casbin 5.26.2 → 5.27.1

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+## [5.27.1](https://github.com/casbin/node-casbin/compare/v5.27.0...v5.27.1) (2023-09-19)
+
+
+### Bug Fixes
+
+* KeyMatch5 does not match the expected result ([#458](https://github.com/casbin/node-casbin/issues/458)) ([0df458d](https://github.com/casbin/node-casbin/commit/0df458dde1f7a061167b978e16e712d208944f39))
+
+# [5.27.0](https://github.com/casbin/node-casbin/compare/v5.26.2...v5.27.0) (2023-08-30)
+
+
+### Features
+
+* add `enforceWithMatcher` & `enforceExWithMatcher` ([#453](https://github.com/casbin/node-casbin/issues/453)) ([a85192f](https://github.com/casbin/node-casbin/commit/a85192f382fc164107d3117b4490cf8dd072c0e5))
+
 ## [5.26.2](https://github.com/casbin/node-casbin/compare/v5.26.1...v5.26.2) (2023-07-29)
 
 

package/lib/cjs/coreEnforcer.d.ts

@@ -227,6 +227,17 @@ export declare class CoreEnforcer {
      * @return whether to allow the request.
      */
     enforce(...rvals: any[]): Promise<boolean>;
+    /**
+     * enforceWithMatcher decides whether a "subject" can access a "object" with
+     * the operation "action" but with the matcher passed,
+     * input parameters are usually: (matcher, sub, obj, act).
+     *
+     * @param matcher matcher string.
+     * @param rvals the request needs to be mediated, usually an array
+     *              of strings, can be class instances if ABAC is used.
+     * @return whether to allow the request.
+     */
+    enforceWithMatcher(matcher: string, ...rvals: any[]): Promise<boolean>;
     /**
      * enforce decides whether a "subject" can access a "object" with
      * the operation "action", input parameters are usually: (sub, obj, act).
@@ -236,6 +247,17 @@ export declare class CoreEnforcer {
      * @return whether to allow the request and the reason rule.
      */
     enforceEx(...rvals: any[]): Promise<[boolean, string[]]>;
+    /**
+     * enforceExWithMatcher decides whether a "subject" can access a "object" with
+     * the operation "action" but with the matcher passed,
+     *  input parameters are usually: (matcher, sub, obj, act).
+     *
+     * @param matcher matcher string.
+     * @param rvals the request needs to be mediated, usually an array
+     *              of strings, can be class instances if ABAC is used.
+     * @return whether to allow the request and the reason rule.
+     */
+    enforceExWithMatcher(matcher: string, ...rvals: any[]): Promise<[boolean, string[]]>;
     /**
      * batchEnforce enforces each request and returns result in a bool array.
      * @param rvals the request need to be mediated, usually an array

