casbin-ruby 1.0.5 → 1.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +25 -15
- data/lib/casbin-ruby/management_enforcer.rb +3 -3
- data/lib/casbin-ruby/model/policy.rb +10 -6
- data/lib/casbin-ruby/util.rb +1 -1
- data/lib/casbin-ruby/util/thread_lock.rb +3 -2
- data/lib/casbin-ruby/version.rb +1 -1
- data/spec/casbin/enforcer_spec.rb +48 -0
- metadata +7 -9
- data/spec/casbin/util/thread_lock_spec.rb +0 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 84e517ce25e2018d9bcc8d075c9b0e898861c450b3dea1cec2d835e1d6144925
|
4
|
+
data.tar.gz: c8d5448a7aa4fbba4df0a7ce2fa1330b5bfb57bffa31473008ec80015d0ed4d5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5f5b72a96bf42091dceb1118d5fd33491e51af3afe808a5b6782efd51bc1b7df192bdacb5509c4748190507e79efb564b20ad49c352ed8bf5cf8ec21b9a25405
|
7
|
+
data.tar.gz: 77fa89b6b8379c5e6b774ebc2c029491e61495c008088a15634f29089d072a702840ab5c65d5e2a6ae5c16cdaa6842dea8fb13167b4e28a4d54355d0f2a1b524
|
data/README.md
CHANGED
@@ -8,6 +8,7 @@ at: http://casbin.org/editor/
|
|
8
8
|
|
9
9
|
Casbin is a powerful and efficient open-source access control library for Ruby projects. It provides support for
|
10
10
|
enforcing authorization based on various [access control models](https://en.wikipedia.org/wiki/Computer_security_model).
|
11
|
+
Ruby version is ported & [supported by Evrone](https://evrone.com/?utm_campaign=casbinruby). More information you can find in articles [in English](https://evrone.com/casbin-ruby?utm_campaign=casbinruby).
|
11
12
|
|
12
13
|
## All the languages supported by Casbin:
|
13
14
|
|
@@ -130,7 +131,7 @@ What Casbin does NOT do:
|
|
130
131
|
## Installation
|
131
132
|
|
132
133
|
```
|
133
|
-
gem 'casbin
|
134
|
+
gem 'casbin-ruby'
|
134
135
|
```
|
135
136
|
|
136
137
|
## Documentation
|
@@ -151,7 +152,7 @@ https://casbin.org/docs/en/tutorials
|
|
151
152
|
|
152
153
|
```ruby
|
153
154
|
# TODO: correct `require`
|
154
|
-
require 'casbin'
|
155
|
+
require 'casbin-ruby'
|
155
156
|
enforcer = Casbin::Enforcer.new("path/to/model.conf", "path/to/policy.csv")
|
156
157
|
```
|
157
158
|
|
@@ -186,8 +187,8 @@ See [Policy management APIs](#policy-management) for more usage.
|
|
186
187
|
|
187
188
|
Casbin provides two sets of APIs to manage permissions:
|
188
189
|
|
189
|
-
- [Management API](https://github.com/casbin/casbin/blob/
|
190
|
-
- [RBAC API](https://github.com/casbin/casbin/blob/
|
190
|
+
- [Management API](https://github.com/casbin/casbin/blob/main/management_api.go): the primitive API that provides full support for Casbin policy management. See [here](https://github.com/casbin/casbin/blob/main/management_api_test.go) for examples.
|
191
|
+
- [RBAC API](https://github.com/casbin/casbin/blob/main/rbac_api.go): a more friendly API for RBAC. This API is a subset of Management API. The RBAC users could use this API to simplify the code. See [here](https://github.com/casbin/casbin/blob/main/rbac_api_test.go) for examples.
