casbin 5.21.0 → 5.23.0

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+# [5.23.0](https://github.com/casbin/node-casbin/compare/v5.22.0...v5.23.0) (2023-02-01)
+
+
+### Features
+
+* support `updateGroupingPolicy()`, `updateNamedGroupingPolicy()`, `getImplicitResourcesForUser()` ([#419](https://github.com/casbin/node-casbin/issues/419)) ([46c0f3a](https://github.com/casbin/node-casbin/commit/46c0f3ad09c4e8cf673d9d9b9b8fcf00251caaaf))
+
+# [5.22.0](https://github.com/casbin/node-casbin/compare/v5.21.0...v5.22.0) (2023-01-31)
+
+
+### Features
+
+* support subjectPriority ([#417](https://github.com/casbin/node-casbin/issues/417)) ([e83d505](https://github.com/casbin/node-casbin/commit/e83d5058872e65be7dc9b374ca8c6640a1f2ca9d))
+
 # [5.21.0](https://github.com/casbin/node-casbin/compare/v5.20.4...v5.21.0) (2023-01-21)
 
 

package/examples/subject_priority_model.conf

@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act, eft
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = subjectPriority(p.eft) || deny
+
+[matchers]
+m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

package/examples/subject_priority_model_with_domain.conf

@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, dom, act
+
+[policy_definition]
+p = sub, obj, dom, act, eft
+
+[role_definition]
+g = _, _, _
+
+[policy_effect]
+e = subjectPriority(p.eft) || deny
+
+[matchers]
+m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act

package/examples/subject_priority_policy.csv

@@ -0,0 +1,16 @@
+p, root, data1, read, deny
+p, admin, data1, read, deny
+
+p, editor, data1, read, deny
+p, subscriber, data1, deny
+
+p, jane, data1, read, allow
+p, alice, data1, read, allow
+
+g, admin, root
+
+g, editor, admin
+g, subscriber, admin
+
+g, jane, editor
+g, alice, subscriber

package/examples/subject_priority_policy_with_domain.csv

@@ -0,0 +1,7 @@
+p, admin, data1, domain1, write, deny
+p, alice, data1, domain1, write, allow
+p, admin, data2, domain2, write, deny
+p, bob, data2, domain2, write, allow
+
+g, alice, admin, domain1
+g, bob, admin, domain2

package/lib/cjs/coreEnforcer.js

@@ -177,6 +177,7 @@ class CoreEnforcer {
         this.model.clearPolicy();
         await this.adapter.loadPolicy(this.model);
         this.sortPolicies();
+        this.model.sortPoliciesBySubjectHierarchy();
         if (this.autoBuildRoleLinks) {
             await this.buildRoleLinksInternal();
         }
@@ -189,6 +190,8 @@ class CoreEnforcer {
     // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types
     async loadFilteredPolicy(filter) {
         this.model.clearPolicy();
+        this.sortPolicies();
+        this.model.sortPoliciesBySubjectHierarchy();
         return this.loadIncrementalFilteredPolicy(filter);
     }
     /**

package/lib/cjs/effect/defaultEffectorStream.js

@@ -60,6 +60,7 @@ class DefaultEffectorStream {
                 }
                 break;
             case "priority(p_eft) || deny" /* PRIORITY */:
+            case "subjectPriority(p_eft) || deny" /* SUBJECT_PRIORITY */:
                 if (eft !== effector_1.Effect.Indeterminate) {
                     this.res = eft === effector_1.Effect.Allow;
                     this.done = true;

package/lib/cjs/enforcer.d.ts

@@ -175,6 +175,10 @@ export declare class Enforcer extends ManagementEnforcer {
      * But getImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].
      */
     getImplicitPermissionsForUser(user: string, ...domain: string[]): Promise<string[][]>;
+    /**
+     * getImplicitResourcesForUser returns all policies that user obtaining in domain.
+     */
+    getImplicitResourcesForUser(user: string, ...domain: string[]): Promise<string[][]>;
     /**
      * getImplicitUsersForRole gets implicit users that a role has.
      * Compared to getUsersForRole(), this function retrieves indirect users besides direct users.