package/lib/cjs/coreEnforcer.js

@@ -349,7 +349,7 @@ class CoreEnforcer {
             await this.model.buildRoleLinks(this.rmMap);
         }
     }
-    *privateEnforce(asyncCompile = true, explain = false, enforceContext = new enforceContext_1.EnforceContext('r', 'p', 'e', 'm'), ...rvals) {
+    *privateEnforce(asyncCompile = true, explain = false, matcher, enforceContext = new enforceContext_1.EnforceContext('r', 'p', 'e', 'm'), ...rvals) {
         var _a, _b, _c, _d, _e, _f, _g, _h, _j;
         if (!this.enabled) {
             return true;
@@ -364,7 +364,13 @@ class CoreEnforcer {
             const rm = value.rm;
             functions[key] = asyncCompile ? util_1.generateGFunction(rm) : util_1.generateSyncedGFunction(rm);
         });
-        const expString = (_b = (_a = this.model.model.get('m')) === null || _a === void 0 ? void 0 : _a.get(enforceContext.mType)) === null || _b === void 0 ? void 0 : _b.value;
+        let expString;
+        if (!matcher) {
+            expString = (_b = (_a = this.model.model.get('m')) === null || _a === void 0 ? void 0 : _a.get(enforceContext.mType)) === null || _b === void 0 ? void 0 : _b.value;
+        }
+        else {
+            expString = util_1.removeComments(util_1.escapeAssertion(matcher));
+        }
         if (!expString) {
             throw new Error('Unable to find matchers in model');
         }
@@ -513,9 +519,9 @@ class CoreEnforcer {
     enforceSync(...rvals) {
         if (rvals[0] instanceof enforceContext_1.EnforceContext) {
             const enforceContext = rvals.shift();
-            return util_1.generatorRunSync(this.privateEnforce(false, false, enforceContext, ...rvals));
+            return util_1.generatorRunSync(this.privateEnforce(false, false, '', enforceContext, ...rvals));
         }
-        return util_1.generatorRunSync(this.privateEnforce(false, false, this.defaultEnforceContext, ...rvals));
+        return util_1.generatorRunSync(this.privateEnforce(false, false, '', this.defaultEnforceContext, ...rvals));
     }
     /**
      * If the matchers does not contain an asynchronous method, call it faster.
@@ -530,9 +536,9 @@ class CoreEnforcer {
     enforceExSync(...rvals) {
         if (rvals[0] instanceof enforceContext_1.EnforceContext) {
             const enforceContext = rvals.shift();
-            return util_1.generatorRunSync(this.privateEnforce(false, true, enforceContext, ...rvals));
+            return util_1.generatorRunSync(this.privateEnforce(false, true, '', enforceContext, ...rvals));
         }
-        return util_1.generatorRunSync(this.privateEnforce(false, true, this.defaultEnforceContext, ...rvals));
+        return util_1.generatorRunSync(this.privateEnforce(false, true, '', this.defaultEnforceContext, ...rvals));
     }
     /**
      * Same as enforceSync. To be removed.
@@ -551,9 +557,26 @@ class CoreEnforcer {
     async enforce(...rvals) {
         if (rvals[0] instanceof enforceContext_1.EnforceContext) {
             const enforceContext = rvals.shift();
-            return util_1.generatorRunAsync(this.privateEnforce(true, false, enforceContext, ...rvals));
+            return util_1.generatorRunAsync(this.privateEnforce(true, false, '', enforceContext, ...rvals));
         }
-        return util_1.generatorRunAsync(this.privateEnforce(true, false, this.defaultEnforceContext, ...rvals));
+        return util_1.generatorRunAsync(this.privateEnforce(true, false, '', this.defaultEnforceContext, ...rvals));
+    }
+    /**
+     * enforceWithMatcher decides whether a "subject" can access a "object" with
+     * the operation "action" but with the matcher passed,
+     * input parameters are usually: (matcher, sub, obj, act).
+     *
+     * @param matcher matcher string.
+     * @param rvals the request needs to be mediated, usually an array
+     *              of strings, can be class instances if ABAC is used.
+     * @return whether to allow the request.
+     */
+    async enforceWithMatcher(matcher, ...rvals) {
+        if (rvals[0] instanceof enforceContext_1.EnforceContext) {
+            const enforceContext = rvals.shift();
+            return util_1.generatorRunAsync(this.privateEnforce(true, false, matcher, enforceContext, ...rvals));
+        }
+        return util_1.generatorRunAsync(this.privateEnforce(true, false, matcher, this.defaultEnforceContext, ...rvals));
     }
     /**
      * enforce decides whether a "subject" can access a "object" with
@@ -566,9 +589,26 @@ class CoreEnforcer {
     async enforceEx(...rvals) {
         if (rvals[0] instanceof enforceContext_1.EnforceContext) {
             const enforceContext = rvals.shift();
-            return util_1.generatorRunAsync(this.privateEnforce(true, true, enforceContext, ...rvals));
+            return util_1.generatorRunAsync(this.privateEnforce(true, true, '', enforceContext, ...rvals));
+        }
+        return util_1.generatorRunAsync(this.privateEnforce(true, true, '', this.defaultEnforceContext, ...rvals));
+    }
+    /**
+     * enforceExWithMatcher decides whether a "subject" can access a "object" with
+     * the operation "action" but with the matcher passed,
+     *  input parameters are usually: (matcher, sub, obj, act).
+     *
+     * @param matcher matcher string.
+     * @param rvals the request needs to be mediated, usually an array
+     *              of strings, can be class instances if ABAC is used.
+     * @return whether to allow the request and the reason rule.
+     */
+    async enforceExWithMatcher(matcher, ...rvals) {
+        if (rvals[0] instanceof enforceContext_1.EnforceContext) {
+            const enforceContext = rvals.shift();
+            return util_1.generatorRunAsync(this.privateEnforce(true, true, matcher, enforceContext, ...rvals));
         }
-        return util_1.generatorRunAsync(this.privateEnforce(true, true, this.defaultEnforceContext, ...rvals));
+        return util_1.generatorRunAsync(this.privateEnforce(true, true, matcher, this.defaultEnforceContext, ...rvals));
     }
     /**
      * batchEnforce enforces each request and returns result in a bool array.