|
191
192
|
|
192
193
|
We also provide a web-based UI for model management and policy management:
|
193
194
|
|
@@ -211,17 +212,17 @@ https://casbin.org/docs/en/benchmark
|
|
211
212
|
|
212
213
|
Model | Model file | Policy file
|
213
214
|
----|------|----
|
214
|
-
ACL | [basic_model.conf](https://github.com/casbin/casbin/blob/
|
215
|
-
ACL with superuser | [basic_model_with_root.conf](https://github.com/casbin/casbin/blob/
|
216
|
-
ACL without users | [basic_model_without_users.conf](https://github.com/casbin/casbin/blob/
|
217
|
-
ACL without resources | [basic_model_without_resources.conf](https://github.com/casbin/casbin/blob/
|
218
|
-
RBAC | [rbac_model.conf](https://github.com/casbin/casbin/blob/
|
219
|
-
RBAC with resource roles | [rbac_model_with_resource_roles.conf](https://github.com/casbin/casbin/blob/
|
220
|
-
RBAC with domains/tenants | [rbac_model_with_domains.conf](https://github.com/casbin/casbin/blob/
|
221
|
-
ABAC | [abac_model.conf](https://github.com/casbin/casbin/blob/
|
222
|
-
RESTful | [keymatch_model.conf](https://github.com/casbin/casbin/blob/
|
223
|
-
Deny-override | [rbac_model_with_deny.conf](https://github.com/casbin/casbin/blob/
|
224
|
-
Priority | [priority_model.conf](https://github.com/casbin/casbin/blob/
|
215
|
+
ACL | [basic_model.conf](https://github.com/casbin/casbin/blob/main/examples/basic_model.conf) | [basic_policy.csv](https://github.com/casbin/casbin/blob/main/examples/basic_policy.csv)
|
216
|
+
ACL with superuser | [basic_model_with_root.conf](https://github.com/casbin/casbin/blob/main/examples/basic_with_root_model.conf) | [basic_policy.csv](https://github.com/casbin/casbin/blob/main/examples/basic_policy.csv)
|
217
|
+
ACL without users | [basic_model_without_users.conf](https://github.com/casbin/casbin/blob/main/examples/basic_without_users_model.conf) | [basic_policy_without_users.csv](https://github.com/casbin/casbin/blob/main/examples/basic_without_users_policy.csv)
|
218
|
+
ACL without resources | [basic_model_without_resources.conf](https://github.com/casbin/casbin/blob/main/examples/basic_without_resources_model.conf) | [basic_policy_without_resources.csv](https://github.com/casbin/casbin/blob/main/examples/basic_without_resources_policy.csv)
|
219
|
+
RBAC | [rbac_model.conf](https://github.com/casbin/casbin/blob/main/examples/rbac_model.conf) | [rbac_policy.csv](https://github.com/casbin/casbin/blob/main/examples/rbac_policy.csv)
|
220
|
+
RBAC with resource roles | [rbac_model_with_resource_roles.conf](https://github.com/casbin/casbin/blob/main/examples/rbac_with_resource_roles_model.conf) | [rbac_policy_with_resource_roles.csv](https://github.com/casbin/casbin/blob/main/examples/rbac_with_resource_roles_policy.csv)
|
221
|
+
RBAC with domains/tenants | [rbac_model_with_domains.conf](https://github.com/casbin/casbin/blob/main/examples/rbac_with_domains_model.conf) | [rbac_policy_with_domains.csv](https://github.com/casbin/casbin/blob/main/examples/rbac_with_domains_policy.csv)
|
222
|
+
ABAC | [abac_model.conf](https://github.com/casbin/casbin/blob/main/examples/abac_model.conf) | N/A
|
223
|
+
RESTful | [keymatch_model.conf](https://github.com/casbin/casbin/blob/main/examples/keymatch_model.conf) | [keymatch_policy.csv](https://github.com/casbin/casbin/blob/main/examples/keymatch_policy.csv)
|
224
|
+
Deny-override | [rbac_model_with_deny.conf](https://github.com/casbin/casbin/blob/main/examples/rbac_with_deny_model.conf) | [rbac_policy_with_deny.csv](https://github.com/casbin/casbin/blob/main/examples/rbac_with_deny_policy.csv)
|
225
|
+
Priority | [priority_model.conf](https://github.com/casbin/casbin/blob/main/examples/priority_model.conf) | [priority_policy.csv](https://github.com/casbin/casbin/blob/main/examples/priority_policy.csv)
|
225
226
|
|
226
227
|
## Middlewares
|
227
228
|
|
@@ -233,6 +234,15 @@ In process
|
|
233
234
|
|
234
235
|
## Contributors
|
235
236
|
|
237
|
+
## Sponsors
|
238
|
+
|
239
|
+
<p>
|
240
|
+
<a href="https://evrone.com/?utm_source=github&utm_campaign=casbin-ruby">
|
241
|
+
<img src="https://camo.githubusercontent.com/433f193098927e4e7229c229c8920f77898282063d4fc3cbafb04ea3d24d73df/68747470733a2f2f6576726f6e652e636f6d2f6c6f676f2f6576726f6e652d73706f6e736f7265642d6c6f676f2e706e67"
|
242
|
+
alt="Sponsored by Evrone" width="210">
|
243
|
+
</a>
|
244
|
+
</p>
|
245
|
+
|
236
246
|
## License
|
237
247
|
|
238
248
|
## Contact
|
@@ -130,7 +130,7 @@ module Casbin
|
|
130
130
|
if params.size == 1 && params[0].is_a?(Array)
|
131
131
|
parent_add_policy('p', ptype, params[0])
|
132
132
|
else
|
133
|
-
parent_add_policy('p', ptype,
|
133
|
+
parent_add_policy('p', ptype, params)
|
134
134
|
end
|
135
135
|
end
|
136
136
|
|
@@ -182,7 +182,7 @@ module Casbin
|
|
182
182
|
if params.size == 1 && params[0].is_a?(Array)
|
183
183
|
parent_remove_policy('p', ptype, params[0])
|
184
184
|
else
|
185
|
-
parent_remove_policy('p', ptype,
|
185
|
+
parent_remove_policy('p', ptype, params)
|
186
186
|
end
|
187
187
|
end
|
188
188
|
|
@@ -235,7 +235,7 @@ module Casbin
|
|
235
235
|
rule_added = if params.size == 1 && params[0].is_a?(Array)
|
236
236
|
parent_add_policy('g', ptype, params[0])
|
237
237
|
else
|
238
|
-
parent_add_policy('g', ptype,
|
238
|
+
parent_add_policy('g', ptype, params)