package/lib/cjs/enforcer.js

@@ -326,6 +326,43 @@ class Enforcer extends managementEnforcer_1.ManagementEnforcer {
         }
         return res;
     }
+    /**
+     * getImplicitResourcesForUser returns all policies that user obtaining in domain.
+     */
+    async getImplicitResourcesForUser(user, ...domain) {
+        const permissions = await this.getImplicitPermissionsForUser(user, ...domain);
+        const res = [];
+        for (const permission of permissions) {
+            if (permission[0] === user) {
+                res.push(permission);
+                continue;
+            }
+            let resLocal = [[user]];
+            const tokensLength = permission.length;
+            const t = [];
+            for (const token of permission) {
+                if (token === permission[0]) {
+                    continue;
+                }
+                const tokens = await this.getImplicitUsersForRole(token, ...domain);
+                tokens.push(token);
+                t.push(tokens);
+            }
+            for (let i = 0; i < tokensLength - 1; i++) {
+                const n = [];
+                for (const tokens of t[i]) {
+                    for (const policy of resLocal) {
+                        const t = [...policy];
+                        t.push(tokens);
+                        n.push(t);
+                    }
+                }
+                resLocal = n;
+            }
+            res.push(...resLocal);
+        }
+        return res;
+    }
     /**
      * getImplicitUsersForRole gets implicit users that a role has.
      * Compared to getUsersForRole(), this function retrieves indirect users besides direct users.

package/lib/cjs/managementEnforcer.d.ts

@@ -367,6 +367,23 @@ export declare class ManagementEnforcer extends InternalEnforcer {
      * @return succeeds or not.
      */
     removeFilteredNamedGroupingPolicy(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise<boolean>;
+    /**
+     * UpdateGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    updateGroupingPolicy(oldRule: string[], newRule: string[]): Promise<boolean>;
+    /**
+     * updateNamedGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param ptype the policy type, can be "g", "g2", "g3", ..
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    updateNamedGroupingPolicy(ptype: string, oldRule: string[], newRule: string[]): Promise<boolean>;
     /**
      * addFunction adds a customized function.
      * @param name custom function name

package/lib/cjs/managementEnforcer.js

@@ -466,6 +466,27 @@ class ManagementEnforcer extends internalEnforcer_1.InternalEnforcer {
     async removeFilteredNamedGroupingPolicy(ptype, fieldIndex, ...fieldValues) {
         return this.removeFilteredPolicyInternal('g', ptype, fieldIndex, fieldValues, true);
     }
+    /**
+     * UpdateGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    async updateGroupingPolicy(oldRule, newRule) {
+        return this.updateNamedGroupingPolicy('g', oldRule, newRule);
+    }
+    /**
+     * updateNamedGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param ptype the policy type, can be "g", "g2", "g3", ..
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    async updateNamedGroupingPolicy(ptype, oldRule, newRule) {
+        return this.updatePolicyInternal('g', ptype, oldRule, newRule, true);
+    }
     /**
      * addFunction adds a customized function.
      * @param name custom function name

package/lib/cjs/model/model.d.ts

@@ -43,6 +43,19 @@ export declare class Model {
      * return the field index in fieldMap, if no this field in fieldMap, add it.
      */
     getFieldIndex(ptype: string, field: string): number;
+    /**
+     * sort policies by subject hieraichy
+     */
+    sortPoliciesBySubjectHierarchy(): void;
+    /**
+     * Calculate the priority of each policy store in Map<string, number>
+     */
+    getSubjectHierarchyMap(groupPolicies: string[][]): Map<string, number>;
+    findHierarchy(policyMap: Map<string, string>, subjectHierarchyMap: Map<string, number>, set: Set<string>, child: string): void;
+    /**
+     * get full name with domain
+     */
+    getNameWithDomain(domain: string, name: string): string;
 }
 /**
  * newModel creates a model.

