casbin 5.18.0 → 5.19.0

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+# [5.19.0](https://github.com/casbin/node-casbin/compare/v5.18.0...v5.19.0) (2022-09-24)
+
+
+### Features
+
+* add `fieldIndexMap` ([#391](https://github.com/casbin/node-casbin/issues/391)) ([8f6e2c3](https://github.com/casbin/node-casbin/commit/8f6e2c39a19725e467aafda8b7fa948e3e471ce8))
+
 # [5.18.0](https://github.com/casbin/node-casbin/compare/v5.17.0...v5.18.0) (2022-09-14)
 
 

package/lib/cjs/constants.d.ts

@@ -0,0 +1,13 @@
+export declare const enum EffectExpress {
+    ALLOW = "some(where (p_eft == allow))",
+    DENY = "!some(where (p_eft == deny))",
+    ALLOW_AND_DENY = "some(where (p_eft == allow)) && !some(where (p_eft == deny))",
+    PRIORITY = "priority(p_eft) || deny",
+    SUBJECT_PRIORITY = "subjectPriority(p_eft) || deny"
+}
+export declare const enum FieldIndex {
+    Domain = "dom",
+    Subject = "sub",
+    Object = "obj",
+    Priority = "priority"
+}

package/lib/cjs/constants.js

@@ -0,0 +1,15 @@
+"use strict";
+// Copyright 2022 The Casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cjs/effect/defaultEffectorStream.js

@@ -30,14 +30,14 @@ class DefaultEffectorStream {
     }
     pushEffect(eft) {
         switch (this.expr) {
-            case 'some(where (p_eft == allow))':
+            case "some(where (p_eft == allow))" /* ALLOW */:
                 if (eft === effector_1.Effect.Allow) {
                     this.res = true;
                     this.done = true;
                     this.rec = true;
                 }
                 break;
-            case '!some(where (p_eft == deny))':
+            case "!some(where (p_eft == deny))" /* DENY */:
                 this.res = true;
                 if (eft === effector_1.Effect.Deny) {
                     this.res = false;
@@ -45,7 +45,7 @@ class DefaultEffectorStream {
                     this.rec = true;
                 }
                 break;
-            case 'some(where (p_eft == allow)) && !some(where (p_eft == deny))':
+            case "some(where (p_eft == allow)) && !some(where (p_eft == deny))" /* ALLOW_AND_DENY */:
                 if (eft === effector_1.Effect.Allow) {
                     this.res = true;
                     this.rec = true;
@@ -59,7 +59,7 @@ class DefaultEffectorStream {
                     this.rec = false;
                 }
                 break;
-            case 'priority(p_eft) || deny':
+            case "priority(p_eft) || deny" /* PRIORITY */:
                 if (eft !== effector_1.Effect.Indeterminate) {
                     this.res = eft === effector_1.Effect.Allow;
                     this.done = true;

package/lib/cjs/enforcer.js

@@ -172,7 +172,8 @@ class Enforcer extends managementEnforcer_1.ManagementEnforcer {
      */
     async deleteRolesForUser(user, domain) {
         if (domain === undefined) {
-            return this.removeFilteredGroupingPolicy(0, user);
+            const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
+            return this.removeFilteredGroupingPolicy(subIndex, user);
         }
         else {
             return this.removeFilteredGroupingPolicy(0, user, '', domain);
@@ -186,8 +187,9 @@ class Enforcer extends managementEnforcer_1.ManagementEnforcer {
      * @return succeeds or not.
      */
     async deleteUser(user) {
-        const res1 = await this.removeFilteredGroupingPolicy(0, user);
-        const res2 = await this.removeFilteredPolicy(0, user);
+        const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
+        const res1 = await this.removeFilteredGroupingPolicy(subIndex, user);
+        const res2 = await this.removeFilteredPolicy(subIndex, user);
         return res1 || res2;
     }
     /**
@@ -198,8 +200,9 @@ class Enforcer extends managementEnforcer_1.ManagementEnforcer {
      * @return succeeds or not.
      */
     async deleteRole(role) {
-        const res1 = await this.removeFilteredGroupingPolicy(1, role);
-        const res2 = await this.removeFilteredPolicy(0, role);
+        const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
+        const res1 = await this.removeFilteredGroupingPolicy(subIndex, role);
+        const res2 = await this.removeFilteredPolicy(subIndex, role);
         return res1 || res2;
     }
     /**
@@ -244,7 +247,8 @@ class Enforcer extends managementEnforcer_1.ManagementEnforcer {
      * @return succeeds or not.
      */
     async deletePermissionsForUser(user) {
-        return this.removeFilteredPolicy(0, user);
+        const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
+        return this.removeFilteredPolicy(subIndex, user);
     }
     /**
      * getPermissionsForUser gets permissions for a user or role.
@@ -253,7 +257,8 @@ class Enforcer extends managementEnforcer_1.ManagementEnforcer {
      * @return the permissions, a permission is usually like (obj, act). It is actually the rule without the subject.
      */
     async getPermissionsForUser(user) {
-        return this.getFilteredPolicy(0, user);
+        const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
+        return this.getFilteredPolicy(subIndex, user);
     }
     /**
      * hasPermissionForUser determines whether a user has a permission.

