From 8f099f56b22baad908321058496f064d6f6ea268 Mon Sep 17 00:00:00 2001 From: ljyofme <2477354249@qq.com> Date: Wed, 24 Apr 2024 22:10:47 +0800 Subject: [PATCH] feat: update the Multi-threaded feature parity with go version of Casbin --- casbin/enforcer_synced.cpp | 465 ++++++++++++++++++------------- include/casbin/enforcer_synced.h | 449 +++++++++++++++-------------- 2 files changed, 504 insertions(+), 410 deletions(-) diff --git a/casbin/enforcer_synced.cpp b/casbin/enforcer_synced.cpp index 44560353..6cdc74e6 100644 --- a/casbin/enforcer_synced.cpp +++ b/casbin/enforcer_synced.cpp @@ -1,18 +1,18 @@ /* - * Copyright 2020 The casbin Authors. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +* Copyright 2020 The casbin Authors. All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ #include "casbin/pch.h" @@ -26,67 +26,67 @@ #include "casbin/enforcer_synced.h" #include "casbin/persist/watcher.h" #include "casbin/util/ticker.h" - +#include "casbin/exprtk/exprtk.hpp" namespace casbin { /** - * Enforcer is the default constructor. - */ +* Enforcer is the default constructor. +*/ SyncedEnforcer ::SyncedEnforcer() - : autoLoadRunning(false) {} + : autoLoadRunning(false) {} /** - * Enforcer initializes an enforcer with a model file and a policy file. - * - * @param model_path the path of the model file. - * @param policyFile the path of the policy file. - */ +* Enforcer initializes an enforcer with a model file and a policy file. +* +* @param model_path the path of the model file. +* @param policyFile the path of the policy file. +*/ SyncedEnforcer ::SyncedEnforcer(const std::string& model_path, const std::string& policy_file) - : Enforcer(model_path, policy_file), autoLoadRunning(false) {} + : Enforcer(model_path, policy_file), autoLoadRunning(false) {} /** - * Enforcer initializes an enforcer with a database adapter. - * - * @param model_path the path of the model file. - * @param adapter the adapter. - */ +* Enforcer initializes an enforcer with a database adapter. +* +* @param model_path the path of the model file. +* @param adapter the adapter. +*/ SyncedEnforcer ::SyncedEnforcer(const std::string& model_path, std::shared_ptr adapter) - : Enforcer(model_path, adapter), autoLoadRunning(false) {} + : Enforcer(model_path, adapter), autoLoadRunning(false) {} /** - * Enforcer initializes an enforcer with a model and a database adapter. - * - * @param m the model. - * @param adapter the adapter. - */ +* Enforcer initializes an enforcer with a model and a database adapter. +* +* @param m the model. +* @param adapter the adapter. +*/ SyncedEnforcer ::SyncedEnforcer(const std::shared_ptr& m, std::shared_ptr adapter) - : Enforcer(m, adapter), autoLoadRunning(false) {} + : Enforcer(m, adapter), autoLoadRunning(false) {} /** - * Enforcer initializes an enforcer with a model. - * - * @param m the model. - */ +* Enforcer initializes an enforcer with a model. +* +* @param m the model. +*/ SyncedEnforcer ::SyncedEnforcer(const std::shared_ptr& m) - : Enforcer(m), autoLoadRunning(false) {} + : Enforcer(m), autoLoadRunning(false) {} /** - * Enforcer initializes an enforcer with a model file. - * - * @param model_path the path of the model file. - */ +* Enforcer initializes an enforcer with a model file. +* +* @param model_path the path of the model file. +*/ SyncedEnforcer ::SyncedEnforcer(const std::string& model_path) - : Enforcer(model_path), autoLoadRunning(false) {} + : Enforcer(model_path), autoLoadRunning(false) {} /** - * Enforcer initializes an enforcer with a model file, a policy file and an enable log flag. - * - * @param model_path the path of the model file. - * @param policyFile the path of the policy file. - * @param enableLog whether to enable Casbin's log. - */ +* Enforcer initializes an enforcer with a model file, a policy file and an enable log flag. +* +* @param model_path the path of the model file. +* @param policyFile the path of the policy file. +* @param enableLog whether to enable Casbin's log. +*/ SyncedEnforcer ::SyncedEnforcer(const std::string& model_path, const std::string& policy_file, bool enable_log) - : Enforcer(model_path, policy_file, enable_log), autoLoadRunning(false) {} + : Enforcer(model_path, policy_file, enable_log), autoLoadRunning(false) {} // SyncedEnforcer::SyncedEnforcer(const SyncedEnforcer& ce) // : Enforcer(ce), autoLoadRunning(ce.autoLoadRunning) @@ -97,69 +97,69 @@ SyncedEnforcer ::SyncedEnforcer(const std::string& model_path, const std::string // {} void SyncedEnforcer ::LoadPolicyWrapper() { - Enforcer::LoadPolicy(); - ++n; + Enforcer::LoadPolicy(); + ++n; } // StartAutoLoadPolicy starts a thread that will go through every specified duration call LoadPolicy void SyncedEnforcer ::StartAutoLoadPolicy(std::chrono::duration t) { - if (IsAutoLoadingRunning()) - return; - autoLoadRunning = true; - Ticker::on_tick_t onTick = [this]() { - SyncedEnforcer::LoadPolicy(); - ++n; - }; - ticker = std::make_unique(onTick, t); - n = 1; - ticker->start(); + if (IsAutoLoadingRunning()) + return; + autoLoadRunning = true; + Ticker::on_tick_t onTick = [this]() { + SyncedEnforcer::LoadPolicy(); + ++n; + }; + ticker = std::make_unique(onTick, t); + n = 1; + ticker->start(); } // IsAutoLoadingRunning check if SyncedEnforcer is auto loading policies bool SyncedEnforcer ::IsAutoLoadingRunning() { - return autoLoadRunning; + return autoLoadRunning; } // StopAutoLoadPolicy causes the thread to exit void SyncedEnforcer ::StopAutoLoadPolicy() { - ticker->stop(); - autoLoadRunning = false; + ticker->stop(); + autoLoadRunning = false; } std::string SyncedEnforcer ::UpdateWrapper() { - LoadPolicy(); - return ""; + LoadPolicy(); + return ""; } // SetWatcher sets the current watcher. void SyncedEnforcer ::SetWatcher(std::shared_ptr w) { - watcher = w; - return watcher->SetUpdateCallback(&SyncedEnforcer::UpdateWrapper); + watcher = w; + return watcher->SetUpdateCallback(&SyncedEnforcer::UpdateWrapper); } // LoadModel reloads the model from the model CONF file. void SyncedEnforcer ::LoadModel() { - std::unique_lock lock(policyMutex); - Enforcer::LoadModel(); + std::unique_lock lock(policyMutex); + Enforcer::LoadModel(); } // ClearPolicy clears all policy. void SyncedEnforcer ::ClearPolicy() { - std::unique_lock lock(policyMutex); - Enforcer::ClearPolicy(); + std::unique_lock lock(policyMutex); + Enforcer::ClearPolicy(); } // LoadPolicy reloads the policy from file/database. void SyncedEnforcer ::LoadPolicy() { - std::unique_lock lock(policyMutex); - Enforcer::LoadPolicy(); + std::unique_lock