package/lib/cjs/model/model.js

@@ -38,6 +38,8 @@ const config_1 = require("../config");
 const assertion_1 = require("./assertion");
 const log_1 = require("../log");
 const rbac_1 = require("../rbac");
+const defaultDomain = '';
+const defaultSeparator = '::';
 exports.sectionNameMap = {
     r: 'request_definition',
     p: 'policy_definition',
@@ -445,6 +447,82 @@ class Model {
         assertion.fieldIndexMap.set(field, index);
         return index;
     }
+    /**
+     * sort policies by subject hieraichy
+     */
+    sortPoliciesBySubjectHierarchy() {
+        var _a, _b, _c;
+        if (((_b = (_a = this.model.get('e')) === null || _a === void 0 ? void 0 : _a.get('e')) === null || _b === void 0 ? void 0 : _b.value) !== "subjectPriority(p_eft) || deny" /* SUBJECT_PRIORITY */) {
+            return;
+        }
+        (_c = this.model.get('p')) === null || _c === void 0 ? void 0 : _c.forEach((assertion, ptype) => {
+            const domainIndex = this.getFieldIndex(ptype, "dom" /* Domain */);
+            const subIndex = this.getFieldIndex(ptype, "sub" /* Subject */);
+            // eslint-disable-next-line
+            const subjectHierarchyMap = this.getSubjectHierarchyMap(this.model.get('g').get('g').policy);
+            assertion.policy.sort((policyA, policyB) => {
+                const domainA = domainIndex === -1 ? defaultDomain : policyA[domainIndex];
+                const domainB = domainIndex === -1 ? defaultDomain : policyB[domainIndex];
+                // eslint-disable-next-line
+                const priorityA = subjectHierarchyMap.get(this.getNameWithDomain(domainA, policyA[subIndex]));
+                // eslint-disable-next-line
+                const priorityB = subjectHierarchyMap.get(this.getNameWithDomain(domainB, policyB[subIndex]));
+                return priorityB - priorityA;
+            });
+        });
+    }
+    /**
+     * Calculate the priority of each policy store in Map<string, number>
+     */
+    getSubjectHierarchyMap(groupPolicies) {
+        const subjectHierarchyMap = new Map();
+        if (!groupPolicies) {
+            return subjectHierarchyMap;
+        }
+        const policyMap = new Map();
+        let domain = defaultDomain;
+        groupPolicies.forEach((policy) => {
+            if (policy.length !== 2)
+                domain = policy[this.getFieldIndex('p', "dom" /* Domain */)];
+            const child = this.getNameWithDomain(domain, policy[this.getFieldIndex('p', "sub" /* Subject */)]);
+            const parent = this.getNameWithDomain(domain, policy[this.getFieldIndex('p', "obj" /* Object */)]);
+            policyMap.set(child, parent);
+            if (!subjectHierarchyMap.has(child)) {
+                subjectHierarchyMap.set(child, 0);
+            }
+            if (!subjectHierarchyMap.has(parent)) {
+                subjectHierarchyMap.set(parent, 0);
+            }
+            subjectHierarchyMap.set(child, 1);
+        });
+        const set = new Set();
+        subjectHierarchyMap.forEach((_, key) => {
+            if (subjectHierarchyMap.get(key) !== 0)
+                set.add(key);
+        });
+        while (set.size !== 0) {
+            for (const child of set.values()) {
+                this.findHierarchy(policyMap, subjectHierarchyMap, set, child);
+            }
+        }
+        return subjectHierarchyMap;
+    }
+    findHierarchy(policyMap, subjectHierarchyMap, set, child) {
+        set.delete(child);
+        // eslint-disable-next-line
+        const parent = policyMap.get(child);
+        if (set.has(parent)) {
+            this.findHierarchy(policyMap, subjectHierarchyMap, set, parent);
+        }
+        // eslint-disable-next-line
+        subjectHierarchyMap.set(child, subjectHierarchyMap.get(parent) + 10);
+    }
+    /**
+     * get full name with domain
+     */
+    getNameWithDomain(domain, name) {
+        return domain + defaultSeparator + name;
+    }
 }
 exports.Model = Model;
 /**

package/lib/cjs/syncedEnforcer.d.ts

@@ -319,6 +319,23 @@ export declare class SyncedEnforcer extends Enforcer {
      * @return succeeds or not.
      */
     removeFilteredNamedGroupingPolicy(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise<boolean>;
+    /**
+     * UpdateGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    updateGroupingPolicy(oldRule: string[], newRule: string[]): Promise<boolean>;
+    /**
+     * updateNamedGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param ptype the policy type, can be "g", "g2", "g3", ..
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    updateNamedGroupingPolicy(ptype: string, oldRule: string[], newRule: string[]): Promise<boolean>;
     /**
      * add matching function to RoleManager by ptype
      * @param ptype g