package/lib/cjs/internalEnforcer.d.ts

@@ -21,4 +21,12 @@ export declare class InternalEnforcer extends CoreEnforcer {
      * removeFilteredPolicyInternal removes rules based on field filters from the current policy.
      */
     protected removeFilteredPolicyInternal(sec: string, ptype: string, fieldIndex: number, fieldValues: string[], useWatcher: boolean): Promise<boolean>;
+    /**
+     * get field index in model.fieldMap.
+     */
+    getFieldIndex(ptype: string, field: string): number;
+    /**
+     *  set index of field
+     */
+    setFieldIndex(ptype: string, field: string, index: number): void;
 }

package/lib/cjs/internalEnforcer.js

@@ -234,5 +234,19 @@ class InternalEnforcer extends coreEnforcer_1.CoreEnforcer {
         }
         return ok;
     }
+    /**
+     * get field index in model.fieldMap.
+     */
+    getFieldIndex(ptype, field) {
+        return this.model.getFieldIndex(ptype, field);
+    }
+    /**
+     *  set index of field
+     */
+    setFieldIndex(ptype, field, index) {
+        var _a;
+        const assertion = (_a = this.model.model.get('p')) === null || _a === void 0 ? void 0 : _a.get(ptype);
+        assertion === null || assertion === void 0 ? void 0 : assertion.fieldIndexMap.set(field, index);
+    }
 }
 exports.InternalEnforcer = InternalEnforcer;

package/lib/cjs/model/assertion.d.ts

@@ -6,6 +6,7 @@ export declare class Assertion {
     tokens: string[];
     policy: string[][];
     rm: rbac.RoleManager;
+    fieldIndexMap: Map<string, number>;
     /**
      * constructor is the constructor for Assertion.
      */

package/lib/cjs/model/assertion.js

@@ -48,6 +48,7 @@ class Assertion {
         this.tokens = [];
         this.policy = [];
         this.rm = new rbac.DefaultRoleManager(10);
+        this.fieldIndexMap = new Map();
     }
     async buildIncrementalRoleLinks(rm, op, rules) {
         this.rm = rm;

package/lib/cjs/model/model.d.ts

@@ -39,6 +39,10 @@ export declare class Model {
     getValuesForFieldInPolicy(sec: string, key: string, fieldIndex: number): string[];
     getValuesForFieldInPolicyAllTypes(sec: string, fieldIndex: number): string[];
     printPolicy(): void;
+    /**
+     * return the field index in fieldMap, if no this field in fieldMap, add it.
+     */
+    getFieldIndex(ptype: string, field: string): number;
 }
 /**
  * newModel creates a model.

package/lib/cjs/model/model.js

@@ -88,6 +88,7 @@ class Model {
         const ast = new assertion_1.Assertion();
         ast.key = key;
         ast.value = value;
+        ast.fieldIndexMap = new Map();
         if (sec === 'r' || sec === 'p') {
             const tokens = value.split(',').map((n) => n.trim());
             for (let i = 0; i < tokens.length; i++) {
@@ -417,6 +418,33 @@ class Model {
             }
         });
     }
+    /**
+     * return the field index in fieldMap, if no this field in fieldMap, add it.
+     */
+    getFieldIndex(ptype, field) {
+        var _a;
+        const assertion = (_a = this.model.get('p')) === null || _a === void 0 ? void 0 : _a.get(ptype);
+        if (!assertion) {
+            return -1;
+        }
+        let index = assertion.fieldIndexMap.get(field);
+        if (index) {
+            return index;
+        }
+        const pattern = ptype + '_' + field;
+        index = -1;
+        for (let i = 0; i < assertion.tokens.length; i++) {
+            if (assertion.tokens[i] === pattern) {
+                index = i;
+                break;
+            }
+        }
+        if (index === -1) {
+            return index;
+        }
+        assertion.fieldIndexMap.set(field, index);
+        return index;
+    }
 }
 exports.Model = Model;
 /**