lock(policyMutex); + Enforcer::LoadPolicy(); } // LoadFilteredPolicy reloads a filtered policy from file/database. template void SyncedEnforcer ::LoadFilteredPolicy(Filter f) { - std::unique_lock lock(policyMutex); - Enforcer::LoadFilteredPolicy(f); + std::unique_lock lock(policyMutex); + Enforcer::LoadFilteredPolicy(f); } // LoadIncrementalFilteredPolicy reloads a filtered policy from file/database. @@ -170,348 +170,417 @@ void SyncedEnforcer ::LoadFilteredPolicy(Filter f) { // SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database. void SyncedEnforcer ::SavePolicy() { - std::unique_lock lock(policyMutex); - Enforcer::SavePolicy(); + std::unique_lock lock(policyMutex); + Enforcer::SavePolicy(); } // BuildRoleLinks manually rebuild the role inheritance relations. void SyncedEnforcer ::BuildRoleLinks() { - std::unique_lock lock(policyMutex); - Enforcer::BuildRoleLinks(); + std::unique_lock lock(policyMutex); + Enforcer::BuildRoleLinks(); } // Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). bool SyncedEnforcer ::Enforce(std::shared_ptr evalator) { - std::unique_lock lock(policyMutex); - return Enforcer::Enforce(evalator); + std::unique_lock lock(policyMutex); + return Enforcer::Enforce(evalator); } // Enforce with a vector param,decides whether a "subject" can access a // "object" with the operation "action", input parameters are usually: (sub, // obj, act). bool SyncedEnforcer::Enforce(const DataVector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::Enforce(params); + std::unique_lock lock(policyMutex); + return Enforcer::Enforce(params); } // Enforce with a vector param,decides whether a "subject" can access a // "object" with the operation "action", input parameters are usually: (sub, // obj, act). bool SyncedEnforcer ::Enforce(const DataList& params) { - std::unique_lock lock(policyMutex); - return Enforcer::Enforce(params); + std::unique_lock lock(policyMutex); + return Enforcer::Enforce(params); } // Enforce with a map param,decides whether a "subject" can access a "object" // with the operation "action", input parameters are usually: (sub, obj, act). bool SyncedEnforcer ::Enforce(const DataMap& params) { - std::unique_lock lock(policyMutex); - return Enforcer::Enforce(params); + std::unique_lock lock(policyMutex); + return Enforcer::Enforce(params); } // BatchEnforce enforce in batches std::vector SyncedEnforcer ::BatchEnforce(const std::initializer_list& requests) { - std::unique_lock lock(policyMutex); + std::unique_lock lock(policyMutex); - // note: why not return Enforcer::BatchEnforce(requests) ? - // Inside Enforcer::BatchEnforce, this->Enforce will be executed - // but now 'this' is SyncedEnforcer, which means it will call SyncedEnforcer::Enforce - // This will cause a deadlock + // note: why not return Enforcer::BatchEnforce(requests) ? + // Inside Enforcer::BatchEnforce, this->Enforce will be executed + // but now 'this' is SyncedEnforcer, which means it will call SyncedEnforcer::Enforce + // This will cause a deadlock - std::vector results; - results.reserve(requests.size()); - for (const auto& request : requests) { - results.push_back(Enforcer::Enforce(request)); - } - return results; + std::vector results; + results.reserve(requests.size()); + for (const auto& request : requests) { + results.push_back(Enforcer::Enforce(request)); + } + return results; } // BatchEnforceWithMatcher enforce with matcher in batches std::vector SyncedEnforcer::BatchEnforceWithMatcher(const std::string& matcher, const std::initializer_list& requests) { - std::unique_lock lock(policyMutex); - std::vector results; - results.reserve(requests.size()); - for (const auto& request : requests) { - results.push_back(Enforcer::EnforceWithMatcher(matcher, request)); - } - return results; + std::unique_lock lock(policyMutex); + std::vector results; + results.reserve(requests.size()); + for (const auto& request : requests) { + results.push_back(Enforcer::EnforceWithMatcher(matcher, request)); + } + return results; } // GetAllSubjects gets the list of subjects that show up in the current policy. std::vector SyncedEnforcer ::GetAllSubjects() { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllSubjects(); + std::shared_lock lock(policyMutex); + return Enforcer::GetAllSubjects(); } // GetAllNamedSubjects gets the list of subjects that show up in the current named policy. std::vector SyncedEnforcer ::GetAllNamedSubjects(const std::string& ptype) { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllNamedSubjects(ptype); + std::shared_lock lock(policyMutex); + return Enforcer::GetAllNamedSubjects(ptype); } // GetAllObjects gets the list of objects that show up in the current policy. std::vector SyncedEnforcer ::GetAllObjects() { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllObjects(); + std::shared_lock lock(policyMutex); + return Enforcer::GetAllObjects(); } // GetAllNamedObjects gets the list of objects that show up in the current named policy. std::vector SyncedEnforcer ::GetAllNamedObjects(const std::string& ptype) { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllNamedObjects(ptype); + std::shared_lock lock(policyMutex); + return Enforcer::GetAllNamedObjects(ptype); } // GetAllNamedActions gets the list of actions that show up in the current named policy. std::vector SyncedEnforcer ::GetAllNamedActions(const std::string& ptype) { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllNamedActions(ptype); + std::shared_lock lock(policyMutex); + return Enforcer::GetAllNamedActions(ptype); } // GetAllRoles gets the list of roles that show up in the current policy. std::vector SyncedEnforcer ::GetAllRoles() { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllRoles(); + std::shared_lock lock(policyMutex); + return Enforcer::GetAllRoles(); } // GetAllNamedRoles gets the list of roles that show up in the current named policy. std::vector SyncedEnforcer ::GetAllNamedRoles(const std::string& ptype) { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllNamedRoles(ptype); + std::shared_lock lock(policyMutex); + return Enforcer::GetAllNamedRoles(ptype); } // GetPolicy gets all the authorization rules in the policy. PoliciesValues SyncedEnforcer ::GetPolicy() { - std::shared_lock lock(policyMutex); - return Enforcer::GetPolicy(); + std::shared_lock lock(policyMutex); + return Enforcer::GetPolicy(); } // GetNamedPolicy gets all the authorization rules in the name:x::d policy. PoliciesValues SyncedEnforcer ::GetNamedPolicy(const std::string& ptype) { - std::shared_lock lock(policyMutex); - return