casbin 5.48.0 → 5.49.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/cachedEnforcer.js +1 -1
- package/lib/cjs/config.js +1 -1
- package/lib/cjs/coreEnforcer.js +25 -25
- package/lib/cjs/effect/defaultEffectorStream.js +5 -5
- package/lib/cjs/effect/index.js +6 -2
- package/lib/cjs/enforceContext.js +2 -1
- package/lib/cjs/enforcer.js +17 -13
- package/lib/cjs/frontend.js +2 -2
- package/lib/cjs/index.js +7 -3
- package/lib/cjs/internalEnforcer.js +7 -7
- package/lib/cjs/log/index.js +6 -2
- package/lib/cjs/model/assertion.js +7 -3
- package/lib/cjs/model/functionMap.d.ts +1 -1
- package/lib/cjs/model/functionMap.js +6 -2
- package/lib/cjs/model/index.js +6 -2
- package/lib/cjs/model/model.js +17 -13
- package/lib/cjs/persist/defaultFilteredAdapter.js +1 -1
- package/lib/cjs/persist/fileAdapter.js +4 -4
- package/lib/cjs/persist/fileSystem.d.ts +1 -1
- package/lib/cjs/persist/fileSystem.js +6 -3
- package/lib/cjs/persist/helper.js +1 -1
- package/lib/cjs/persist/index.js +6 -2
- package/lib/cjs/rbac/defaultRoleManager.d.ts +1 -1
- package/lib/cjs/rbac/defaultRoleManager.js +2 -2
- package/lib/cjs/rbac/index.js +6 -2
- package/lib/cjs/syncedEnforcer.js +1 -1
- package/lib/cjs/util/builtinOperators.js +1 -1
- package/lib/cjs/util/index.js +6 -2
- package/lib/cjs/util/ip.d.ts +3 -3
- package/lib/cjs/util/util.d.ts +2 -2
- package/lib/cjs/util/util.js +4 -4
- package/lib/esm/constants.js +1 -0
- package/lib/esm/effect/defaultEffectorStream.js +5 -5
- package/lib/esm/effect/effectorStream.js +1 -0
- package/lib/esm/enforcer.js +5 -5
- package/lib/esm/internalEnforcer.js +7 -7
- package/lib/esm/log/logger.js +1 -0
- package/lib/esm/model/functionMap.d.ts +1 -1
- package/lib/esm/model/model.js +6 -6
- package/lib/esm/persist/adapter.js +1 -0
- package/lib/esm/persist/batchAdapter.js +1 -0
- package/lib/esm/persist/fileSystem.d.ts +1 -1
- package/lib/esm/persist/filteredAdapter.js +1 -0
- package/lib/esm/persist/updatableAdapter.js +1 -0
- package/lib/esm/persist/watcher.js +1 -0
- package/lib/esm/persist/watcherEx.js +1 -0
- package/lib/esm/rbac/defaultRoleManager.d.ts +1 -1
- package/lib/esm/rbac/roleManager.js +1 -0
- package/lib/esm/util/ip.d.ts +3 -3
- package/lib/esm/util/util.d.ts +2 -2
- package/lib/esm/util/util.js +2 -2
- package/package.json +3 -3
package/lib/cjs/model/model.js
CHANGED
|
@@ -14,7 +14,11 @@
|
|
|
14
14
|
// limitations under the License.
|
|
15
15
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
16
16
|
if (k2 === undefined) k2 = k;
|
|
17
|
-
Object.
|
|
17
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
18
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
19
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
20
|
+
}
|
|
21
|
+
Object.defineProperty(o, k2, desc);
|
|
18
22
|
}) : (function(o, m, k, k2) {
|
|
19
23
|
if (k2 === undefined) k2 = k;
|
|
20
24
|
o[k2] = m[k];
|
|
@@ -27,7 +31,7 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
|
|
|
27
31
|
var __importStar = (this && this.__importStar) || function (mod) {
|
|
28
32
|
if (mod && mod.__esModule) return mod;
|
|
29
33
|
var result = {};
|
|
30
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
34
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
31
35
|
__setModuleDefault(result, mod);
|
|
32
36
|
return result;
|
|
33
37
|
};
|
|
@@ -169,10 +173,10 @@ class Model {
|
|
|
169
173
|
}
|
|
170
174
|
// printModel prints the model to the log.
|
|
171
175
|
printModel() {
|
|
172
|
-
log_1.logPrint('Model:');
|
|
176
|
+
(0, log_1.logPrint)('Model:');
|
|
173
177
|
this.model.forEach((value, key) => {
|
|
174
178
|
value.forEach((ast, astKey) => {
|
|
175
|
-
log_1.logPrint(`${key}.${astKey}: ${ast.value}`);
|
|
179
|
+
(0, log_1.logPrint)(`${key}.${astKey}: ${ast.value}`);
|
|
176
180
|
});
|
|
177
181
|
});
|
|
178
182
|
}
|
|
@@ -425,14 +429,14 @@ class Model {
|
|
|
425
429
|
}
|
|
426
430
|
// printPolicy prints the policy to log.
