casbin 5.41.0 → 5.43.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/CHANGELOG.md +17 -0
  2. package/examples/abac_not_using_policy_model.conf +11 -0
  3. package/examples/abac_rule_effect_policy.csv +4 -0
  4. package/examples/multiple_policy_definitions_model.conf +19 -0
  5. package/examples/multiple_policy_definitions_policy.csv +5 -0
  6. package/examples/rbac_with_multiple_policy_model.conf +17 -0
  7. package/examples/rbac_with_multiple_policy_policy.csv +9 -0
  8. package/lib/cjs/coreEnforcer.js +1 -1
  9. package/lib/cjs/util/util.js +8 -3
  10. package/lib/esm/coreEnforcer.js +1 -1
  11. package/lib/esm/util/util.js +8 -3
  12. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,3 +1,20 @@
1
+ # [5.43.0](https://github.com/casbin/node-casbin/compare/v5.42.0...v5.43.0) (2025-12-08)
2
+
3
+
4
+ ### Features
5
+
6
+ * add no-policy ABAC example and test ([#523](https://github.com/casbin/node-casbin/issues/523)) ([d982c05](https://github.com/casbin/node-casbin/commit/d982c058ef098716dbc5c7d4b218cc19950421a8))
7
+
8
+ # [5.42.0](https://github.com/casbin/node-casbin/compare/v5.41.0...v5.42.0) (2025-12-08)
9
+
10
+
11
+ ### Features
12
+
13
+ * configure CI workflow to trigger on master branch ([#521](https://github.com/casbin/node-casbin/issues/521)) ([02ec045](https://github.com/casbin/node-casbin/commit/02ec04525b95691ff5f9b76e6b42ade194e9745f))
14
+ * fix duplicate CI runs on pull requests ([#513](https://github.com/casbin/node-casbin/issues/513)) ([67ab8ee](https://github.com/casbin/node-casbin/commit/67ab8ee43a8b695d11dd73558a0c0cf0348756a7))
15
+ * fix escapeAssertion to preserve string literals ([#514](https://github.com/casbin/node-casbin/issues/514)) ([7801732](https://github.com/casbin/node-casbin/commit/7801732d5f050093a2d844917c7ad9862af78bd2))
16
+ * Support multiple policy definitions (p, p2) ([#518](https://github.com/casbin/node-casbin/issues/518)) ([1b1f1bb](https://github.com/casbin/node-casbin/commit/1b1f1bb181ea6c5bb43c330802a435d93f2fa2f0))
17
+
1
18
  # [5.41.0](https://github.com/casbin/node-casbin/compare/v5.40.0...v5.41.0) (2025-11-11)
2
19
 
3
20
 
package/examples/abac_not_using_policy_model.conf ADDED
@@ -0,0 +1,11 @@
1
+ [request_definition]
2
+ r = sub, obj, act
3
+
4
+ [policy_definition]
5
+ p = sub, obj, act, eft
6
+
7
+ [policy_effect]
8
+ e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
9
+
10
+ [matchers]
11
+ m = r.sub == r.obj.Owner
package/examples/abac_rule_effect_policy.csv ADDED
@@ -0,0 +1,4 @@
1
+ p, alice, /data1, read, deny
2
+ p, alice, /data1, write, allow
3
+ p, bob, /data2, write, deny
4
+ p, bob, /data2, read, allow
package/examples/multiple_policy_definitions_model.conf ADDED
@@ -0,0 +1,19 @@
1
+ [request_definition]
2
+ r = sub, obj, act
3
+ r2 = sub, obj, act
4
+
5
+ [policy_definition]
6
+ p = sub, obj, act
7
+ p2= sub_rule, obj, act, eft
8
+
9
+ [role_definition]
10
+ g = _, _
11
+
12
+ [policy_effect]
13
+ e = some(where (p.eft == allow))
14
+
15
+ [matchers]
16
+ #RABC
17
+ m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
18
+ #ABAC
19
+ m2 = eval(p2.sub_rule) && r2.obj == p2.obj && r2.act == p2.act
package/examples/multiple_policy_definitions_policy.csv ADDED
@@ -0,0 +1,5 @@
1
+ p, data2_admin, data2, read
2
+ p2, r2.sub.Age > 18 && r2.sub.Age < 60, /data1, read, allow
3
+ p2, r2.sub.Age > 60 && r2.sub.Age < 100, /data1, read, deny
4
+
5
+ g, alice, data2_admin
package/examples/rbac_with_multiple_policy_model.conf ADDED
@@ -0,0 +1,17 @@
1
+ [request_definition]
2
+ r = user, thing, action
3
+
4
+ [policy_definition]
5
+ p = role, thing, action
6
+ p2 = role, action
7
+
8
+ [policy_effect]
9
+ e = some(where (p.eft == allow))
10
+
11
+ [matchers]
12
+ m = g(r.user, p.role) && r.thing == p.thing && r.action == p.action
13
+ m2 = g(r.user, p2.role) && r.action == p.action
14
+
15
+ [role_definition]
16
+ g = _,_
17
+ g2 = _,_
package/examples/rbac_with_multiple_policy_policy.csv ADDED