Enforcer::GetNamedPolicy(ptype); + std::shared_lock lock(policyMutex); + return Enforcer::GetNamedPolicy(ptype); } // GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified. PoliciesValues SyncedEnforcer ::GetFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) { - std::shared_lock lock(policyMutex); - return Enforcer::GetFilteredNamedPolicy(ptype, fieldIndex, fieldValues); + std::shared_lock lock(policyMutex); + return Enforcer::GetFilteredNamedPolicy(ptype, fieldIndex, fieldValues); } // GetGroupingPolicy gets all the role inheritance rules in the policy. PoliciesValues SyncedEnforcer ::GetGroupingPolicy() { - std::shared_lock lock(policyMutex); - return Enforcer::GetGroupingPolicy(); + std::shared_lock lock(policyMutex); + return Enforcer::GetGroupingPolicy(); } // GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. PoliciesValues SyncedEnforcer ::GetFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) { - std::shared_lock lock(policyMutex); - return Enforcer::GetFilteredGroupingPolicy(fieldIndex, fieldValues); + std::shared_lock lock(policyMutex); + return Enforcer::GetFilteredGroupingPolicy(fieldIndex, fieldValues); } // GetNamedGroupingPolicy gets all the role inheritance rules in the policy. PoliciesValues SyncedEnforcer ::GetNamedGroupingPolicy(const std::string& ptype) { - std::shared_lock lock(policyMutex); - return Enforcer::GetNamedGroupingPolicy(ptype); + std::shared_lock lock(policyMutex); + return Enforcer::GetNamedGroupingPolicy(ptype); } // GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. PoliciesValues SyncedEnforcer ::GetFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) { - std::shared_lock lock(policyMutex); - return Enforcer::GetFilteredNamedGroupingPolicy(ptype, fieldIndex, fieldValues); + std::shared_lock lock(policyMutex); + return Enforcer::GetFilteredNamedGroupingPolicy(ptype, fieldIndex, fieldValues); } // HasPolicy determines whether an authorization rule exists. bool SyncedEnforcer ::HasPolicy(const std::vector& params) { - std::shared_lock lock(policyMutex); - return Enforcer::HasPolicy(params); + std::shared_lock lock(policyMutex); + return Enforcer::HasPolicy(params); } // HasNamedPolicy determines whether a named authorization rule exists. bool SyncedEnforcer ::HasNamedPolicy(const std::string& ptype, const std::vector& params) { - std::shared_lock lock(policyMutex); - return Enforcer::HasNamedPolicy(ptype, params); + std::shared_lock lock(policyMutex); + return Enforcer::HasNamedPolicy(ptype, params); } // AddPolicy adds an authorization rule to the current policy. // If the rule already exists, the function returns false and the rule will not be added. // Otherwise the function returns true by adding the new rule. bool SyncedEnforcer ::AddPolicy(const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::AddPolicy(params); + std::unique_lock lock(policyMutex); + return Enforcer::AddPolicy(params); } // AddPolicies adds authorization rules to the current policy. // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. // Otherwise the function returns true for the corresponding rule by adding the new rule. bool SyncedEnforcer ::AddPolicies(const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::AddPolicies(rules); + std::unique_lock lock(policyMutex); + return Enforcer::AddPolicies(rules); } // AddNamedPolicy adds an authorization rule to the current named policy. // If the rule already exists, the function returns false and the rule will not be added. // Otherwise the function returns true by adding the new rule. bool SyncedEnforcer ::AddNamedPolicy(const std::string& ptype, const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::AddNamedPolicy(ptype, params); + std::unique_lock lock(policyMutex); + return Enforcer::AddNamedPolicy(ptype, params); } // AddNamedPolicies adds authorization rules to the current named policy. // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. // Otherwise the function returns true for the corresponding by adding the new rule. bool SyncedEnforcer ::AddNamedPolicies(const std::string& ptype, const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::AddNamedPolicies(ptype, rules); + std::unique_lock lock(policyMutex); + return Enforcer::AddNamedPolicies(ptype, rules); } // RemovePolicy removes an authorization rule from the current policy. bool SyncedEnforcer ::RemovePolicy(const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::RemovePolicy(params); + std::unique_lock lock(policyMutex); + return Enforcer::RemovePolicy(params); } // UpdatePolicy updates an authorization rule from the current policy. bool SyncedEnforcer ::UpdatePolicy(const std::vector& oldPolicy, const std::vector& newPolicy) { - std::unique_lock lock(policyMutex); - return Enforcer::UpdatePolicy(oldPolicy, newPolicy); + std::unique_lock lock(policyMutex); + return Enforcer::UpdatePolicy(oldPolicy, newPolicy); } bool SyncedEnforcer ::UpdateNamedPolicy(const std::string& ptype, const std::vector& p1, const std::vector& p2) { - std::unique_lock lock(policyMutex); - return Enforcer::UpdateNamedPolicy(ptype, p1, p2); + std::unique_lock lock(policyMutex); + return Enforcer::UpdateNamedPolicy(ptype, p1, p2); } // UpdatePolicies updates authorization rules from the current policies. bool SyncedEnforcer ::UpdatePolicies(const PoliciesValues& oldPolices, const PoliciesValues& newPolicies) { - std::unique_lock lock(policyMutex); - return Enforcer::UpdatePolicies(oldPolices, newPolicies); + std::unique_lock lock(policyMutex); + return Enforcer::UpdatePolicies(oldPolices, newPolicies); } bool SyncedEnforcer ::UpdateNamedPolicies(const std::string& ptype, const PoliciesValues& p1, const PoliciesValues& p2) { - std::unique_lock lock(policyMutex); - return Enforcer::UpdateNamedPolicies(ptype, p1, p2); + std::unique_lock lock(policyMutex); + return Enforcer::UpdateNamedPolicies(ptype, p1, p2); } // RemovePolicies removes authorization rules from the current policy. bool SyncedEnforcer ::RemovePolicies(const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::RemovePolicies(rules); + std::unique_lock lock(policyMutex); + return Enforcer::RemovePolicies(rules); } // RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. bool SyncedEnforcer ::RemoveFilteredPolicy(int fieldIndex, const std::vector& fieldValues) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveFilteredPolicy(fieldIndex, fieldValues); + std::unique_lock lock(policyMutex); + return Enforcer::RemoveFilteredPolicy(fieldIndex, fieldValues); } // RemoveNamedPolicy removes