|
|
427
431
|
printPolicy() {
|
|
428
|
-
if (!log_1.getLogger().isEnable()) {
|
|
432
|
+
if (!(0, log_1.getLogger)().isEnable()) {
|
|
429
433
|
return;
|
|
430
434
|
}
|
|
431
|
-
log_1.logPrint('Policy:');
|
|
435
|
+
(0, log_1.logPrint)('Policy:');
|
|
432
436
|
this.model.forEach((map, key) => {
|
|
433
437
|
if (key === 'p' || key === 'g') {
|
|
434
438
|
map.forEach((ast) => {
|
|
435
|
-
log_1.logPrint(`key, : ${ast.value}, : , ${ast.policy}`);
|
|
439
|
+
(0, log_1.logPrint)(`key, : ${ast.value}, : , ${ast.policy}`);
|
|
436
440
|
});
|
|
437
441
|
}
|
|
438
442
|
});
|
|
@@ -469,12 +473,12 @@ class Model {
|
|
|
469
473
|
*/
|
|
470
474
|
sortPoliciesBySubjectHierarchy() {
|
|
471
475
|
var _a, _b, _c;
|
|
472
|
-
if (((_b = (_a = this.model.get('e')) === null || _a === void 0 ? void 0 : _a.get('e')) === null || _b === void 0 ? void 0 : _b.value) !== "subjectPriority(p_eft) || deny" /* SUBJECT_PRIORITY */) {
|
|
476
|
+
if (((_b = (_a = this.model.get('e')) === null || _a === void 0 ? void 0 : _a.get('e')) === null || _b === void 0 ? void 0 : _b.value) !== "subjectPriority(p_eft) || deny" /* EffectExpress.SUBJECT_PRIORITY */) {
|
|
473
477
|
return;
|
|
474
478
|
}
|
|
475
479
|
(_c = this.model.get('p')) === null || _c === void 0 ? void 0 : _c.forEach((assertion, ptype) => {
|
|
476
|
-
const domainIndex = this.getFieldIndex(ptype, "dom" /* Domain */);
|
|
477
|
-
const subIndex = this.getFieldIndex(ptype, "sub" /* Subject */);
|
|
480
|
+
const domainIndex = this.getFieldIndex(ptype, "dom" /* FieldIndex.Domain */);
|
|
481
|
+
const subIndex = this.getFieldIndex(ptype, "sub" /* FieldIndex.Subject */);
|
|
478
482
|
// eslint-disable-next-line
|
|
479
483
|
const subjectHierarchyMap = this.getSubjectHierarchyMap(this.model.get('g').get('g').policy);
|
|
480
484
|
assertion.policy.sort((policyA, policyB) => {
|
|
@@ -500,9 +504,9 @@ class Model {
|
|
|
500
504
|
let domain = defaultDomain;
|
|
501
505
|
groupPolicies.forEach((policy) => {
|
|
502
506
|
if (policy.length !== 2)
|
|
503
|
-
domain = policy[this.getFieldIndex('p', "dom" /* Domain */)];
|
|
504
|
-
const child = this.getNameWithDomain(domain, policy[this.getFieldIndex('p', "sub" /* Subject */)]);
|
|
505
|
-
const parent = this.getNameWithDomain(domain, policy[this.getFieldIndex('p', "obj" /* Object */)]);
|
|
507
|
+
domain = policy[this.getFieldIndex('p', "dom" /* FieldIndex.Domain */)];
|
|
508
|
+
const child = this.getNameWithDomain(domain, policy[this.getFieldIndex('p', "sub" /* FieldIndex.Subject */)]);
|
|
509
|
+
const parent = this.getNameWithDomain(domain, policy[this.getFieldIndex('p', "obj" /* FieldIndex.Object */)]);
|
|
506
510
|
policyMap.set(child, parent);
|
|
507
511
|
if (!subjectHierarchyMap.has(child)) {
|
|
508
512
|
subjectHierarchyMap.set(child, 0);
|
|
@@ -33,7 +33,7 @@ class DefaultFilteredAdapter extends fileAdapter_1.FileAdapter {
|
|
|
33
33
|
this.filtered = true;
|
|
34
34
|
}
|
|
35
35
|
async loadFilteredPolicyFile(model, filter, handler) {
|
|
36
|
-
const bodyBuf = await util_1.readFile(this.filePath);
|
|
36
|
+
const bodyBuf = await (0, util_1.readFile)(this.filePath);
|
|
37
37
|
const lines = bodyBuf.toString().split('\n');
|
|
38
38
|
lines.forEach((n, index) => {
|
|
39
39
|
const line = n;
|
|
@@ -27,7 +27,7 @@ class FileAdapter {
|
|
|
27
27
|
await this.loadPolicyFile(model, helper_1.Helper.loadPolicyLine);
|
|
28
28
|
}
|
|
29
29
|
async loadPolicyFile(model, handler) {