package/lib/esm/constants.d.ts

@@ -0,0 +1,13 @@
+export declare const enum EffectExpress {
+    ALLOW = "some(where (p_eft == allow))",
+    DENY = "!some(where (p_eft == deny))",
+    ALLOW_AND_DENY = "some(where (p_eft == allow)) && !some(where (p_eft == deny))",
+    PRIORITY = "priority(p_eft) || deny",
+    SUBJECT_PRIORITY = "subjectPriority(p_eft) || deny"
+}
+export declare const enum FieldIndex {
+    Domain = "dom",
+    Subject = "sub",
+    Object = "obj",
+    Priority = "priority"
+}

package/lib/esm/constants.js

@@ -0,0 +1,13 @@
+// Copyright 2022 The Casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.

package/lib/esm/effect/defaultEffectorStream.js

@@ -27,14 +27,14 @@ export class DefaultEffectorStream {
     }
     pushEffect(eft) {
         switch (this.expr) {
-            case 'some(where (p_eft == allow))':
+            case "some(where (p_eft == allow))" /* ALLOW */:
                 if (eft === Effect.Allow) {
                     this.res = true;
                     this.done = true;
                     this.rec = true;
                 }
                 break;
-            case '!some(where (p_eft == deny))':
+            case "!some(where (p_eft == deny))" /* DENY */:
                 this.res = true;
                 if (eft === Effect.Deny) {
                     this.res = false;
@@ -42,7 +42,7 @@ export class DefaultEffectorStream {
                     this.rec = true;
                 }
                 break;
-            case 'some(where (p_eft == allow)) && !some(where (p_eft == deny))':
+            case "some(where (p_eft == allow)) && !some(where (p_eft == deny))" /* ALLOW_AND_DENY */:
                 if (eft === Effect.Allow) {
                     this.res = true;
                     this.rec = true;
@@ -56,7 +56,7 @@ export class DefaultEffectorStream {
                     this.rec = false;
                 }
                 break;
-            case 'priority(p_eft) || deny':
+            case "priority(p_eft) || deny" /* PRIORITY */:
                 if (eft !== Effect.Indeterminate) {
                     this.res = eft === Effect.Allow;
                     this.done = true;

package/lib/esm/enforcer.js

@@ -169,7 +169,8 @@ export class Enforcer extends ManagementEnforcer {
      */
     async deleteRolesForUser(user, domain) {
         if (domain === undefined) {
-            return this.removeFilteredGroupingPolicy(0, user);
+            const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
+            return this.removeFilteredGroupingPolicy(subIndex, user);
         }
         else {
             return this.removeFilteredGroupingPolicy(0, user, '', domain);
@@ -183,8 +184,9 @@ export class Enforcer extends ManagementEnforcer {
      * @return succeeds or not.
      */
     async deleteUser(user) {
-        const res1 = await this.removeFilteredGroupingPolicy(0, user);
-        const res2 = await this.removeFilteredPolicy(0, user);
+        const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
+        const res1 = await this.removeFilteredGroupingPolicy(subIndex, user);
+        const res2 = await this.removeFilteredPolicy(subIndex, user);
         return res1 || res2;
     }
     /**
@@ -195,8 +197,9 @@ export class Enforcer extends ManagementEnforcer {
      * @return succeeds or not.
      */
     async deleteRole(role) {
-        const res1 = await this.removeFilteredGroupingPolicy(1, role);
-        const res2 = await this.removeFilteredPolicy(0, role);
+        const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
+        const res1 = await this.removeFilteredGroupingPolicy(subIndex, role);
+        const res2 = await this.removeFilteredPolicy(subIndex, role);
         return res1 || res2;
     }
     /**
@@ -241,7 +244,8 @@ export class Enforcer extends ManagementEnforcer {
      * @return succeeds or not.
      */
     async deletePermissionsForUser(user) {
-        return this.removeFilteredPolicy(0, user);
+        const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
+        return this.removeFilteredPolicy(subIndex, user);
     }
     /**
      * getPermissionsForUser gets permissions for a user or role.
@@ -250,7 +254,8 @@ export class Enforcer extends ManagementEnforcer {
      * @return the permissions, a permission is usually like (obj, act). It is actually the rule without the subject.
      */
     async getPermissionsForUser(user) {
-        return this.getFilteredPolicy(0, user);
+        const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
+        return this.getFilteredPolicy(subIndex, user);
     }
     /**
      * hasPermissionForUser determines whether a user has a permission.