an authorization rule from the current named policy. bool SyncedEnforcer ::RemoveNamedPolicy(const std::string& ptype, const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveNamedPolicy(ptype, params); + std::unique_lock lock(policyMutex); + return Enforcer::RemoveNamedPolicy(ptype, params); } // RemoveNamedPolicies removes authorization rules from the current named policy. bool SyncedEnforcer ::RemoveNamedPolicies(const std::string& ptype, const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveNamedPolicies(ptype, rules); + std::unique_lock lock(policyMutex); + return Enforcer::RemoveNamedPolicies(ptype, rules); } // RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified. bool SyncedEnforcer ::RemoveFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveFilteredNamedPolicy(ptype, fieldIndex, fieldValues); + std::unique_lock lock(policyMutex); + return Enforcer::RemoveFilteredNamedPolicy(ptype, fieldIndex, fieldValues); } // HasGroupingPolicy determines whether a role inheritance rule exists. bool SyncedEnforcer ::HasGroupingPolicy(const std::vector& params) { - std::shared_lock lock(policyMutex); - return Enforcer::HasGroupingPolicy(params); + std::shared_lock lock(policyMutex); + return Enforcer::HasGroupingPolicy(params); } // HasNamedGroupingPolicy determines whether a named role inheritance rule exists. bool SyncedEnforcer ::HasNamedGroupingPolicy(const std::string& ptype, const std::vector& params) { - std::shared_lock lock(policyMutex); - return Enforcer::HasNamedGroupingPolicy(ptype, params); + std::shared_lock lock(policyMutex); + return Enforcer::HasNamedGroupingPolicy(ptype, params); } // AddGroupingPolicy adds a role inheritance rule to the current policy. // If the rule already exists, the function returns false and the rule will not be added. // Otherwise the function returns true by adding the new rule. bool SyncedEnforcer ::AddGroupingPolicy(const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::AddGroupingPolicy(params); + std::unique_lock lock(policyMutex); + return Enforcer::AddGroupingPolicy(params); } // AddGroupingPolicies adds role inheritance rulea to the current policy. // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. // Otherwise the function returns true for the corresponding policy rule by adding the new rule. bool SyncedEnforcer ::AddGroupingPolicies(const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::AddGroupingPolicies(rules); + std::unique_lock lock(policyMutex); + return Enforcer::AddGroupingPolicies(rules); } // AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. // If the rule already exists, the function returns false and the rule will not be added. // Otherwise the function returns true by adding the new rule. bool SyncedEnforcer ::AddNamedGroupingPolicy(const std::string& ptype, const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::AddNamedGroupingPolicy(ptype, params); + std::unique_lock lock(policyMutex); + return Enforcer::AddNamedGroupingPolicy(ptype, params); } // AddNamedGroupingPolicies adds named role inheritance rules to the current policy. // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. // Otherwise the function returns true for the corresponding policy rule by adding the new rule. bool SyncedEnforcer ::AddNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::AddNamedGroupingPolicies(ptype, rules); + std::unique_lock lock(policyMutex); + return Enforcer::AddNamedGroupingPolicies(ptype, rules); } // RemoveGroupingPolicy removes a role inheritance rule from the current policy. bool SyncedEnforcer ::RemoveGroupingPolicy(const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveGroupingPolicy(params); + std::unique_lock lock(policyMutex); + return Enforcer::RemoveGroupingPolicy(params); } // RemoveGroupingPolicies removes role inheritance rules from the current policy. bool SyncedEnforcer ::RemoveGroupingPolicies(const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveGroupingPolicies(rules); + std::unique_lock lock(policyMutex); + return Enforcer::RemoveGroupingPolicies(rules); } // RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified. bool SyncedEnforcer ::RemoveFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveFilteredGroupingPolicy(fieldIndex, fieldValues); + std::unique_lock lock(policyMutex); + return Enforcer::RemoveFilteredGroupingPolicy(fieldIndex, fieldValues); } // RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy. bool SyncedEnforcer ::RemoveNamedGroupingPolicy(const std::string& ptype, const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveNamedGroupingPolicy(ptype, params); + std::unique_lock lock(policyMutex); + return Enforcer::RemoveNamedGroupingPolicy(ptype, params); } // RemoveNamedGroupingPolicies removes role inheritance rules from the current named policy. bool SyncedEnforcer ::RemoveNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveNamedGroupingPolicies(ptype, rules); + std::unique_lock lock(policyMutex); + return Enforcer::RemoveNamedGroupingPolicies(ptype, rules); } bool SyncedEnforcer ::UpdateGroupingPolicy(const std::vector& oldRule, const std::vector& newRule) { - std::unique_lock lock(policyMutex); - return Enforcer::UpdateGroupingPolicy(oldRule, newRule); + std::unique_lock lock(policyMutex); + return Enforcer::UpdateGroupingPolicy(oldRule, newRule); } bool SyncedEnforcer ::UpdateNamedGroupingPolicy(const std::string& ptype, const std::vector& oldRule, const std::vector& newRule) { - std::unique_lock lock(policyMutex); - return Enforcer::UpdateNamedGroupingPolicy(ptype, oldRule, newRule); + std::unique_lock lock(policyMutex); + return Enforcer::UpdateNamedGroupingPolicy(ptype, oldRule, newRule); } // RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified. bool SyncedEnforcer ::RemoveFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveFilteredNamedGroupingPolicy(ptype, fieldIndex, fieldValues); + std::unique_lock lock(policyMutex); + return Enforcer::RemoveFilteredNamedGroupingPolicy(ptype, fieldIndex, fieldValues); +} + +// GetAllActions gets the list of actions that show up in the current policy. +std::vector SyncedEnforcer::GetAllActions() { + std::unique_lock lock(policyMutex); + return Enforcer::GetAllActions(); +} +// GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified. +PoliciesValues SyncedEnforcer::GetFilteredPolicy(int fieldIndex, std::vector fieldValues) { + std::unique_lock lock(policyMutex); + return Enforcer::GetFilteredPolicy(fieldIndex, fieldValues); +} +// EnforceExWithMatcher use a custom matcher and