|
239
239
|
end
|
240
240
|
|
241
241
|
auto_build_role_links ? build_role_links : rule_added
|
@@ -112,9 +112,17 @@ module Casbin
|
|
112
112
|
true
|
113
113
|
end
|
114
114
|
|
115
|
+
# gets rules based on field filters from a policy.
|
116
|
+
def get_filtered_policy(sec, ptype, field_index, *field_values)
|
117
|
+
model[sec][ptype].policy.select do |rule|
|
118
|
+
field_values.select { |value| rule[field_index] == value }.any?
|
119
|
+
end.compact
|
120
|
+
end
|
121
|
+
|
115
122
|
# removes policy rules based on field filters from the model.
|
116
123
|
def remove_filtered_policy(sec, ptype, field_index, *field_values)
|
117
|
-
return false unless model.key?(sec)
|
124
|
+
return false unless model.key?(sec)
|
125
|
+
return false unless model[sec].include?(ptype)
|
118
126
|
|
119
127
|
state = { tmp: [], res: false }
|
120
128
|
model[sec][ptype].policy.each do |rule|
|
@@ -142,12 +150,8 @@ module Casbin
|
|
142
150
|
private
|
143
151
|
|
144
152
|
def filtered_rule(state, rule, field_values, field_index)
|
145
|
-
matched = true
|
146
|
-
|
147
153
|
field_values.each_with_index do |field_value, index|
|
148
|
-
|
149
|
-
|
150
|
-
if matched
|
154
|
+
if field_value == '' || rule[field_index + index] == field_value
|
151
155
|
state[:res] = true
|
152
156
|
else
|
153
157
|
state[:tmp] << rule
|
data/lib/casbin-ruby/util.rb
CHANGED
@@ -8,7 +8,8 @@ class ThreadLock
|
|
8
8
|
|
9
9
|
class << self
|
10
10
|
extend Forwardable
|
11
|
-
|
11
|
+
|
12
|
+
def_delegators :instance, :thread=, :lock?
|
12
13
|
end
|
13
14
|
|
14
15
|
attr_accessor :thread
|
@@ -16,6 +17,6 @@ class ThreadLock
|
|
16
17
|
def lock?
|
17
18
|
return false unless thread
|
18
19
|
|
19
|
-
thread.
|
20
|
+
thread.active?