|
|
30
|
-
const bodyBuf = await (this.fs ? this.fs : fileSystem_1.mustGetDefaultFileSystem()).readFileSync(this.filePath);
|
|
30
|
+
const bodyBuf = await (this.fs ? this.fs : (0, fileSystem_1.mustGetDefaultFileSystem)()).readFileSync(this.filePath);
|
|
31
31
|
const lines = bodyBuf.toString().split('\n');
|
|
32
32
|
lines.forEach((line) => {
|
|
33
33
|
if (!line || line.trim().startsWith('#')) {
|
|
@@ -52,7 +52,7 @@ class FileAdapter {
|
|
|
52
52
|
pList.forEach((n) => {
|
|
53
53
|
n.policy.forEach((m) => {
|
|
54
54
|
result += n.key + ', ';
|
|
55
|
-
result += util_1.arrayToString(m);
|
|
55
|
+
result += (0, util_1.arrayToString)(m);
|
|
56
56
|
result += '\n';
|
|
57
57
|
});
|
|
58
58
|
});
|
|
@@ -63,7 +63,7 @@ class FileAdapter {
|
|
|
63
63
|
gList.forEach((n) => {
|
|
64
64
|
n.policy.forEach((m) => {
|
|
65
65
|
result += n.key + ', ';
|
|
66
|
-
result += util_1.arrayToString(m.map((element) => this.escapeCsv(element)));
|
|
66
|
+
result += (0, util_1.arrayToString)(m.map((element) => this.escapeCsv(element)));
|
|
67
67
|
result += '\n';
|
|
68
68
|
});
|
|
69
69
|
});
|
|
@@ -78,7 +78,7 @@ class FileAdapter {
|
|
|
78
78
|
return value;
|
|
79
79
|
}
|
|
80
80
|
async savePolicyFile(text) {
|
|
81
|
-
(this.fs ? this.fs : fileSystem_1.mustGetDefaultFileSystem()).writeFileSync(this.filePath, text);
|
|
81
|
+
(this.fs ? this.fs : (0, fileSystem_1.mustGetDefaultFileSystem)()).writeFileSync(this.filePath, text);
|
|
82
82
|
}
|
|
83
83
|
/**
|
|
84
84
|
* addPolicy adds a policy rule to the storage.
|
|
@@ -3,6 +3,6 @@ export interface FileSystem {
|
|
|
3
3
|
readFileSync(path: string, encoding?: string): Buffer | string;
|
|
4
4
|
writeFileSync(path: string, text: string, encoding?: string): void;
|
|
5
5
|
}
|
|
6
|
-
export declare const setDefaultFileSystem: (fs?: FileSystem
|
|
6
|
+
export declare const setDefaultFileSystem: (fs?: FileSystem) => void;
|
|
7
7
|
export declare const getDefaultFileSystem: () => FileSystem | undefined;
|
|
8
8
|
export declare const mustGetDefaultFileSystem: () => FileSystem;
|
|
@@ -3,13 +3,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.mustGetDefaultFileSystem = exports.getDefaultFileSystem = exports.setDefaultFileSystem = void 0;
|
|
4
4
|
let defaultFileSystem = undefined;
|
|
5
5
|
const ErrorNoFileSystem = new Error('please set the default FileSystem by call the setDefaultFileSystem');
|
|
6
|
-
|
|
6
|
+
const setDefaultFileSystem = (fs) => {
|
|
7
7
|
defaultFileSystem = fs;
|
|
8
8
|
};
|
|
9
|
-
exports.
|
|
10
|
-
|
|
9
|
+
exports.setDefaultFileSystem = setDefaultFileSystem;
|
|
10
|
+
const getDefaultFileSystem = () => defaultFileSystem;
|
|
11
|
+
exports.getDefaultFileSystem = getDefaultFileSystem;
|
|
12
|
+
const mustGetDefaultFileSystem = () => {
|
|
11
13
|
if (defaultFileSystem) {
|
|
12
14
|
return defaultFileSystem;
|
|
13
15
|
}
|
|
14
16
|
throw ErrorNoFileSystem;
|
|
15
17
|
};
|
|
18
|
+
exports.mustGetDefaultFileSystem = mustGetDefaultFileSystem;
|
package/lib/cjs/persist/index.js
CHANGED
|
@@ -1,13 +1,17 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
3
|
if (k2 === undefined) k2 = k;
|
|
4
|
-
Object.
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
5
9
|
}) : (function(o, m, k, k2) {
|
|
6
10
|
if (k2 === undefined) k2 = k;
|
|
7
11
|
o[k2] = m[k];
|
|
8
12
|
}));
|
|
9
13
|
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
10
|
-
for (var p in m) if (p !== "default" && !