explain enforcement by informing matched rules. +bool SyncedEnforcer::EnforceExWithMatcher(const std::string& matcher, std::shared_ptr evalator, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceExWithMatcher(matcher, evalator, explain); +} +bool SyncedEnforcer::EnforceExWithMatcher(const std::string& matcher, const DataList& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceExWithMatcher(matcher, params, explain); +} +bool SyncedEnforcer::EnforceExWithMatcher(const std::string& matcher, const DataVector& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceExWithMatcher(matcher, params, explain); +} +bool SyncedEnforcer::EnforceExWithMatcher(const std::string& matcher, const DataMap& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceExWithMatcher(matcher, params, explain); +} +// EnforceEx explain enforcement by informing matched rules. +bool SyncedEnforcer::EnforceEx(std::shared_ptr evalator, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceEx(evalator, explain); +} +bool SyncedEnforcer::EnforceEx(const DataList& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceEx(params, explain); } +bool SyncedEnforcer::EnforceEx(const DataVector& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceEx(params, explain); +} +bool SyncedEnforcer::EnforceEx(const DataMap& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceEx(params, explain); +} +// EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "". +bool SyncedEnforcer::EnforceWithMatcher(const std::string& matcher, std::shared_ptr evalator) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceWithMatcher(matcher, evalator); +} +bool SyncedEnforcer::EnforceWithMatcher(const std::string& matcher, const DataList& params) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceWithMatcher(matcher, params); +} +bool SyncedEnforcer::EnforceWithMatcher(const std::string& matcher, const DataVector& params) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceWithMatcher(matcher, params); +} +bool SyncedEnforcer::EnforceWithMatcher(const std::string& matcher, const DataMap& params) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceWithMatcher(matcher, params); +} + +// BuildRoleLinks manually rebuild the role inheritance relations. +void SyncedEnforcer::BuildRoleLinks() { + std::lock_guard lock(policyMutex); + Enforcer::BuildRoleLinks(); +} + } // namespace casbin diff --git a/include/casbin/enforcer_synced.h b/include/casbin/enforcer_synced.h index 45103c5f..244e2b95 100644 --- a/include/casbin/enforcer_synced.h +++ b/include/casbin/enforcer_synced.h @@ -1,18 +1,18 @@ /* - * Copyright 2020 The casbin Authors. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +* Copyright 2020 The casbin Authors. All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ #ifndef CASBIN_H_ENFORCER_SYNC #define CASBIN_H_ENFORCER_SYNC @@ -29,271 +29,296 @@ namespace casbin { class SyncedEnforcer : public Enforcer { - std::shared_mutex policyMutex; - std::atomic_bool autoLoadRunning; - std::atomic_int n; - std::shared_ptr watcher; - std::unique_ptr ticker; + std::shared_mutex policyMutex; + std::atomic_bool autoLoadRunning; + std::atomic_int n; + std::shared_ptr watcher; + std::unique_ptr ticker; public: - /** - * Enforcer is the default constructor. - */ - SyncedEnforcer(); - - /** - * Enforcer initializes an enforcer with a model file and a policy file. - * - * @param model_path the path of the model file. - * @param policy_file the path of the policy file. - */ - SyncedEnforcer(const std::string& model_path, const std::string& policy_file); - - /** - * Enforcer initializes an enforcer with a database adapter. - * - * @param model_path the path of the model file. - * @param adapter the adapter. - */ - SyncedEnforcer(const std::string& model_path, std::shared_ptr adapter); - - /** - * Enforcer initializes an enforcer with a model and a database adapter. - * - * @param m the model. - * @param adapter the adapter. - */ - SyncedEnforcer(const std::shared_ptr& m, std::shared_ptr adapter); - - /** - * Enforcer initializes an enforcer with a model. - * - * @param m the model. - */ - SyncedEnforcer(const std::shared_ptr& m); - - /** - * Enforcer initializes an enforcer with a model file. - * - * @param model_path the path of the model file. - */ - SyncedEnforcer(const std::string& model_path); + /** + * Enforcer is the default constructor. + */ + SyncedEnforcer(); + + /** + * Enforcer initializes an enforcer with a model file and a policy file. + * + * @param model_path the path of the model file. + * @param policy_file the path of the policy file. + */ + SyncedEnforcer(const std::string& model_path, const std::string& policy_file); + + /** + * Enforcer initializes an enforcer with a database adapter. + * + * @param model_path the path of the model file. + * @param adapter the adapter. + */ + SyncedEnforcer(const std::string& model_path, std::shared_ptr adapter); + + /** + * Enforcer initializes an enforcer with a model and a database adapter. + * + * @param m the model. + * @param adapter the adapter. + */ + SyncedEnforcer(const std::shared_ptr& m, std::shared_ptr adapter); + + /** + * Enforcer initializes an enforcer with a model. + * + * @param m the model. + */ + SyncedEnforcer(const std::shared_ptr& m); + + /** + * Enforcer initializes an enforcer with a model file. + * + * @param model_path the path of the model file. + */ + SyncedEnforcer(const std::string& model_path); - /** - * Enforcer initializes an enforcer with a model file, a policy file and an enable log flag. - * - * @param model_path the path of the model file. - * @param policy_file the path of the policy file. - * @param enable_log whether to enable Casbin's log. - */ - SyncedEnforcer(const std::string& model_path, const std::string& policy_file, bool enable_log); + /** + * Enforcer initializes an enforcer with a model file, a policy file and an enable log flag. + * + * @param model_path the path of the model file. + * @param policy_file the path of the policy file. + * @param enable_log whether to enable Casbin's log. + */ + SyncedEnforcer(const std::string& model_path, const std::string& policy_file, bool enable_log); - // StartAutoLoadPolicy starts a thread that will go through every specified duration call LoadPolicy - void StartAutoLoadPolicy(std::chrono::duration t); + // StartAutoLoadPolicy starts a thread that will go through every specified duration call LoadPolicy + void StartAutoLoadPolicy(std::chrono::duration t); - // IsAutoLoadingRunning check if SyncedEnforcer is auto loading