_policy(sec, ptype, field_index, *field_values)
|
|
117
|
-
return false unless model.key?(sec)
|
|
117
|
+
return false unless model.key?(sec)
|
|
118
|
+
return false unless model[sec].include?(ptype)
|
|
118
119
|
|
|
119
120
|
state = { tmp: [], res: false }
|
|
120
121
|
model[sec][ptype].policy.each do |rule|
|
|
@@ -142,12 +143,8 @@ module Casbin
|
|
|
142
143
|
private
|
|
143
144
|
|
|
144
145
|
def filtered_rule(state, rule, field_values, field_index)
|
|
145
|
-
matched = true
|
|
146
|
-
|
|
147
146
|
field_values.each_with_index do |field_value, index|
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
if matched
|
|
147
|
+
if field_value == '' || rule[field_index + index] == field_value
|
|
151
148
|
state[:res] = true
|
|
152
149
|
else
|
|
153
150
|
state[:tmp] << rule
|
data/lib/casbin-ruby/util.rb
CHANGED
|
@@ -1,12 +1,15 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require 'singleton'
|
|
4
|
+
require 'forwardable'
|
|
4
5
|
|
|
5
6
|
class ThreadLock
|
|
6
7
|
include Singleton
|
|
7
8
|
|
|
8
9
|
class << self
|
|
9
|
-
|
|
10
|
+
extend Forwardable
|
|
11
|
+
|
|
12
|
+
def_delegators :instance, :thread=, :lock?
|
|
10
13
|
end
|
|
11
14
|
|
|
12
15
|
attr_accessor :thread
|
data/lib/casbin-ruby/version.rb
CHANGED
|
@@ -28,6 +28,26 @@ describe Casbin::Enforcer do
|
|
|
28
28
|
enf.load_model
|
|
29
29
|
expect(enf.model).not_to be_nil
|
|
30
30
|
end
|
|
31
|
+
|
|
32
|
+
it '#remove_filtered_policy' do
|
|
33
|
+
expect(enf.enforce('alice', 'data1', 'read')).to be_truthy
|
|
34
|
+
enf.remove_filtered_policy(1, 'data1')
|
|
35
|
+
expect(enf.enforce('alice', 'data1', 'read')).to be_falsey
|
|
36
|
+
|
|
37
|
+
expect(enf.enforce('bob', 'data2', 'write')).to be_truthy
|
|
38
|
+
enf.remove_filtered_policy(2, 'write')
|
|
39
|
+
expect(enf.enforce('bob', 'data2', 'write')).to be_falsey
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
it '#add_policy' do
|
|
43
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_falsey
|
|
44
|
+
enf.add_policy('alice', 'data3', 'read')
|
|
45
|
+
enf.add_policy('alice', 'data4', 'read')
|
|
46
|
+
enf.add_policy(%w[alice data5 read])
|
|
47
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_truthy
|
|
48
|
+
expect(enf.enforce('alice', 'data4', 'read')).to be_truthy
|
|
49
|
+
expect(enf.enforce('alice', 'data5', 'read')).to be_truthy
|
|
50
|
+
end
|
|
31
51
|
end
|
|
32
52
|
|
|
33
53
|
describe 'basic without spaces' do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: casbin-ruby
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Igor Kutyavin
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-
|
|
12
|
+
date: 2021-08-16 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: keisan
|
|
@@ -140,12 +140,12 @@ signing_key:
|
|
|
140
140
|
specification_version: 4
|
|
141
141
|
summary: Casbin in Ruby
|
|
142
142
|
test_files:
|
|
143
|
-
- spec/
|
|
144
|
-
- spec/casbin/enforcer_spec.rb
|
|
145
|
-
- spec/casbin/model/function_map_spec.rb
|
|
143
|
+
- spec/support/model_helper.rb
|
|
146
144
|
- spec/casbin/rbac/default_role_manager/role_spec.rb
|
|
147
145
|
- spec/casbin/rbac/default_role_manager/role_manager_spec.rb
|
|
148
|
-
- spec/casbin/
|
|
146
|
+
- spec/casbin/enforcer_spec.rb
|
|
149
147
|
- spec/casbin/util/builtin_operators_spec.rb
|
|
150
148
|
- spec/casbin/util_spec.rb
|
|
151
|
-
- spec/
|
|
149
|
+
- spec/casbin/core_enforcer_spec.rb
|
|
150
|
+
- spec/casbin/config/config_spec.rb
|
|
151
|
+
- spec/casbin/model/function_map_spec.rb
|