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
11
15
|
};
|
|
12
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
13
17
|
__exportStar(require("./adapter"), exports);
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { RoleManager } from './roleManager';
|
|
2
|
-
export
|
|
2
|
+
export type MatchingFunc = (arg1: string, arg2: string) => boolean;
|
|
3
3
|
export declare class DefaultRoleManager implements RoleManager {
|
|
4
4
|
private allDomains;
|
|
5
5
|
private maxHierarchyLevel;
|
|
@@ -289,9 +289,9 @@ class DefaultRoleManager {
|
|
|
289
289
|
* printRoles prints all the roles to log.
|
|
290
290
|
*/
|
|
291
291
|
async printRoles() {
|
|
292
|
-
if (log_1.getLogger().isEnable()) {
|
|
292
|
+
if ((0, log_1.getLogger)().isEnable()) {
|
|
293
293
|
[...this.allDomains.values()].forEach((n) => {
|
|
294
|
-
log_1.logPrint(n.toString());
|
|
294
|
+
(0, log_1.logPrint)(n.toString());
|
|
295
295
|
});
|
|
296
296
|
}
|
|
297
297
|
}
|
package/lib/cjs/rbac/index.js
CHANGED
|
@@ -14,13 +14,17 @@
|
|
|
14
14
|
// limitations under the License.
|
|
15
15
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
16
16
|
if (k2 === undefined) k2 = k;
|
|
17
|
-
Object.
|
|
17
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
18
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
19
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
20
|
+
}
|
|
21
|
+
Object.defineProperty(o, k2, desc);
|
|
18
22
|
}) : (function(o, m, k, k2) {
|
|
19
23
|
if (k2 === undefined) k2 = k;
|
|
20
24
|
o[k2] = m[k];
|
|
21
25
|
}));
|
|
22
26
|
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
23
|
-
for (var p in m) if (p !== "default" && !
|
|
27
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
24
28
|
};
|
|
25
29
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
30
|
__exportStar(require("./defaultRoleManager"), exports);
|
|
@@ -488,6 +488,6 @@ class SyncedEnforcer extends enforcer_1.Enforcer {
|
|
|
488
488
|
exports.SyncedEnforcer = SyncedEnforcer;
|
|
489
489
|
// newSyncedEnforcer creates a synchronized enforcer via file or DB.
|
|
490
490
|
async function newSyncedEnforcer(...params) {
|
|
491
|
-
return enforcer_1.newEnforcerWithClass(SyncedEnforcer, ...params);
|
|
491
|
+
return (0, enforcer_1.newEnforcerWithClass)(SyncedEnforcer, ...params);
|
|
492
492
|
}
|
|
493
493
|
exports.newSyncedEnforcer = newSyncedEnforcer;
|
|
@@ -284,7 +284,7 @@ function globMatch(string, pattern) {
|
|
|
284
284
|
if (pattern[0] === '*' && pattern[1] === '/') {
|
|
285
285
|
pattern = pattern.substring(1);
|
|
286
286
|
}
|
|
287
|
-
return minimatch_1.minimatch(string, pattern);
|
|
287
|
+
return (0, minimatch_1.minimatch)(string, pattern);
|
|
288
288
|
}
|
|
289
289
|
exports.globMatch = globMatch;
|
|
290
290
|
// generateGFunction is the factory method of the g(_, _) function.
|
package/lib/cjs/util/index.js
CHANGED
|
@@ -14,13 +14,17 @@
|
|
|
14
14
|
// limitations under the License.
|
|
15
15
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
16
16
|
if (k2 === undefined) k2 = k;
|
|
17
|
-
Object.
|
|
17
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
18
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
19
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
20
|
+
}
|
|
21
|
+
Object.defineProperty(o, k2, desc);
|
|
18
22
|
}) : (function(o, m, k, k2) {
|
|
19
23
|
if (k2 === undefined) k2 = k;
|
|
20
24
|
o[k2] = m[k];
|
|
21
25
|
}));
|
|
22
26
|
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
23
|
-
for (var p in m) if (p !== "default" && !