policies - bool IsAutoLoadingRunning(); + // IsAutoLoadingRunning check if SyncedEnforcer is auto loading policies + bool IsAutoLoadingRunning(); - // StopAutoLoadPolicy causes the thread to exit - void StopAutoLoadPolicy(); + // StopAutoLoadPolicy causes the thread to exit + void StopAutoLoadPolicy(); - std::string UpdateWrapper(); + std::string UpdateWrapper(); - // SetWatcher sets the current watcher. - void SetWatcher(std::shared_ptr w) override; + // SetWatcher sets the current watcher. + void SetWatcher(std::shared_ptr w) override; - // LoadModel reloads the model from the model CONF file. - void LoadModel() override; + // LoadModel reloads the model from the model CONF file. + void LoadModel() override; - // ClearPolicy clears all policy. - void ClearPolicy() override; + // ClearPolicy clears all policy. + void ClearPolicy() override; - // LoadPolicy reloads the policy from file/database. - void LoadPolicy() override; + // LoadPolicy reloads the policy from file/database. + void LoadPolicy() override; - void LoadPolicyWrapper(); + void LoadPolicyWrapper(); - // LoadFilteredPolicy reloads a filtered policy from file/database. - template - void LoadFilteredPolicy(Filter); + // LoadFilteredPolicy reloads a filtered policy from file/database. + template + void LoadFilteredPolicy(Filter); - // LoadIncrementalFilteredPolicy reloads a filtered policy from file/database. - void LoadIncrementalFilteredPolicy(Filter); + // LoadIncrementalFilteredPolicy reloads a filtered policy from file/database. + void LoadIncrementalFilteredPolicy(Filter); - // SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database. - void SavePolicy() override; + // SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database. + void SavePolicy() override; - // BuildRoleLinks manually rebuild the role inheritance relations. - void BuildRoleLinks() override; + // BuildRoleLinks manually rebuild the role inheritance relations. + void BuildRoleLinks() override; - // Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). - bool Enforce(std::shared_ptr) override; + // Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). + bool Enforce(std::shared_ptr) override; - // Enforce with a vector param,decides whether a "subject" can access a - // "object" with the operation "action", input parameters are usually: (sub, - // obj, act). - bool Enforce(const DataVector& params) override; + // Enforce with a vector param,decides whether a "subject" can access a + // "object" with the operation "action", input parameters are usually: (sub, + // obj, act). + bool Enforce(const DataVector& params) override; - // Enforce with a vector param,decides whether a "subject" can access a - // "object" with the operation "action", input parameters are usually: (sub, - // obj, act). - bool Enforce(const DataList& params) override; + // Enforce with a vector param,decides whether a "subject" can access a + // "object" with the operation "action", input parameters are usually: (sub, + // obj, act). + bool Enforce(const DataList& params) override; - // Enforce with a map param,decides whether a "subject" can access a "object" - // with the operation "action", input parameters are usually: (sub, obj, act). - bool Enforce(const DataMap& params) override; + // Enforce with a map param,decides whether a "subject" can access a "object" + // with the operation "action", input parameters are usually: (sub, obj, act). + bool Enforce(const DataMap& params) override; - // BatchEnforce enforce in batches - std::vector BatchEnforce(const std::initializer_list& requests) override; + // BatchEnforce enforce in batches + std::vector BatchEnforce(const std::initializer_list& requests) override; - // BatchEnforceWithMatcher enforce with matcher in batches - std::vector BatchEnforceWithMatcher(const std::string& matcher, const std::initializer_list& requests) override; + // BatchEnforceWithMatcher enforce with matcher in batches + std::vector BatchEnforceWithMatcher(const std::string& matcher, const std::initializer_list& requests) override; - // GetAllSubjects gets the list of subjects that show up in the current policy. - std::vector GetAllSubjects() override; + // GetAllSubjects gets the list of subjects that show up in the current policy. + std::vector GetAllSubjects() override; - // GetAllNamedSubjects gets the list of subjects that show up in the current named policy. - std::vector GetAllNamedSubjects(const std::string& ptype) override; + // GetAllNamedSubjects gets the list of subjects that show up in the current named policy. + std::vector GetAllNamedSubjects(const std::string& ptype) override; - // GetAllObjects gets the list of objects that show up in the current policy. - std::vector GetAllObjects() override; + // GetAllObjects gets the list of objects that show up in the current policy. + std::vector GetAllObjects() override; - // GetAllNamedObjects gets the list of objects that show up in the current named policy. - std::vector GetAllNamedObjects(const std::string& ptype) override; + // GetAllNamedObjects gets the list of objects that show up in the current named policy. + std::vector GetAllNamedObjects(const std::string& ptype) override; - // GetAllNamedActions gets the list of actions that show up in the current named policy. - std::vector GetAllNamedActions(const std::string& ptype) override; + // GetAllNamedActions gets the list of actions that show up in the current named policy. + std::vector GetAllNamedActions(const std::string& ptype) override; - // GetAllRoles gets the list of roles that show up in the current policy. - std::vector GetAllRoles() override; + // GetAllRoles gets the list of roles that show up in the current policy. + std::vector GetAllRoles() override; - // GetAllNamedRoles gets the list of roles that show up in the current named policy. - std::vector GetAllNamedRoles(const std::string& ptype) override; + // GetAllNamedRoles gets the list of roles that show up in the current named policy. + std::vector GetAllNamedRoles(const std::string& ptype) override; - // GetPolicy gets all the authorization rules in the policy. - PoliciesValues GetPolicy() override; + // GetPolicy gets all the authorization rules in the policy. + PoliciesValues GetPolicy() override; - // GetNamedPolicy gets all the authorization rules in the named policy. - PoliciesValues GetNamedPolicy(const std::string& ptype) override; + // GetNamedPolicy gets all the authorization rules in the named policy. + PoliciesValues GetNamedPolicy(const