@@ -0,0 +1,9 @@
1
+ p, user, /data, GET
2
+ p, admin, /data, POST
3
+
4
+ p2, user, view
5
+ p2, admin, create
6
+
7
+ g, admin, user
8
+ g, alice, admin
9
+ g2, alice, user
package/lib/cjs/coreEnforcer.js CHANGED
@@ -396,7 +396,7 @@ class CoreEnforcer {
396
396
  const rTokens = (_h = (_g = this.model.model.get('r')) === null || _g === void 0 ? void 0 : _g.get(enforceContext.rType)) === null || _h === void 0 ? void 0 : _h.tokens;
397
397
  const rTokensLen = rTokens === null || rTokens === void 0 ? void 0 : rTokens.length;
398
398
  const effectStream = this.eft.newStream(effectExpr);
399
- if (policyLen && policyLen !== 0) {
399
+ if (policyLen && policyLen !== 0 && expString.includes(`${enforceContext.pType}_`)) {
400
400
  for (let i = 0; i < policyLen; i++) {
401
401
  const parameters = {};
402
402
  if ((rTokens === null || rTokens === void 0 ? void 0 : rTokens.length) !== rvals.length) {
package/lib/cjs/util/util.js CHANGED
@@ -17,10 +17,15 @@ exports.bracketCompatible = exports.customIn = exports.deepCopy = exports.genera
17
17
  // escapeAssertion escapes the dots in the assertion,
18
18
  // because the expression evaluation doesn't support such variable names.
19
19
  const persist_1 = require("../persist");
20
- const escapeAssertionReg = new RegExp(/(^|[^A-Za-z0-9_])([rp])[0-9]*\./g);
20
+ const escapeAssertionReg = new RegExp(/([()\s|&,=!><+\-*/]|^)((r|p)[0-9]*)\./g);
21
21
  function escapeAssertion(s) {
22
- s = s.replace(escapeAssertionReg, (match, p1, p2) => {
23
- return p1 + p2 + match.substring(p1.length + p2.length).replace('.', '_');
22
+ s = s.replace(escapeAssertionReg, (match) => {
23
+ // Replace only the last dot with underscore (preserve the prefix character)
24
+ const lastDotIdx = match.lastIndexOf('.');
25
+ if (lastDotIdx > 0) {
26
+ return match.substring(0, lastDotIdx) + '_';
27
+ }
28
+ return match;
24
29
  });
25
30
  return s;
26
31
  }
package/lib/esm/coreEnforcer.js CHANGED
@@ -393,7 +393,7 @@ export class CoreEnforcer {
393
393
  const rTokens = (_h = (_g = this.model.model.get('r')) === null || _g === void 0 ? void 0 : _g.get(enforceContext.rType)) === null || _h === void 0 ? void 0 : _h.tokens;
394
394
  const rTokensLen = rTokens === null || rTokens === void 0 ? void 0 : rTokens.length;
395
395
  const effectStream = this.eft.newStream(effectExpr);
396
- if (policyLen && policyLen !== 0) {
396
+ if (policyLen && policyLen !== 0 && expString.includes(`${enforceContext.pType}_`)) {
397
397
  for (let i = 0; i < policyLen; i++) {
398
398
  const parameters = {};
399
399
  if ((rTokens === null || rTokens === void 0 ? void 0 : rTokens.length) !== rvals.length) {
package/lib/esm/util/util.js CHANGED
@@ -14,10 +14,15 @@
14
14
  // escapeAssertion escapes the dots in the assertion,
15
15
  // because the expression evaluation doesn't support such variable names.
16
16
  import { mustGetDefaultFileSystem } from '../persist';
17
- const escapeAssertionReg = new RegExp(/(^|[^A-Za-z0-9_])([rp])[0-9]*\./g);
17
+ const escapeAssertionReg = new RegExp(/([()\s|&,=!><+\-*/]|^)((r|p)[0-9]*)\./g);
18
18
  function escapeAssertion(s) {
19
- s = s.replace(escapeAssertionReg, (match, p1, p2) => {
20
- return p1 + p2 + match.substring(p1.length + p2.length).replace('.', '_');
19
+ s = s.replace(escapeAssertionReg, (match) => {
20
+ // Replace only the last dot with underscore (preserve the prefix character)
21
+ const lastDotIdx = match.lastIndexOf('.');
22
+ if (lastDotIdx > 0) {
23
+ return match.substring(0, lastDotIdx) + '_';
24
+ }
25
+ return match;
21
26
  });
22
27
  return s;
23
28
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "casbin",
3
- "version": "5.41.0",
3
+ "version": "5.43.0",
4
4
  "description": "An authorization library that supports access control models like ACL, RBAC, ABAC in Node.JS",
5
5
  "main": "lib/cjs/index.js",
6
6
  "typings": "lib/cjs/index.d.ts",