casbin-ruby 1.0.6 → 1.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/lib/casbin-ruby/management_enforcer.rb +6 -6
- data/lib/casbin-ruby/model/policy.rb +7 -0
- data/lib/casbin-ruby/util/thread_lock.rb +4 -1
- data/lib/casbin-ruby/version.rb +1 -1
- data/spec/casbin/enforcer_spec.rb +164 -0
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 88e68e3c8f15c55fbeba3bf37683124c9d2fb17a8d2dd408f3ed7d36a430fe95
|
4
|
+
data.tar.gz: 124e945552b694c89ef488a71d286d6171118281041c2823db896efb56ec0d83
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 10b12e4a479b2c3d4f7b70f33750d604292f15aaae6441968559a7d7ae195e4a5b291a3ce69fe553e7c976020218fa1b2dd2dcb86c58a9483868c30eef38842c
|
7
|
+
data.tar.gz: 225eaf757fbaab699f3a4c832020b9ca527e2b53e2f03c843631dadf81a1f199c0135447cc9a41bc96f509712011feca18970c02949fa037543e1a1c77aa08c1
|
data/README.md
CHANGED
@@ -131,7 +131,7 @@ What Casbin does NOT do:
|
|
131
131
|
## Installation
|
132
132
|
|
133
133
|
```
|
134
|
-
gem 'casbin
|
134
|
+
gem 'casbin-ruby'
|
135
135
|
```
|
136
136
|
|
137
137
|
## Documentation
|
@@ -152,7 +152,7 @@ https://casbin.org/docs/en/tutorials
|
|
152
152
|
|
153
153
|
```ruby
|
154
154
|
# TODO: correct `require`
|
155
|
-
require 'casbin'
|
155
|
+
require 'casbin-ruby'
|
156
156
|
enforcer = Casbin::Enforcer.new("path/to/model.conf", "path/to/policy.csv")
|
157
157
|
```
|
158
158
|
|
@@ -102,7 +102,7 @@ module Casbin
|
|
102
102
|
if params.size == 1 && params[0].is_a?(Array)
|
103
103
|
model.has_policy('p', ptype, params[0])
|
104
104
|
else
|
105
|
-
model.has_policy('p', ptype,
|
105
|
+
model.has_policy('p', ptype, params)
|
106
106
|
end
|
107
107
|
end
|
108
108
|
|
@@ -130,7 +130,7 @@ module Casbin
|
|
130
130
|
if params.size == 1 && params[0].is_a?(Array)
|
131
131
|
parent_add_policy('p', ptype, params[0])
|
132
132
|
else
|
133
|
-
parent_add_policy('p', ptype,
|
133
|
+
parent_add_policy('p', ptype, params)
|
134
134
|
end
|
135
135
|
end
|
136
136
|
|
@@ -182,7 +182,7 @@ module Casbin
|
|
182
182
|
if params.size == 1 && params[0].is_a?(Array)
|
183
183
|
parent_remove_policy('p', ptype, params[0])
|
184
184
|
else
|
185
|
-
parent_remove_policy('p', ptype,
|
185
|
+
parent_remove_policy('p', ptype, params)
|
186
186
|
end
|
187
187
|
end
|
188
188
|
|
@@ -206,7 +206,7 @@ module Casbin
|
|
206
206
|
if params.size == 1 && params[0].is_a?(Array)
|
207
207
|
model.has_policy('g', ptype, params[0])
|
208
208
|
else
|
209
|
-
model.has_policy('g', ptype,
|
209
|
+
model.has_policy('g', ptype, params)
|
210
210
|
end
|
211
211
|
end
|
212
212
|
|
@@ -235,7 +235,7 @@ module Casbin
|
|
235
235
|
rule_added = if params.size == 1 && params[0].is_a?(Array)
|
236
236
|
parent_add_policy('g', ptype, params[0])
|
237
237
|
else
|
238
|
-
parent_add_policy('g', ptype,
|
238
|
+
parent_add_policy('g', ptype, params)
|
239
239
|
end
|
240
240
|
|
241
241
|
auto_build_role_links ? build_role_links : rule_added
|
@@ -271,7 +271,7 @@ module Casbin
|
|
271
271
|
rule_added = if params.size == 1 && params[0].is_a?(Array)
|
272
272
|
parent_remove_policy('g', ptype, params[0])
|
273
273
|
else
|
274
|
-
parent_remove_policy('g', ptype,
|
274
|
+
parent_remove_policy('g', ptype, params)
|
275
275
|
end
|
276
276
|
|
277
277
|
auto_build_role_links ? build_role_links : rule_added
|
@@ -112,6 +112,13 @@ module Casbin
|
|
112
112
|
true
|
113
113
|
end
|
114
114
|
|
115
|
+
# gets rules based on field filters from a policy.
|
116
|
+
def get_filtered_policy(sec, ptype, field_index, *field_values)
|
117
|
+
model[sec][ptype].policy.select do |rule|
|
118
|
+
field_values.select { |value| rule[field_index] == value }.any?