|
|
27
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
24
28
|
};
|
|
25
29
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
30
|
__exportStar(require("./builtinOperators"), exports);
|
package/lib/cjs/util/ip.d.ts
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import { Buffer } from 'buffer/';
|
|
2
2
|
export declare const ip: {
|
|
3
|
-
toBuffer: (ip: string, buff?: Buffer
|
|
4
|
-
toString: (buff: Buffer, offset?: number
|
|
3
|
+
toBuffer: (ip: string, buff?: Buffer, offset?: number) => Buffer;
|
|
4
|
+
toString: (buff: Buffer, offset?: number, length?: number) => string;
|
|
5
5
|
isV4Format: (ip: string) => boolean;
|
|
6
6
|
isV6Format: (ip: string) => boolean;
|
|
7
|
-
fromPrefixLen: (prefixlen: number, family?: string
|
|
7
|
+
fromPrefixLen: (prefixlen: number, family?: string) => string;
|
|
8
8
|
mask: (addr: string, mask: string) => string;
|
|
9
9
|
subnet: (addr: string, mask: string) => any;
|
|
10
10
|
cidrSubnet: (cidrString: string) => any;
|
package/lib/cjs/util/util.d.ts
CHANGED
|
@@ -6,8 +6,8 @@ declare function arrayRemoveDuplicates(s: string[]): string[];
|
|
|
6
6
|
declare function arrayToString(a: string[]): string;
|
|
7
7
|
declare function paramsToString(...v: string[]): string;
|
|
8
8
|
declare function setEquals(a: string[], b: string[]): boolean;
|
|
9
|
-
declare function readFile(path: string, encoding?: string):
|
|
10
|
-
declare function writeFile(path: string, file: string, encoding?: string):
|
|
9
|
+
declare function readFile(path: string, encoding?: string): Promise<string>;
|
|
10
|
+
declare function writeFile(path: string, file: string, encoding?: string): Promise<void>;
|
|
11
11
|
declare function hasEval(s: string): boolean;
|
|
12
12
|
declare function replaceEval(s: string, ruleName: string, rule: string): string;
|
|
13
13
|
declare function getEvalValue(s: string): string[];
|
package/lib/cjs/util/util.js
CHANGED
|
@@ -88,11 +88,11 @@ function setEquals(a, b) {
|
|
|
88
88
|
exports.setEquals = setEquals;
|
|
89
89
|
// readFile return a promise for readFile.
|
|
90
90
|
function readFile(path, encoding) {
|
|
91
|
-
const fs = persist_1.mustGetDefaultFileSystem();
|
|
91
|
+
const fs = (0, persist_1.mustGetDefaultFileSystem)();
|
|
92
92
|
return new Promise((resolve, reject) => {
|
|
93
93
|
try {
|
|
94
|
-
fs.readFileSync(path, encoding || 'utf8');
|
|
95
|
-
resolve();
|
|
94
|
+
const content = fs.readFileSync(path, encoding || 'utf8');
|
|
95
|
+
resolve(content);
|
|
96
96
|
}
|
|
97
97
|
catch (e) {
|
|
98
98
|
reject(e);
|
|
@@ -102,7 +102,7 @@ function readFile(path, encoding) {
|
|
|
102
102
|
exports.readFile = readFile;
|
|
103
103
|
// writeFile return a promise for writeFile.
|
|
104
104
|
function writeFile(path, file, encoding) {
|
|
105
|
-
const fs = persist_1.mustGetDefaultFileSystem();
|
|
105
|
+
const fs = (0, persist_1.mustGetDefaultFileSystem)();
|
|
106
106
|
return new Promise((resolve, reject) => {
|
|
107
107
|
try {
|
|
108
108
|
fs.writeFileSync(path, file, encoding || 'utf-8');
|
package/lib/esm/constants.js
CHANGED
|
@@ -27,14 +27,14 @@ export class DefaultEffectorStream {
|
|
|
27
27
|
}
|
|
28
28
|
pushEffect(eft) {
|
|
29
29
|
switch (this.expr) {
|
|
30
|
-
case "some(where (p_eft == allow))" /* ALLOW */:
|
|
30
|
+
case "some(where (p_eft == allow))" /* EffectExpress.ALLOW */:
|
|
31
31
|
if (eft === Effect.Allow) {
|
|
32
32
|
this.res = true;
|
|
33
33
|
this.done = true;
|
|
34
34
|
this.rec = true;
|
|
35
35
|
}
|
|
36
36
|
break;
|
|
37
|
-
case "!some(where (p_eft == deny))" /* DENY */:
|
|
37
|
+
case "!some(where (p_eft == deny))" /* EffectExpress.DENY */:
|
|
38
38
|
this.res = true;
|
|
39
39
|
if (eft === Effect.Deny) {
|
|
40
40
|
this.res = false;
|
|
@@ -42,7 +42,7 @@ export class DefaultEffectorStream {
|
|
|
42
42
|
this.rec = true;
|
|
43
43
|
}
|
|
44
44