package/lib/cjs/syncedEnforcer.js

@@ -443,6 +443,27 @@ class SyncedEnforcer extends enforcer_1.Enforcer {
         await this.lock.acquireAsync();
         return super.removeFilteredNamedGroupingPolicy(ptype, fieldIndex, ...fieldValues).finally(() => this.lock.release());
     }
+    /**
+     * UpdateGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    async updateGroupingPolicy(oldRule, newRule) {
+        return super.updateGroupingPolicy(oldRule, newRule);
+    }
+    /**
+     * updateNamedGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param ptype the policy type, can be "g", "g2", "g3", ..
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    async updateNamedGroupingPolicy(ptype, oldRule, newRule) {
+        return super.updateNamedGroupingPolicy(ptype, oldRule, newRule);
+    }
     /**
      * add matching function to RoleManager by ptype
      * @param ptype g

package/lib/esm/coreEnforcer.js

@@ -174,6 +174,7 @@ export class CoreEnforcer {
         this.model.clearPolicy();
         await this.adapter.loadPolicy(this.model);
         this.sortPolicies();
+        this.model.sortPoliciesBySubjectHierarchy();
         if (this.autoBuildRoleLinks) {
             await this.buildRoleLinksInternal();
         }
@@ -186,6 +187,8 @@ export class CoreEnforcer {
     // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types
     async loadFilteredPolicy(filter) {
         this.model.clearPolicy();
+        this.sortPolicies();
+        this.model.sortPoliciesBySubjectHierarchy();
         return this.loadIncrementalFilteredPolicy(filter);
     }
     /**

package/lib/esm/effect/defaultEffectorStream.js

@@ -57,6 +57,7 @@ export class DefaultEffectorStream {
                 }
                 break;
             case "priority(p_eft) || deny" /* PRIORITY */:
+            case "subjectPriority(p_eft) || deny" /* SUBJECT_PRIORITY */:
                 if (eft !== Effect.Indeterminate) {
                     this.res = eft === Effect.Allow;
                     this.done = true;

package/lib/esm/enforcer.d.ts

@@ -175,6 +175,10 @@ export declare class Enforcer extends ManagementEnforcer {
      * But getImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].
      */
     getImplicitPermissionsForUser(user: string, ...domain: string[]): Promise<string[][]>;
+    /**
+     * getImplicitResourcesForUser returns all policies that user obtaining in domain.
+     */
+    getImplicitResourcesForUser(user: string, ...domain: string[]): Promise<string[][]>;
     /**
      * getImplicitUsersForRole gets implicit users that a role has.
      * Compared to getUsersForRole(), this function retrieves indirect users besides direct users.

package/lib/esm/enforcer.js

@@ -323,6 +323,43 @@ export class Enforcer extends ManagementEnforcer {
         }
         return res;
     }
+    /**
+     * getImplicitResourcesForUser returns all policies that user obtaining in domain.
+     */
+    async getImplicitResourcesForUser(user, ...domain) {
+        const permissions = await this.getImplicitPermissionsForUser(user, ...domain);
+        const res = [];
+        for (const permission of permissions) {
+            if (permission[0] === user) {
+                res.push(permission);
+                continue;
+            }
+            let resLocal = [[user]];
+            const tokensLength = permission.length;
+            const t = [];
+            for (const token of permission) {
+                if (token === permission[0]) {
+                    continue;
+                }
+                const tokens = await this.getImplicitUsersForRole(token, ...domain);
+                tokens.push(token);
+                t.push(tokens);
+            }
+            for (let i = 0; i < tokensLength - 1; i++) {
+                const n = [];
+                for (const tokens of t[i]) {
+                    for (const policy of resLocal) {
+                        const t = [...policy];
+                        t.push(tokens);
+                        n.push(t);
+                    }
+                }
+                resLocal = n;
+            }
+            res.push(...resLocal);
+        }
+        return res;
+    }
     /**
      * getImplicitUsersForRole gets implicit users that a role has.
      * Compared to getUsersForRole(), this function retrieves indirect users besides direct users.