|
119
|
+
end.compact
|
120
|
+
end
|
121
|
+
|
115
122
|
# removes policy rules based on field filters from the model.
|
116
123
|
def remove_filtered_policy(sec, ptype, field_index, *field_values)
|
117
124
|
return false unless model.key?(sec)
|
@@ -1,12 +1,15 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'singleton'
|
4
|
+
require 'forwardable'
|
4
5
|
|
5
6
|
class ThreadLock
|
6
7
|
include Singleton
|
7
8
|
|
8
9
|
class << self
|
9
|
-
|
10
|
+
extend Forwardable
|
11
|
+
|
12
|
+
def_delegators :instance, :thread=, :lock?
|
10
13
|
end
|
11
14
|
|
12
15
|
attr_accessor :thread
|
data/lib/casbin-ruby/version.rb
CHANGED
@@ -29,6 +29,11 @@ describe Casbin::Enforcer do
|
|
29
29
|
expect(enf.model).not_to be_nil
|
30
30
|
end
|
31
31
|
|
32
|
+
it '#get_filtered_policy' do
|
33
|
+
expect(enf.enforce('alice', 'data1', 'read')).to be_truthy
|
34
|
+
expect(enf.get_filtered_policy(0, 'alice')).to match_array([%w[alice data1 read]])
|
35
|
+
end
|
36
|
+
|
32
37
|
it '#remove_filtered_policy' do
|
33
38
|
expect(enf.enforce('alice', 'data1', 'read')).to be_truthy
|
34
39
|
enf.remove_filtered_policy(1, 'data1')
|
@@ -38,6 +43,63 @@ describe Casbin::Enforcer do
|
|
38
43
|
enf.remove_filtered_policy(2, 'write')
|
39
44
|
expect(enf.enforce('bob', 'data2', 'write')).to be_falsey
|
40
45
|
end
|
46
|
+
|
47
|
+
it '#add_policy' do
|
48
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_falsey
|
49
|
+
enf.add_policy('alice', 'data3', 'read')
|
50
|
+
enf.add_policy('alice', 'data4', 'read')
|
51
|
+
enf.add_policy(%w[alice data5 read])
|
52
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_truthy
|
53
|
+
expect(enf.enforce('alice', 'data4', 'read')).to be_truthy
|
54
|
+
expect(enf.enforce('alice', 'data5', 'read')).to be_truthy
|
55
|
+
end
|
56
|
+
|
57
|
+
it '#remove_policy' do
|
58
|
+
enf.add_policy('alice', 'data3', 'read')
|
59
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_truthy
|
60
|
+
enf.remove_policy('alice', 'data3', 'read')
|
61
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_falsey
|
62
|
+
enf.add_policy('alice', 'data3', 'read')
|
63
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_truthy
|
64
|
+
enf.remove_policy(%w[alice data3 read])
|
65
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_falsey
|
66
|
+
end
|
67
|
+
|
68
|
+
# rubocop:disable RSpec/RepeatedExample
|
69
|
+
it '#delete_permission' do
|
70
|
+
# TODO: Add support this method
|
71
|
+
# expect(enf.enforce('bob', 'data2', 'write')).to be_truthy
|
72
|
+
# expect(enf.enforce('data2_admin', 'data2', 'read')).to be_truthy
|
73
|
+
# expect(enf.enforce('data2_admin', 'data2', 'write')).to be_truthy
|
74
|
+
# expect(enf.delete_permission('data2')).to be_truthy
|
75
|
+
# expect(enf.enforce('bob', 'data2', 'write')).to be_falsey
|
76
|
+
# expect(enf.enforce('data2_admin', 'data2', 'read')).to be_falsey
|
77
|
+
# expect(enf.enforce('data2_admin', 'data2', 'write')).to be_falsey
|
78
|
+
end
|
79
|
+
|
80
|
+
it '#delete_permissions_for_user' do
|
81
|
+
# TODO: Add support this method
|
82
|
+
# expect(enf.enforce('alice', 'data1', 'read')).to be_truthy
|
83
|
+
# expect(enf.delete_permissions_for_user('alice')).to be_truthy
|
84
|
+
# expect(enf.enforce('alice', 'data1', 'read')).to be_falsey
|
85
|
+
end
|
86
|
+
|
87
|
+
it '#get_permissions_for_user' do
|
88
|
+
# TODO: Add support this method
|
89
|
+
# expect(enf.get_permissions_for_user('alice')).to match_array([%w[alice data1 read],
|
90
|
+
# %w[data2_admin data2 read],
|
91
|
+
# %w[data2_admin data2 write]])
|