|
break;
|
|
45
|
-
case "some(where (p_eft == allow)) && !some(where (p_eft == deny))" /* ALLOW_AND_DENY */:
|
|
45
|
+
case "some(where (p_eft == allow)) && !some(where (p_eft == deny))" /* EffectExpress.ALLOW_AND_DENY */:
|
|
46
46
|
if (eft === Effect.Allow) {
|
|
47
47
|
this.res = true;
|
|
48
48
|
this.rec = true;
|
|
@@ -56,8 +56,8 @@ export class DefaultEffectorStream {
|
|
|
56
56
|
this.rec = false;
|
|
57
57
|
}
|
|
58
58
|
break;
|
|
59
|
-
case "priority(p_eft) || deny" /* PRIORITY */:
|
|
60
|
-
case "subjectPriority(p_eft) || deny" /* SUBJECT_PRIORITY */:
|
|
59
|
+
case "priority(p_eft) || deny" /* EffectExpress.PRIORITY */:
|
|
60
|
+
case "subjectPriority(p_eft) || deny" /* EffectExpress.SUBJECT_PRIORITY */:
|
|
61
61
|
if (eft !== Effect.Indeterminate) {
|
|
62
62
|
this.res = eft === Effect.Allow;
|
|
63
63
|
this.done = true;
|
package/lib/esm/enforcer.js
CHANGED
|
@@ -178,7 +178,7 @@ export class Enforcer extends ManagementEnforcer {
|
|
|
178
178
|
throw new Error('user must not be empty');
|
|
179
179
|
}
|
|
180
180
|
if (domain === undefined) {
|
|
181
|
-
const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
|
|
181
|
+
const subIndex = this.getFieldIndex('p', "sub" /* FieldIndex.Subject */);
|
|
182
182
|
return this.removeFilteredGroupingPolicy(subIndex, user);
|
|
183
183
|
}
|
|
184
184
|
else {
|
|
@@ -196,7 +196,7 @@ export class Enforcer extends ManagementEnforcer {
|
|
|
196
196
|
if (!user) {
|
|
197
197
|
throw new Error('user must not be empty');
|
|
198
198
|
}
|
|
199
|
-
const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
|
|
199
|
+
const subIndex = this.getFieldIndex('p', "sub" /* FieldIndex.Subject */);
|
|
200
200
|
const res1 = await this.removeFilteredGroupingPolicy(subIndex, user);
|
|
201
201
|
const res2 = await this.removeFilteredPolicy(subIndex, user);
|
|
202
202
|
return res1 || res2;
|
|
@@ -212,7 +212,7 @@ export class Enforcer extends ManagementEnforcer {
|
|
|
212
212
|
if (!role) {
|
|
213
213
|
throw new Error('role must not be empty');
|
|
214
214
|
}
|
|
215
|
-
const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
|
|
215
|
+
const subIndex = this.getFieldIndex('p', "sub" /* FieldIndex.Subject */);
|
|
216
216
|
const res1 = await this.removeFilteredGroupingPolicy(subIndex, role);
|
|
217
217
|
const res2 = await this.removeFilteredPolicy(subIndex, role);
|
|
218
218
|
return res1 || res2;
|
|
@@ -268,7 +268,7 @@ export class Enforcer extends ManagementEnforcer {
|
|
|
268
268
|
if (!user) {
|
|
269
269
|
throw new Error('user must not be empty');
|
|
270
270
|
}
|
|
271
|
-
const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
|
|
271
|
+
const subIndex = this.getFieldIndex('p', "sub" /* FieldIndex.Subject */);
|
|
272
272
|
return this.removeFilteredPolicy(subIndex, user);
|
|
273
273
|
}
|
|
274
274
|
/**
|
|
@@ -278,7 +278,7 @@ export class Enforcer extends ManagementEnforcer {
|
|
|
278
278
|
* @return the permissions, a permission is usually like (obj, act). It is actually the rule without the subject.
|
|
279
279
|
*/
|
|
280
280
|
async getPermissionsForUser(user) {
|
|
281
|
-
const subIndex = this.getFieldIndex('p', "sub" /* Subject */);
|
|
281
|
+
const subIndex = this.getFieldIndex('p', "sub" /* FieldIndex.Subject */);
|
|
282
282
|
return this.getFilteredPolicy(subIndex, user);
|
|
283
283
|
}
|
|
284
284
|
/**
|
|
@@ -30,7 +30,7 @@ export class InternalEnforcer extends CoreEnforcer {
|
|
|
30
30
|
await this.adapter.addPolicy(sec, ptype, rule);
|
|
31
31
|
}
|
|
32
32
|
catch (e) {
|
|
33
|
-
if (e.message !== 'not implemented') {
|
|
33
|
+
if (e instanceof Error && e.message !== 'not implemented') {
|
|
34
34
|
throw e;
|
|
35
35
|
}
|
|
36
36
|
}
|
|
@@ -67,7 +67,7 @@ export class InternalEnforcer extends CoreEnforcer {
|
|
|
67
67
|
await this.adapter.addPolicies(sec, ptype, rules);