package/lib/esm/managementEnforcer.d.ts

@@ -367,6 +367,23 @@ export declare class ManagementEnforcer extends InternalEnforcer {
      * @return succeeds or not.
      */
     removeFilteredNamedGroupingPolicy(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise<boolean>;
+    /**
+     * UpdateGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    updateGroupingPolicy(oldRule: string[], newRule: string[]): Promise<boolean>;
+    /**
+     * updateNamedGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param ptype the policy type, can be "g", "g2", "g3", ..
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    updateNamedGroupingPolicy(ptype: string, oldRule: string[], newRule: string[]): Promise<boolean>;
     /**
      * addFunction adds a customized function.
      * @param name custom function name

package/lib/esm/managementEnforcer.js

@@ -463,6 +463,27 @@ export class ManagementEnforcer extends InternalEnforcer {
     async removeFilteredNamedGroupingPolicy(ptype, fieldIndex, ...fieldValues) {
         return this.removeFilteredPolicyInternal('g', ptype, fieldIndex, fieldValues, true);
     }
+    /**
+     * UpdateGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    async updateGroupingPolicy(oldRule, newRule) {
+        return this.updateNamedGroupingPolicy('g', oldRule, newRule);
+    }
+    /**
+     * updateNamedGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param ptype the policy type, can be "g", "g2", "g3", ..
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    async updateNamedGroupingPolicy(ptype, oldRule, newRule) {
+        return this.updatePolicyInternal('g', ptype, oldRule, newRule, true);
+    }
     /**
      * addFunction adds a customized function.
      * @param name custom function name

package/lib/esm/model/model.d.ts

@@ -43,6 +43,19 @@ export declare class Model {
      * return the field index in fieldMap, if no this field in fieldMap, add it.
      */
     getFieldIndex(ptype: string, field: string): number;
+    /**
+     * sort policies by subject hieraichy
+     */
+    sortPoliciesBySubjectHierarchy(): void;
+    /**
+     * Calculate the priority of each policy store in Map<string, number>
+     */
+    getSubjectHierarchyMap(groupPolicies: string[][]): Map<string, number>;
+    findHierarchy(policyMap: Map<string, string>, subjectHierarchyMap: Map<string, number>, set: Set<string>, child: string): void;
+    /**
+     * get full name with domain
+     */
+    getNameWithDomain(domain: string, name: string): string;
 }
 /**
  * newModel creates a model.