std::string& ptype) override; - // GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified. - PoliciesValues GetFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; + // GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified. + PoliciesValues GetFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; - // GetGroupingPolicy gets all the role inheritance rules in the policy. - PoliciesValues GetGroupingPolicy() override; + // GetGroupingPolicy gets all the role inheritance rules in the policy. + PoliciesValues GetGroupingPolicy() override; - // GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. - PoliciesValues GetFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) override; + // GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. + PoliciesValues GetFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) override; - // GetNamedGroupingPolicy gets all the role inheritance rules in the policy. - PoliciesValues GetNamedGroupingPolicy(const std::string& ptype) override; + // GetNamedGroupingPolicy gets all the role inheritance rules in the policy. + PoliciesValues GetNamedGroupingPolicy(const std::string& ptype) override; - // GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. - PoliciesValues GetFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; + // GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. + PoliciesValues GetFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; - // HasPolicy determines whether an authorization rule exists. - bool HasPolicy(const std::vector& params) override; + // HasPolicy determines whether an authorization rule exists. + bool HasPolicy(const std::vector& params) override; - // HasNamedPolicy determines whether a named authorization rule exists. - bool HasNamedPolicy(const std::string& ptype, const std::vector& params) override; + // HasNamedPolicy determines whether a named authorization rule exists. + bool HasNamedPolicy(const std::string& ptype, const std::vector& params) override; - // AddPolicy adds an authorization rule to the current policy. - // If the rule already exists, the function returns false and the rule will not be added. - // Otherwise the function returns true by adding the new rule. - bool AddPolicy(const std::vector& params) override; + // AddPolicy adds an authorization rule to the current policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool AddPolicy(const std::vector& params) override; - // AddPolicies adds authorization rules to the current policy. - // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. - // Otherwise the function returns true for the corresponding rule by adding the new rule. - bool AddPolicies(const PoliciesValues& rules) override; + // AddPolicies adds authorization rules to the current policy. + // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. + // Otherwise the function returns true for the corresponding rule by adding the new rule. + bool AddPolicies(const PoliciesValues& rules) override; - // AddNamedPolicy adds an authorization rule to the current named policy. - // If the rule already exists, the function returns false and the rule will not be added. - // Otherwise the function returns true by adding the new rule. - bool AddNamedPolicy(const std::string& ptype, const std::vector& params) override; + // AddNamedPolicy adds an authorization rule to the current named policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool AddNamedPolicy(const std::string& ptype, const std::vector& params) override; - // AddNamedPolicies adds authorization rules to the current named policy. - // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. - // Otherwise the function returns true for the corresponding by adding the new rule. - bool AddNamedPolicies(const std::string& ptype, const PoliciesValues& rules) override; + // AddNamedPolicies adds authorization rules to the current named policy. + // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. + // Otherwise the function returns true for the corresponding by adding the new rule. + bool AddNamedPolicies(const std::string& ptype, const PoliciesValues& rules) override; - // RemovePolicy removes an authorization rule from the current policy. - bool RemovePolicy(const std::vector& params) override; + // RemovePolicy removes an authorization rule from the current policy. + bool RemovePolicy(const std::vector& params) override; - // UpdatePolicy updates an authorization rule from the current policy. - bool UpdatePolicy(const std::vector& oldPolicy, const std::vector& newPolicy) override; + // UpdatePolicy updates an authorization rule from the current policy. + bool UpdatePolicy(const std::vector& oldPolicy, const std::vector& newPolicy) override; - bool UpdateNamedPolicy(const std::string& ptype, const std::vector& p1, const std::vector& p2) override; + bool UpdateNamedPolicy(const std::string& ptype, const std::vector& p1, const std::vector& p2) override; - // UpdatePolicies updates authorization rules from the current policies. - bool UpdatePolicies(const PoliciesValues& oldPolices, const PoliciesValues& newPolicies) override; + // UpdatePolicies updates authorization rules from the current policies. + bool UpdatePolicies(const PoliciesValues& oldPolices, const PoliciesValues& newPolicies) override; - bool UpdateNamedPolicies(const std::string& ptype, const PoliciesValues& p1, const PoliciesValues& p2) override; + bool UpdateNamedPolicies(const std::string& ptype, const PoliciesValues& p1, const PoliciesValues& p2) override; - // RemovePolicies removes authorization rules from the current policy. - bool RemovePolicies(const PoliciesValues& rules) override; + // RemovePolicies removes authorization rules from the current policy. + bool RemovePolicies(const PoliciesValues& rules) override; - // RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. - bool RemoveFilteredPolicy(int fieldIndex, const std::vector& fieldValues) override; + // RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. + bool RemoveFilteredPolicy(int fieldIndex, const std::vector& fieldValues) override; - // RemoveNamedPolicy removes an authorization rule from the current named policy. - bool RemoveNamedPolicy(const std::string& ptype, const std::vector& params) override; + // RemoveNamedPolicy removes an authorization rule from the current named policy. + bool RemoveNamedPolicy(const std::string& ptype, const std::vector& params) override; - // RemoveNamedPolicies removes authorization rules from the current named policy. - bool RemoveNamedPolicies(const std::string& ptype, const