package/lib/cjs/util/builtinOperators.js

@@ -208,10 +208,18 @@ exports.keyMatch4Func = keyMatch4Func;
 // For example, "/foo/bar?status=1&type=2" matches "/foo/bar"
 function KeyMatch5(key1, key2) {
     const i = key1.indexOf('?');
-    if (i === -1) {
-        return key1 === key2;
+    if (i !== -1) {
+        key1 = key1.slice(0, i);
+    }
+    key2 = key2.replace(/\/\*/g, '/.*');
+    const regexp = new RegExp(/(.*){[^/]+}(.*)/g);
+    for (;;) {
+        if (!key2.includes('/{')) {
+            break;
+        }
+        key2 = key2.replace(regexp, '$1[^/]+$2');
     }
-    return key1.slice(0, i) === key2;
+    return regexMatch(key1, '^' + key2 + '$');
 }
 // keyMatch5Func is the wrapper for KeyMatch5.
 function keyMatch5Func(...args) {

package/lib/esm/coreEnforcer.d.ts

@@ -227,6 +227,17 @@ export declare class CoreEnforcer {
      * @return whether to allow the request.
      */
     enforce(...rvals: any[]): Promise<boolean>;
+    /**
+     * enforceWithMatcher decides whether a "subject" can access a "object" with
+     * the operation "action" but with the matcher passed,
+     * input parameters are usually: (matcher, sub, obj, act).
+     *
+     * @param matcher matcher string.
+     * @param rvals the request needs to be mediated, usually an array
+     *              of strings, can be class instances if ABAC is used.
+     * @return whether to allow the request.
+     */
+    enforceWithMatcher(matcher: string, ...rvals: any[]): Promise<boolean>;
     /**
      * enforce decides whether a "subject" can access a "object" with
      * the operation "action", input parameters are usually: (sub, obj, act).
@@ -236,6 +247,17 @@ export declare class CoreEnforcer {
      * @return whether to allow the request and the reason rule.
      */
     enforceEx(...rvals: any[]): Promise<[boolean, string[]]>;
+    /**
+     * enforceExWithMatcher decides whether a "subject" can access a "object" with
+     * the operation "action" but with the matcher passed,
+     *  input parameters are usually: (matcher, sub, obj, act).
+     *
+     * @param matcher matcher string.
+     * @param rvals the request needs to be mediated, usually an array
+     *              of strings, can be class instances if ABAC is used.
+     * @return whether to allow the request and the reason rule.
+     */
+    enforceExWithMatcher(matcher: string, ...rvals: any[]): Promise<[boolean, string[]]>;
     /**
      * batchEnforce enforces each request and returns result in a bool array.
      * @param rvals the request need to be mediated, usually an array