package/lib/esm/model/model.js

@@ -16,6 +16,8 @@ import { Config } from '../config';
 import { Assertion } from './assertion';
 import { getLogger, logPrint } from '../log';
 import { DefaultRoleManager } from '../rbac';
+const defaultDomain = '';
+const defaultSeparator = '::';
 export const sectionNameMap = {
     r: 'request_definition',
     p: 'policy_definition',
@@ -423,6 +425,82 @@ export class Model {
         assertion.fieldIndexMap.set(field, index);
         return index;
     }
+    /**
+     * sort policies by subject hieraichy
+     */
+    sortPoliciesBySubjectHierarchy() {
+        var _a, _b, _c;
+        if (((_b = (_a = this.model.get('e')) === null || _a === void 0 ? void 0 : _a.get('e')) === null || _b === void 0 ? void 0 : _b.value) !== "subjectPriority(p_eft) || deny" /* SUBJECT_PRIORITY */) {
+            return;
+        }
+        (_c = this.model.get('p')) === null || _c === void 0 ? void 0 : _c.forEach((assertion, ptype) => {
+            const domainIndex = this.getFieldIndex(ptype, "dom" /* Domain */);
+            const subIndex = this.getFieldIndex(ptype, "sub" /* Subject */);
+            // eslint-disable-next-line
+            const subjectHierarchyMap = this.getSubjectHierarchyMap(this.model.get('g').get('g').policy);
+            assertion.policy.sort((policyA, policyB) => {
+                const domainA = domainIndex === -1 ? defaultDomain : policyA[domainIndex];
+                const domainB = domainIndex === -1 ? defaultDomain : policyB[domainIndex];
+                // eslint-disable-next-line
+                const priorityA = subjectHierarchyMap.get(this.getNameWithDomain(domainA, policyA[subIndex]));
+                // eslint-disable-next-line
+                const priorityB = subjectHierarchyMap.get(this.getNameWithDomain(domainB, policyB[subIndex]));
+                return priorityB - priorityA;
+            });
+        });
+    }
+    /**
+     * Calculate the priority of each policy store in Map<string, number>
+     */
+    getSubjectHierarchyMap(groupPolicies) {
+        const subjectHierarchyMap = new Map();
+        if (!groupPolicies) {
+            return subjectHierarchyMap;
+        }
+        const policyMap = new Map();
+        let domain = defaultDomain;
+        groupPolicies.forEach((policy) => {
+            if (policy.length !== 2)
+                domain = policy[this.getFieldIndex('p', "dom" /* Domain */)];
+            const child = this.getNameWithDomain(domain, policy[this.getFieldIndex('p', "sub" /* Subject */)]);
+            const parent = this.getNameWithDomain(domain, policy[this.getFieldIndex('p', "obj" /* Object */)]);
+            policyMap.set(child, parent);
+            if (!subjectHierarchyMap.has(child)) {
+                subjectHierarchyMap.set(child, 0);
+            }
+            if (!subjectHierarchyMap.has(parent)) {
+                subjectHierarchyMap.set(parent, 0);
+            }
+            subjectHierarchyMap.set(child, 1);
+        });
+        const set = new Set();
+        subjectHierarchyMap.forEach((_, key) => {
+            if (subjectHierarchyMap.get(key) !== 0)
+                set.add(key);
+        });
+        while (set.size !== 0) {
+            for (const child of set.values()) {
+                this.findHierarchy(policyMap, subjectHierarchyMap, set, child);
+            }
+        }
+        return subjectHierarchyMap;
+    }
+    findHierarchy(policyMap, subjectHierarchyMap, set, child) {
+        set.delete(child);
+        // eslint-disable-next-line
+        const parent = policyMap.get(child);
+        if (set.has(parent)) {
+            this.findHierarchy(policyMap, subjectHierarchyMap, set, parent);
+        }
+        // eslint-disable-next-line
+        subjectHierarchyMap.set(child, subjectHierarchyMap.get(parent) + 10);
+    }
+    /**
+     * get full name with domain
+     */
+    getNameWithDomain(domain, name) {
+        return domain + defaultSeparator + name;
+    }
 }
 /**
  * newModel creates a model.

package/lib/esm/syncedEnforcer.d.ts

@@ -319,6 +319,23 @@ export declare class SyncedEnforcer extends Enforcer {
      * @return succeeds or not.
      */
     removeFilteredNamedGroupingPolicy(ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise<boolean>;
+    /**
+     * UpdateGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    updateGroupingPolicy(oldRule: string[], newRule: string[]): Promise<boolean>;
+    /**
+     * updateNamedGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param ptype the policy type, can be "g", "g2", "g3", ..
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    updateNamedGroupingPolicy(ptype: string, oldRule: string[], newRule: string[]): Promise<boolean>;
     /**
      * add matching function to RoleManager by ptype
      * @param ptype g

package/lib/esm/syncedEnforcer.js

@@ -437,6 +437,27 @@ export class SyncedEnforcer extends Enforcer {
         await this.lock.acquireAsync();
         return super.removeFilteredNamedGroupingPolicy(ptype, fieldIndex, ...fieldValues).finally(() => this.lock.release());
     }
+    /**
+     * UpdateGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    async updateGroupingPolicy(oldRule, newRule) {
+        return super.updateGroupingPolicy(oldRule, newRule);
+    }
+    /**
+     * updateNamedGroupingPolicy updates an rule to the current named policy.
+     *
+     * @param ptype the policy type, can be "g", "g2", "g3", ..
+     * @param oldRule the old rule.
+     * @param newRule the new rule.
+     * @return succeeds or not.
+     */
+    async updateNamedGroupingPolicy(ptype, oldRule, newRule) {
+        return super.updateNamedGroupingPolicy(ptype, oldRule, newRule);
+    }
     /**
      * add matching function to RoleManager by ptype
      * @param ptype g

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "casbin",
-  "version": "5.21.0",
+  "version": "5.23.0",
   "description": "An authorization library that supports access control models like ACL, RBAC, ABAC in Node.JS",
   "main": "lib/cjs/index.js",
   "typings": "lib/cjs/index.d.ts",