|
20
21
|
end
|
21
22
|
end
|
data/lib/casbin-ruby/version.rb
CHANGED
@@ -28,6 +28,42 @@ describe Casbin::Enforcer do
|
|
28
28
|
enf.load_model
|
29
29
|
expect(enf.model).not_to be_nil
|
30
30
|
end
|
31
|
+
|
32
|
+
it '#get_filtered_policy' do
|
33
|
+
expect(enf.enforce('alice', 'data1', 'read')).to be_truthy
|
34
|
+
expect(enf.get_filtered_policy(0, 'alice')).to match_array([%w[alice data1 read]])
|
35
|
+
end
|
36
|
+
|
37
|
+
it '#remove_filtered_policy' do
|
38
|
+
expect(enf.enforce('alice', 'data1', 'read')).to be_truthy
|
39
|
+
enf.remove_filtered_policy(1, 'data1')
|
40
|
+
expect(enf.enforce('alice', 'data1', 'read')).to be_falsey
|
41
|
+
|
42
|
+
expect(enf.enforce('bob', 'data2', 'write')).to be_truthy
|
43
|
+
enf.remove_filtered_policy(2, 'write')
|
44
|
+
expect(enf.enforce('bob', 'data2', 'write')).to be_falsey
|
45
|
+
end
|
46
|
+
|
47
|
+
it '#add_policy' do
|
48
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_falsey
|
49
|
+
enf.add_policy('alice', 'data3', 'read')
|
50
|
+
enf.add_policy('alice', 'data4', 'read')
|
51
|
+
enf.add_policy(%w[alice data5 read])
|
52
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_truthy
|
53
|
+
expect(enf.enforce('alice', 'data4', 'read')).to be_truthy
|
54
|
+
expect(enf.enforce('alice', 'data5', 'read')).to be_truthy
|
55
|
+
end
|
56
|
+
|
57
|
+
it '#remove_policy' do
|
58
|
+
enf.add_policy('alice', 'data3', 'read')
|
59
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_truthy
|
60
|
+
enf.remove_policy('alice', 'data3', 'read')
|
61
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_falsey
|
62
|
+
enf.add_policy('alice', 'data3', 'read')
|
63
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_truthy
|
64
|
+
enf.remove_policy(%w[alice data3 read])
|
65
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_falsey
|
66
|
+
end
|
31
67
|
end
|
32
68
|
|
33
69
|
describe 'basic without spaces' do
|
@@ -140,6 +176,18 @@ describe Casbin::Enforcer do
|
|
140
176
|
expect(enf.enforce('alice', 'data2', 'write')).to be_truthy
|
141
177
|
expect(enf.enforce('bogus', 'data2', 'write')).to be_falsey
|
142
178
|
end
|
179
|
+
|
180
|
+
it '#add_grouping_policy' do
|
181
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_falsey
|
182
|
+
enf.add_policy('base', 'data3', 'read')
|
183
|
+
enf.add_policy(%w[alice data4 read])
|
184
|
+
enf.add_grouping_policy('alice', 'base')
|
185
|
+
enf.add_grouping_policy(%w[bob base])
|
186
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_truthy
|
187
|
+
expect(enf.enforce('bob', 'data3', 'read')).to be_truthy
|
188
|
+
expect(enf.enforce('alice', 'data4', 'read')).to be_truthy
|
189
|
+
expect(enf.enforce('bob', 'data4', 'read')).to be_falsey
|
190
|
+
end
|
143
191
|
end
|
144
192
|
|
145
193
|
describe 'rbac empty policy' do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: casbin-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Igor Kutyavin
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-08-23 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: keisan
|
@@ -113,7 +113,6 @@ files:
|
|
113
113
|
- spec/casbin/rbac/default_role_manager/role_manager_spec.rb
|
114
114
|
- spec/casbin/rbac/default_role_manager/role_spec.rb
|
115
115
|
- spec/casbin/util/builtin_operators_spec.rb
|
116
|
-
- spec/casbin/util/thread_lock_spec.rb
|
117
116
|
- spec/casbin/util_spec.rb
|
118
117
|
- spec/support/model_helper.rb
|
119
118
|
homepage: https://github.com/evrone/casbin-ruby
|
@@ -141,13 +140,12 @@ signing_key:
|
|
141
140
|
specification_version: 4
|
142
141
|
summary: Casbin in Ruby
|
143
142
|
test_files:
|
144
|
-
- spec/
|
145
|
-
- spec/casbin/enforcer_spec.rb
|
146
|
-
- spec/casbin/model/function_map_spec.rb
|
143
|
+
- spec/support/model_helper.rb
|
147
144
|
- spec/casbin/rbac/default_role_manager/role_spec.rb
|
148
145
|
- spec/casbin/rbac/default_role_manager/role_manager_spec.rb
|
149
|
-
- spec/casbin/
|
150
|
-
- spec/casbin/util/thread_lock_spec.rb
|
146
|
+
- spec/casbin/enforcer_spec.rb
|
151
147
|
- spec/casbin/util/builtin_operators_spec.rb
|
152
148
|
- spec/casbin/util_spec.rb
|
153
|
-
- spec/
|
149
|
+
- spec/casbin/core_enforcer_spec.rb
|
150
|
+
- spec/casbin/config/config_spec.rb
|
151
|
+
- spec/casbin/model/function_map_spec.rb
|
@@ -1,17 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'casbin-ruby/util/thread_lock'
|
4
|
-
|
5
|
-
describe ThreadLock do
|
6
|
-
it '#lock? with no thread' do
|
7
|
-
expect(described_class).not_to be_lock
|
8
|
-
end
|
9
|
-
|
10
|
-
it '#lock? with thread' do
|
11
|
-
described_class.thread = Thread.new { loop }
|
12
|
-
expect(described_class).to be_lock
|
13
|
-
described_class.thread.exit
|
14
|
-
sleep 0.001 # waiting exit
|
15
|
-
expect(described_class).not_to be_lock
|
16
|
-
end
|
17
|
-
end
|