92
|
+
end
|
93
|
+
# rubocop:enable RSpec/RepeatedExample
|
94
|
+
|
95
|
+
it '#has_permission_for_user' do
|
96
|
+
expect(enf.has_permission_for_user('alice', 'data1', 'read')).to be_truthy
|
97
|
+
expect(enf.has_permission_for_user('alice', 'data1', 'write')).to be_falsey
|
98
|
+
end
|
99
|
+
|
100
|
+
it '#get_implicit_permissions_for_user' do
|
101
|
+
expect(enf.get_implicit_permissions_for_user('alice')).to match_array([%w[alice data1 read]])
|
102
|
+
end
|
41
103
|
end
|
42
104
|
|
43
105
|
describe 'basic without spaces' do
|
@@ -150,6 +212,80 @@ describe Casbin::Enforcer do
|
|
150
212
|
expect(enf.enforce('alice', 'data2', 'write')).to be_truthy
|
151
213
|
expect(enf.enforce('bogus', 'data2', 'write')).to be_falsey
|
152
214
|
end
|
215
|
+
|
216
|
+
it '#add_grouping_policy' do
|
217
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_falsey
|
218
|
+
enf.add_policy('base', 'data3', 'read')
|
219
|
+
enf.add_policy(%w[alice data4 read])
|
220
|
+
enf.add_grouping_policy('alice', 'base')
|
221
|
+
enf.add_grouping_policy(%w[bob base])
|
222
|
+
expect(enf.enforce('alice', 'data3', 'read')).to be_truthy
|
223
|
+
expect(enf.enforce('bob', 'data3', 'read')).to be_truthy
|
224
|
+
expect(enf.enforce('alice', 'data4', 'read')).to be_truthy
|
225
|
+
expect(enf.enforce('bob', 'data4', 'read')).to be_falsey
|
226
|
+
end
|
227
|
+
|
228
|
+
it '#get_roles_for_user' do
|
229
|
+
expect(enf.get_roles_for_user('alice')).to match_array(['data2_admin'])
|
230
|
+
expect(enf.get_roles_for_user('bob')).to match_array([])
|
231
|
+
end
|
232
|
+
|
233
|
+
it '#get_users_for_role' do
|
234
|
+
expect(enf.get_users_for_role('data2_admin')).to match_array(['alice'])
|
235
|
+
expect(enf.get_users_for_role('data1_admin')).to match_array([])
|
236
|
+
end
|
237
|
+
|
238
|
+
it '#has_role_for_user' do
|
239
|
+
expect(enf.has_role_for_user('alice', 'data2_admin')).to be_truthy
|
240
|
+
expect(enf.has_role_for_user('bob', 'data2_admin')).to be_falsey
|
241
|
+
end
|
242
|
+
|
243
|
+
it '#add_role_for_user' do
|
244
|
+
expect(enf.has_role_for_user('alice', 'manager')).to be_falsey
|
245
|
+
expect(enf.add_role_for_user('alice', 'manager')).to be_truthy
|
246
|
+
expect(enf.has_role_for_user('alice', 'manager')).to be_truthy
|
247
|
+
end
|
248
|
+
|
249
|
+
it '#delete_role_for_user' do
|
250
|
+
expect(enf.has_role_for_user('alice', 'data2_admin')).to be_truthy
|
251
|
+
expect(enf.delete_role_for_user('alice', 'data2_admin')).to be_truthy
|
252
|
+
expect(enf.has_role_for_user('alice', 'data2_admin')).to be_falsey
|
253
|
+
end
|
254
|
+
|
255
|
+
it '#delete_roles_for_user' do
|
256
|
+
enf.add_grouping_policy('alice', 'base')
|
257
|
+
expect(enf.delete_roles_for_user('alice')).to be_truthy
|
258
|
+
expect(enf.get_roles_for_user('alice')).to match_array([])
|
259
|
+
end
|
260
|
+
|
261
|
+
it '#delete_user' do
|
262
|
+
expect(enf.enforce('alice', 'data1', 'read')).to be_truthy
|
263
|
+
expect(enf.has_role_for_user('alice', 'data2_admin')).to be_truthy
|
264
|
+
expect(enf.delete_user('alice')).to be_truthy
|
265
|
+
expect(enf.enforce('alice', 'data1', 'read')).to be_falsey
|
266
|
+
expect(enf.has_role_for_user('alice', 'data2_admin')).to be_falsey
|
267
|
+
end
|
268
|
+
|
269
|
+
it '#delete_role' do
|
270
|
+
expect(enf.enforce('data2_admin', 'data2', 'read')).to be_truthy
|
271
|
+
expect(enf.has_role_for_user('alice', 'data2_admin')).to be_truthy
|
272
|
+
expect(enf.delete_role('data2_admin')).to be_truthy
|
273
|
+