|
|
68
68
|
}
|
|
69
69
|
catch (e) {
|
|
70
|
-
if (e.message !== 'not implemented') {
|
|
70
|
+
if (e instanceof Error && e.message !== 'not implemented') {
|
|
71
71
|
throw e;
|
|
72
72
|
}
|
|
73
73
|
}
|
|
@@ -112,7 +112,7 @@ export class InternalEnforcer extends CoreEnforcer {
|
|
|
112
112
|
await this.adapter.addPolicies(sec, ptype, newRules);
|
|
113
113
|
}
|
|
114
114
|
catch (e) {
|
|
115
|
-
if (e.message !== 'not implemented') {
|
|
115
|
+
if (e instanceof Error && e.message !== 'not implemented') {
|
|
116
116
|
throw e;
|
|
117
117
|
}
|
|
118
118
|
}
|
|
@@ -152,7 +152,7 @@ export class InternalEnforcer extends CoreEnforcer {
|
|
|
152
152
|
await this.adapter.updatePolicy(sec, ptype, oldRule, newRule);
|
|
153
153
|
}
|
|
154
154
|
catch (e) {
|
|
155
|
-
if (e.message !== 'not implemented') {
|
|
155
|
+
if (e instanceof Error && e.message !== 'not implemented') {
|
|
156
156
|
throw e;
|
|
157
157
|
}
|
|
158
158
|
}
|
|
@@ -190,7 +190,7 @@ export class InternalEnforcer extends CoreEnforcer {
|
|
|
190
190
|
await this.adapter.removePolicy(sec, ptype, rule);
|
|
191
191
|
}
|
|
192
192
|
catch (e) {
|
|
193
|
-
if (e.message !== 'not implemented') {
|
|
193
|
+
if (e instanceof Error && e.message !== 'not implemented') {
|
|
194
194
|
throw e;
|
|
195
195
|
}
|
|
196
196
|
}
|
|
@@ -226,7 +226,7 @@ export class InternalEnforcer extends CoreEnforcer {
|
|
|
226
226
|
await this.adapter.removePolicies(sec, ptype, rules);
|
|
227
227
|
}
|
|
228
228
|
catch (e) {
|
|
229
|
-
if (e.message !== 'not implemented') {
|
|
229
|
+
if (e instanceof Error && e.message !== 'not implemented') {
|
|
230
230
|
throw e;
|
|
231
231
|
}
|
|
232
232
|
}
|
|
@@ -262,7 +262,7 @@ export class InternalEnforcer extends CoreEnforcer {
|
|
|
262
262
|
await this.adapter.removeFilteredPolicy(sec, ptype, fieldIndex, ...fieldValues);
|
|
263
263
|
}
|
|
264
264
|
catch (e) {
|
|
265
|
-
if (e.message !== 'not implemented') {
|
|
265
|
+
if (e instanceof Error && e.message !== 'not implemented') {
|
|
266
266
|
throw e;
|
|
267
267
|
}
|
|
268
268
|
}
|
package/lib/esm/log/logger.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export
|
|
1
|
+
export type MatchingFunction = (...arg: any[]) => boolean | number | string | Promise<boolean> | Promise<number> | Promise<string>;
|
|
2
2
|
export declare class FunctionMap {
|
|
3
3
|
private functions;
|
|
4
4
|
/**
|
package/lib/esm/model/model.js
CHANGED
|
@@ -447,12 +447,12 @@ export class Model {
|
|
|
447
447
|
*/
|
|
448
448
|
sortPoliciesBySubjectHierarchy() {
|
|
449
449
|
var _a, _b, _c;
|
|
450
|
-
if (((_b = (_a = this.model.get('e')) === null || _a === void 0 ? void 0 : _a.get('e')) === null || _b === void 0 ? void 0 : _b.value) !== "subjectPriority(p_eft) || deny" /* SUBJECT_PRIORITY */) {
|
|
450
|
+
if (((_b = (_a = this.model.get('e')) === null || _a === void 0 ? void 0 : _a.get('e')) === null || _b === void 0 ? void 0 : _b.value) !== "subjectPriority(p_eft) || deny" /* EffectExpress.SUBJECT_PRIORITY */) {
|
|
451
451
|
return;
|
|
452
452
|
}
|
|
453
453
|
(_c = this.model.get('p')) === null || _c === void 0 ? void 0 : _c.forEach((assertion, ptype) => {
|
|
454
|
-
const domainIndex = this.getFieldIndex(ptype, "dom" /* Domain */);
|
|
455
|
-
const subIndex = this.getFieldIndex(ptype, "sub" /* Subject */);
|
|
454
|
+
const domainIndex = this.getFieldIndex(ptype, "dom" /* FieldIndex.Domain */);
|
|
455
|
+
const subIndex = this.getFieldIndex(ptype, "sub" /* FieldIndex.Subject */);
|
|
456
456
|
// eslint-disable-next-line
|
|
457
457
|
const subjectHierarchyMap = this.getSubjectHierarchyMap(this.model.get('g').get('g').policy);
|
|
458
458
|
assertion.policy.sort((policyA, policyB) => {
|
|
@@ -478,9 +478,9 @@ export class Model {
|
|
|
478
478
|
let domain = defaultDomain;
|
|
479
479
|
groupPolicies.forEach((policy) => {