package/lib/esm/coreEnforcer.js

@@ -16,7 +16,7 @@ import { DefaultEffector, Effect } from './effect';
 import { FunctionMap, newModelFromFile } from './model';
 import { DefaultRoleManager } from './rbac';
 import { EnforceContext } from './enforceContext';
-import { escapeAssertion, generateGFunction, generateSyncedGFunction, getEvalValue, hasEval, replaceEval, generatorRunSync, generatorRunAsync, customIn, bracketCompatible, } from './util';
+import { escapeAssertion, generateGFunction, generateSyncedGFunction, getEvalValue, hasEval, replaceEval, generatorRunSync, generatorRunAsync, customIn, bracketCompatible, removeComments, } from './util';
 import { getLogger, logPrint } from './log';
 /**
  * CoreEnforcer defines the core functionality of an enforcer.
@@ -346,7 +346,7 @@ export class CoreEnforcer {
             await this.model.buildRoleLinks(this.rmMap);
         }
     }
-    *privateEnforce(asyncCompile = true, explain = false, enforceContext = new EnforceContext('r', 'p', 'e', 'm'), ...rvals) {
+    *privateEnforce(asyncCompile = true, explain = false, matcher, enforceContext = new EnforceContext('r', 'p', 'e', 'm'), ...rvals) {
         var _a, _b, _c, _d, _e, _f, _g, _h, _j;
         if (!this.enabled) {
             return true;
@@ -361,7 +361,13 @@ export class CoreEnforcer {
             const rm = value.rm;
             functions[key] = asyncCompile ? generateGFunction(rm) : generateSyncedGFunction(rm);
         });
-        const expString = (_b = (_a = this.model.model.get('m')) === null || _a === void 0 ? void 0 : _a.get(enforceContext.mType)) === null || _b === void 0 ? void 0 : _b.value;
+        let expString;
+        if (!matcher) {
+            expString = (_b = (_a = this.model.model.get('m')) === null || _a === void 0 ? void 0 : _a.get(enforceContext.mType)) === null || _b === void 0 ? void 0 : _b.value;
+        }
+        else {
+            expString = removeComments(escapeAssertion(matcher));
+        }
         if (!expString) {
             throw new Error('Unable to find matchers in model');
         }
@@ -510,9 +516,9 @@ export class CoreEnforcer {
     enforceSync(...rvals) {
         if (rvals[0] instanceof EnforceContext) {
             const enforceContext = rvals.shift();
-            return generatorRunSync(this.privateEnforce(false, false, enforceContext, ...rvals));
+            return generatorRunSync(this.privateEnforce(false, false, '', enforceContext, ...rvals));
         }
-        return generatorRunSync(this.privateEnforce(false, false, this.defaultEnforceContext, ...rvals));
+        return generatorRunSync(this.privateEnforce(false, false, '', this.defaultEnforceContext, ...rvals));
     }
     /**
      * If the matchers does not contain an asynchronous method, call it faster.
@@ -527,9 +533,9 @@ export class CoreEnforcer {
     enforceExSync(...rvals) {
         if (rvals[0] instanceof EnforceContext) {
             const enforceContext = rvals.shift();
-            return generatorRunSync(this.privateEnforce(false, true, enforceContext, ...rvals));
+            return generatorRunSync(this.privateEnforce(false, true, '', enforceContext, ...rvals));
         }
-        return generatorRunSync(this.privateEnforce(false, true, this.defaultEnforceContext, ...rvals));
+        return generatorRunSync(this.privateEnforce(false, true, '', this.defaultEnforceContext, ...rvals));
     }
     /**
      * Same as enforceSync. To be removed.
@@ -548,9 +554,26 @@ export class CoreEnforcer {
     async enforce(...rvals) {
         if (rvals[0] instanceof EnforceContext) {
             const enforceContext = rvals.shift();
-            return generatorRunAsync(this.privateEnforce(true, false, enforceContext, ...rvals));
+            return generatorRunAsync(this.privateEnforce(true, false, '', enforceContext, ...rvals));