package/lib/esm/internalEnforcer.d.ts

@@ -21,4 +21,12 @@ export declare class InternalEnforcer extends CoreEnforcer {
      * removeFilteredPolicyInternal removes rules based on field filters from the current policy.
      */
     protected removeFilteredPolicyInternal(sec: string, ptype: string, fieldIndex: number, fieldValues: string[], useWatcher: boolean): Promise<boolean>;
+    /**
+     * get field index in model.fieldMap.
+     */
+    getFieldIndex(ptype: string, field: string): number;
+    /**
+     *  set index of field
+     */
+    setFieldIndex(ptype: string, field: string, index: number): void;
 }

package/lib/esm/internalEnforcer.js

@@ -231,4 +231,18 @@ export class InternalEnforcer extends CoreEnforcer {
         }
         return ok;
     }
+    /**
+     * get field index in model.fieldMap.
+     */
+    getFieldIndex(ptype, field) {
+        return this.model.getFieldIndex(ptype, field);
+    }
+    /**
+     *  set index of field
+     */
+    setFieldIndex(ptype, field, index) {
+        var _a;
+        const assertion = (_a = this.model.model.get('p')) === null || _a === void 0 ? void 0 : _a.get(ptype);
+        assertion === null || assertion === void 0 ? void 0 : assertion.fieldIndexMap.set(field, index);
+    }
 }

package/lib/esm/model/assertion.d.ts

@@ -6,6 +6,7 @@ export declare class Assertion {
     tokens: string[];
     policy: string[][];
     rm: rbac.RoleManager;
+    fieldIndexMap: Map<string, number>;
     /**
      * constructor is the constructor for Assertion.
      */

package/lib/esm/model/assertion.js

@@ -26,6 +26,7 @@ export class Assertion {
         this.tokens = [];
         this.policy = [];
         this.rm = new rbac.DefaultRoleManager(10);
+        this.fieldIndexMap = new Map();
     }
     async buildIncrementalRoleLinks(rm, op, rules) {
         this.rm = rm;

package/lib/esm/model/model.d.ts

@@ -39,6 +39,10 @@ export declare class Model {
     getValuesForFieldInPolicy(sec: string, key: string, fieldIndex: number): string[];
     getValuesForFieldInPolicyAllTypes(sec: string, fieldIndex: number): string[];
     printPolicy(): void;
+    /**
+     * return the field index in fieldMap, if no this field in fieldMap, add it.
+     */
+    getFieldIndex(ptype: string, field: string): number;
 }
 /**
  * newModel creates a model.

package/lib/esm/model/model.js

@@ -66,6 +66,7 @@ export class Model {
         const ast = new Assertion();
         ast.key = key;
         ast.value = value;
+        ast.fieldIndexMap = new Map();
         if (sec === 'r' || sec === 'p') {
             const tokens = value.split(',').map((n) => n.trim());
             for (let i = 0; i < tokens.length; i++) {
@@ -395,6 +396,33 @@ export class Model {
             }
         });
     }
+    /**
+     * return the field index in fieldMap, if no this field in fieldMap, add it.
+     */
+    getFieldIndex(ptype, field) {
+        var _a;
+        const assertion = (_a = this.model.get('p')) === null || _a === void 0 ? void 0 : _a.get(ptype);
+        if (!assertion) {
+            return -1;
+        }
+        let index = assertion.fieldIndexMap.get(field);
+        if (index) {
+            return index;
+        }
+        const pattern = ptype + '_' + field;
+        index = -1;
+        for (let i = 0; i < assertion.tokens.length; i++) {
+            if (assertion.tokens[i] === pattern) {
+                index = i;
+                break;
+            }
+        }
+        if (index === -1) {
+            return index;
+        }
+        assertion.fieldIndexMap.set(field, index);
+        return index;
+    }
 }
 /**
  * newModel creates a model.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "casbin",
-  "version": "5.18.0",
+  "version": "5.19.0",
   "description": "An authorization library that supports access control models like ACL, RBAC, ABAC in Node.JS",
   "main": "lib/cjs/index.js",
   "typings": "lib/cjs/index.d.ts",