expect(enf.enforce('data2_admin', 'data2', 'read')).to be_falsey
|
274
|
+
expect(enf.has_role_for_user('alice', 'data2_admin')).to be_falsey
|
275
|
+
end
|
276
|
+
|
277
|
+
# rubocop:disable RSpec/RepeatedExample
|
278
|
+
it '#get_implicit_roles_for_user' do
|
279
|
+
# TODO: Add support this method
|
280
|
+
# enf.add_role_for_user('data2_admin', 'super_admin')
|
281
|
+
# expect(enf.get_implicit_roles_for_user('alice')).to match_array(%w[data2_admin super_admin])
|
282
|
+
end
|
283
|
+
|
284
|
+
it '#get_implicit_users_for_permission' do
|
285
|
+
# TODO: Add support this method
|
286
|
+
# expect(enf.get_implicit_users_for_permission('data2', 'write')).to match_array(%w[alice bob])
|
287
|
+
end
|
288
|
+
# rubocop:enable RSpec/RepeatedExample
|
153
289
|
end
|
154
290
|
|
155
291
|
describe 'rbac empty policy' do
|
@@ -189,6 +325,34 @@ describe Casbin::Enforcer do
|
|
189
325
|
expect(enf.enforce('bob', 'domain2', 'data2', 'read')).to be_truthy
|
190
326
|
expect(enf.enforce('bob', 'domain2', 'data2', 'write')).to be_truthy
|
191
327
|
end
|
328
|
+
|
329
|
+
it '#get_roles_for_user_in_domain' do
|
330
|
+
expect(enf.get_roles_for_user_in_domain('alice', 'domain1')).to match_array(%w[admin])
|
331
|
+
expect(enf.get_roles_for_user_in_domain('bob', 'domain2')).to match_array(%w[admin])
|
332
|
+
end
|
333
|
+
|
334
|
+
it '#get_users_for_role_in_domain' do
|
335
|
+
expect(enf.get_users_for_role_in_domain('admin', 'domain1')).to match_array(%w[alice])
|
336
|
+
expect(enf.get_users_for_role_in_domain('admin', 'domain2')).to match_array(%w[bob])
|
337
|
+
end
|
338
|
+
|
339
|
+
it '#delete_roles_for_user_in_domain' do
|
340
|
+
enf.delete_roles_for_user_in_domain('alice', 'admin', 'domain1')
|
341
|
+
expect(enf.get_roles_for_user_in_domain('alice', 'domain1')).to match_array(%w[])
|
342
|
+
end
|
343
|
+
|
344
|
+
it '#get_permissions_for_user_in_domain' do
|
345
|
+
expect(enf.get_permissions_for_user_in_domain('admin', 'domain1'))
|
346
|
+
.to match_array([%w[admin domain1 data1 read],
|
347
|
+
%w[admin domain1 data1 write],
|
348
|
+
%w[admin domain2 data2 read],
|
349
|
+
%w[admin domain2 data2 write]])
|
350
|
+
expect(enf.get_permissions_for_user_in_domain('admin', 'domain2'))
|
351
|
+
.to match_array([%w[admin domain1 data1 read],
|
352
|
+
%w[admin domain1 data1 write],
|
353
|
+
%w[admin domain2 data2 read],
|
354
|
+
%w[admin domain2 data2 write]])
|
355
|
+
end
|
192
356
|
end
|
193
357
|
|
194
358
|
describe 'rbac with not deny' do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: casbin-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Igor Kutyavin
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-09-01 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: keisan
|
@@ -141,11 +141,11 @@ specification_version: 4
|
|
141
141
|
summary: Casbin in Ruby
|
142
142
|
test_files:
|
143
143
|
- spec/support/model_helper.rb
|
144
|
-
- spec/casbin/core_enforcer_spec.rb
|
145
|
-
- spec/casbin/rbac/default_role_manager/role_manager_spec.rb
|
146
144
|
- spec/casbin/rbac/default_role_manager/role_spec.rb
|
145
|
+
- spec/casbin/rbac/default_role_manager/role_manager_spec.rb
|
146
|
+
- spec/casbin/enforcer_spec.rb
|
147
|
+
- spec/casbin/util/builtin_operators_spec.rb
|
148
|
+
- spec/casbin/util_spec.rb
|
149
|
+
- spec/casbin/core_enforcer_spec.rb
|
147
150
|
- spec/casbin/config/config_spec.rb
|
148
151
|
- spec/casbin/model/function_map_spec.rb
|
149
|
-
- spec/casbin/util_spec.rb
|
150
|
-
- spec/casbin/util/builtin_operators_spec.rb
|
151
|
-
- spec/casbin/enforcer_spec.rb
|