|
|
480
480
|
if (policy.length !== 2)
|
|
481
|
-
domain = policy[this.getFieldIndex('p', "dom" /* Domain */)];
|
|
482
|
-
const child = this.getNameWithDomain(domain, policy[this.getFieldIndex('p', "sub" /* Subject */)]);
|
|
483
|
-
const parent = this.getNameWithDomain(domain, policy[this.getFieldIndex('p', "obj" /* Object */)]);
|
|
481
|
+
domain = policy[this.getFieldIndex('p', "dom" /* FieldIndex.Domain */)];
|
|
482
|
+
const child = this.getNameWithDomain(domain, policy[this.getFieldIndex('p', "sub" /* FieldIndex.Subject */)]);
|
|
483
|
+
const parent = this.getNameWithDomain(domain, policy[this.getFieldIndex('p', "obj" /* FieldIndex.Object */)]);
|
|
484
484
|
policyMap.set(child, parent);
|
|
485
485
|
if (!subjectHierarchyMap.has(child)) {
|
|
486
486
|
subjectHierarchyMap.set(child, 0);
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -3,6 +3,6 @@ export interface FileSystem {
|
|
|
3
3
|
readFileSync(path: string, encoding?: string): Buffer | string;
|
|
4
4
|
writeFileSync(path: string, text: string, encoding?: string): void;
|
|
5
5
|
}
|
|
6
|
-
export declare const setDefaultFileSystem: (fs?: FileSystem
|
|
6
|
+
export declare const setDefaultFileSystem: (fs?: FileSystem) => void;
|
|
7
7
|
export declare const getDefaultFileSystem: () => FileSystem | undefined;
|
|
8
8
|
export declare const mustGetDefaultFileSystem: () => FileSystem;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { RoleManager } from './roleManager';
|
|
2
|
-
export
|
|
2
|
+
export type MatchingFunc = (arg1: string, arg2: string) => boolean;
|
|
3
3
|
export declare class DefaultRoleManager implements RoleManager {
|
|
4
4
|
private allDomains;
|
|
5
5
|
private maxHierarchyLevel;
|
package/lib/esm/util/ip.d.ts
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import { Buffer } from 'buffer/';
|
|
2
2
|
export declare const ip: {
|
|
3
|
-
toBuffer: (ip: string, buff?: Buffer
|
|
4
|
-
toString: (buff: Buffer, offset?: number
|
|
3
|
+
toBuffer: (ip: string, buff?: Buffer, offset?: number) => Buffer;
|
|
4
|
+
toString: (buff: Buffer, offset?: number, length?: number) => string;
|
|
5
5
|
isV4Format: (ip: string) => boolean;
|
|
6
6
|
isV6Format: (ip: string) => boolean;
|
|
7
|
-
fromPrefixLen: (prefixlen: number, family?: string
|
|
7
|
+
fromPrefixLen: (prefixlen: number, family?: string) => string;
|
|
8
8
|
mask: (addr: string, mask: string) => string;
|
|
9
9
|
subnet: (addr: string, mask: string) => any;
|
|
10
10
|
cidrSubnet: (cidrString: string) => any;
|
package/lib/esm/util/util.d.ts
CHANGED
|
@@ -6,8 +6,8 @@ declare function arrayRemoveDuplicates(s: string[]): string[];
|
|
|
6
6
|
declare function arrayToString(a: string[]): string;
|
|
7
7
|
declare function paramsToString(...v: string[]): string;
|
|
8
8
|
declare function setEquals(a: string[], b: string[]): boolean;
|
|
9
|
-
declare function readFile(path: string, encoding?: string):
|
|
10
|
-
declare function writeFile(path: string, file: string, encoding?: string):
|
|
9
|
+
declare function readFile(path: string, encoding?: string): Promise<string>;
|
|
10
|
+
declare function writeFile(path: string, file: string, encoding?: string): Promise<void>;
|
|
11
11
|
declare function hasEval(s: string): boolean;
|
|
12
12
|
declare function replaceEval(s: string, ruleName: string, rule: string): string;
|
|
13
13
|
declare function getEvalValue(s: string): string[];
|
package/lib/esm/util/util.js
CHANGED
|
@@ -80,8 +80,8 @@ function readFile(path, encoding) {
|
|
|
80
80
|
const fs = mustGetDefaultFileSystem();
|
|
81
81
|
return new Promise((resolve, reject) => {
|
|
82
82
|
try {
|
|
83
|
-
fs.readFileSync(path, encoding || 'utf8');
|
|
84
|
-
resolve();
|
|
83
|
+
const content = fs.readFileSync(path, encoding || 'utf8');
|
|
84
|
+
resolve(content);
|
|
85
85
|
}
|
|
86
86
|
catch (e) {
|
|
87
87
|
reject(e);
|