         }
-        return generatorRunAsync(this.privateEnforce(true, false, this.defaultEnforceContext, ...rvals));
+        return generatorRunAsync(this.privateEnforce(true, false, '', this.defaultEnforceContext, ...rvals));
+    }
+    /**
+     * enforceWithMatcher decides whether a "subject" can access a "object" with
+     * the operation "action" but with the matcher passed,
+     * input parameters are usually: (matcher, sub, obj, act).
+     *
+     * @param matcher matcher string.
+     * @param rvals the request needs to be mediated, usually an array
+     *              of strings, can be class instances if ABAC is used.
+     * @return whether to allow the request.
+     */
+    async enforceWithMatcher(matcher, ...rvals) {
+        if (rvals[0] instanceof EnforceContext) {
+            const enforceContext = rvals.shift();
+            return generatorRunAsync(this.privateEnforce(true, false, matcher, enforceContext, ...rvals));
+        }
+        return generatorRunAsync(this.privateEnforce(true, false, matcher, this.defaultEnforceContext, ...rvals));
     }
     /**
      * enforce decides whether a "subject" can access a "object" with
@@ -563,9 +586,26 @@ export class CoreEnforcer {
     async enforceEx(...rvals) {
         if (rvals[0] instanceof EnforceContext) {
             const enforceContext = rvals.shift();
-            return generatorRunAsync(this.privateEnforce(true, true, enforceContext, ...rvals));
+            return generatorRunAsync(this.privateEnforce(true, true, '', enforceContext, ...rvals));
+        }
+        return generatorRunAsync(this.privateEnforce(true, true, '', this.defaultEnforceContext, ...rvals));
+    }
+    /**
+     * enforceExWithMatcher decides whether a "subject" can access a "object" with
+     * the operation "action" but with the matcher passed,
+     *  input parameters are usually: (matcher, sub, obj, act).
+     *
+     * @param matcher matcher string.
+     * @param rvals the request needs to be mediated, usually an array
+     *              of strings, can be class instances if ABAC is used.
+     * @return whether to allow the request and the reason rule.
+     */
+    async enforceExWithMatcher(matcher, ...rvals) {
+        if (rvals[0] instanceof EnforceContext) {
+            const enforceContext = rvals.shift();
+            return generatorRunAsync(this.privateEnforce(true, true, matcher, enforceContext, ...rvals));
         }
-        return generatorRunAsync(this.privateEnforce(true, true, this.defaultEnforceContext, ...rvals));
+        return generatorRunAsync(this.privateEnforce(true, true, matcher, this.defaultEnforceContext, ...rvals));
     }
     /**
      * batchEnforce enforces each request and returns result in a bool array.

package/lib/esm/util/builtinOperators.js

@@ -199,10 +199,18 @@ function keyMatch4Func(...args) {
 // For example, "/foo/bar?status=1&type=2" matches "/foo/bar"
 function KeyMatch5(key1, key2) {
     const i = key1.indexOf('?');
-    if (i === -1) {
-        return key1 === key2;
+    if (i !== -1) {
+        key1 = key1.slice(0, i);
+    }
+    key2 = key2.replace(/\/\*/g, '/.*');
+    const regexp = new RegExp(/(.*){[^/]+}(.*)/g);
+    for (;;) {
+        if (!key2.includes('/{')) {
+            break;
+        }
+        key2 = key2.replace(regexp, '$1[^/]+$2');
     }
-    return key1.slice(0, i) === key2;
+    return regexMatch(key1, '^' + key2 + '$');
 }
 // keyMatch5Func is the wrapper for KeyMatch5.
 function keyMatch5Func(...args) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "casbin",
-  "version": "5.26.2",
+  "version": "5.27.1",
   "description": "An authorization library that supports access control models like ACL, RBAC, ABAC in Node.JS",
   "main": "lib/cjs/index.js",
   "typings": "lib/cjs/index.d.ts",