PoliciesValues& rules) override; + // RemoveNamedPolicies removes authorization rules from the current named policy. + bool RemoveNamedPolicies(const std::string& ptype, const PoliciesValues& rules) override; - // RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified. - bool RemoveFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; + // RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified. + bool RemoveFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; - // HasGroupingPolicy determines whether a role inheritance rule exists. - bool HasGroupingPolicy(const std::vector& params) override; + // HasGroupingPolicy determines whether a role inheritance rule exists. + bool HasGroupingPolicy(const std::vector& params) override; - // HasNamedGroupingPolicy determines whether a named role inheritance rule exists. - bool HasNamedGroupingPolicy(const std::string& ptype, const std::vector& params) override; + // HasNamedGroupingPolicy determines whether a named role inheritance rule exists. + bool HasNamedGroupingPolicy(const std::string& ptype, const std::vector& params) override; - // AddGroupingPolicy adds a role inheritance rule to the current policy. - // If the rule already exists, the function returns false and the rule will not be added. - // Otherwise the function returns true by adding the new rule. - bool AddGroupingPolicy(const std::vector& params) override; + // AddGroupingPolicy adds a role inheritance rule to the current policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool AddGroupingPolicy(const std::vector& params) override; - // AddGroupingPolicies adds role inheritance rulea to the current policy. - // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. - // Otherwise the function returns true for the corresponding policy rule by adding the new rule. - bool AddGroupingPolicies(const PoliciesValues& rules) override; + // AddGroupingPolicies adds role inheritance rulea to the current policy. + // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. + // Otherwise the function returns true for the corresponding policy rule by adding the new rule. + bool AddGroupingPolicies(const PoliciesValues& rules) override; - // AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. - // If the rule already exists, the function returns false and the rule will not be added. - // Otherwise the function returns true by adding the new rule. - bool AddNamedGroupingPolicy(const std::string& ptype, const std::vector& params) override; + // AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool AddNamedGroupingPolicy(const std::string& ptype, const std::vector& params) override; - // AddNamedGroupingPolicies adds named role inheritance rules to the current policy. - // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. - // Otherwise the function returns true for the corresponding policy rule by adding the new rule. - bool AddNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) override; + // AddNamedGroupingPolicies adds named role inheritance rules to the current policy. + // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. + // Otherwise the function returns true for the corresponding policy rule by adding the new rule. + bool AddNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) override; - // RemoveGroupingPolicy removes a role inheritance rule from the current policy. - bool RemoveGroupingPolicy(const std::vector& params) override; + // RemoveGroupingPolicy removes a role inheritance rule from the current policy. + bool RemoveGroupingPolicy(const std::vector& params) override; - // RemoveGroupingPolicies removes role inheritance rules from the current policy. - bool RemoveGroupingPolicies(const PoliciesValues& rules) override; + // RemoveGroupingPolicies removes role inheritance rules from the current policy. + bool RemoveGroupingPolicies(const PoliciesValues& rules) override; - // RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified. - bool RemoveFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) override; + // RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified. + bool RemoveFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) override; - // RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy. - bool RemoveNamedGroupingPolicy(const std::string& ptype, const std::vector& params) override; + // RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy. + bool RemoveNamedGroupingPolicy(const std::string& ptype, const std::vector& params) override; - // RemoveNamedGroupingPolicies removes role inheritance rules from the current named policy. - bool RemoveNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) override; + // RemoveNamedGroupingPolicies removes role inheritance rules from the current named policy. + bool RemoveNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) override; - bool UpdateGroupingPolicy(const std::vector& oldRule, const std::vector& newRule) override; + bool UpdateGroupingPolicy(const std::vector& oldRule, const std::vector& newRule) override; - bool UpdateNamedGroupingPolicy(const std::string& ptype, const std::vector& oldRule, const std::vector& newRule) override; + bool UpdateNamedGroupingPolicy(const std::string& ptype, const std::vector& oldRule, const std::vector& newRule) override; + + // RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified. + bool RemoveFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; + + //new + // GetAllActions gets the list of actions that show up in the current policy. + std::vector GetAllActions(); + // GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified. + PoliciesValues GetFilteredPolicy(int fieldIndex, std::vector fieldValues); + + // EnforceExWithMatcher use a custom matcher and explain enforcement by informing matched rules. + bool EnforceExWithMatcher(const std::string& matcher, std::shared_ptr evalator, std::vector& explain); + bool EnforceExWithMatcher(const std::string& matcher, const DataList& params, std::vector& explain); + bool EnforceExWithMatcher(const std::string& matcher, const DataVector& params, std::vector& explain); + bool EnforceExWithMatcher(const std::string& matcher, const DataMap& params, std::vector& explain); + + // EnforceEx explain enforcement by informing matched rules. + bool EnforceEx(std::shared_ptr evalator, std::vector& explain); + bool EnforceEx(const DataList& params, std::vector& explain); + bool EnforceEx(const DataVector& params, std::vector& explain); + bool EnforceEx(const DataMap& params, std::vector& explain); + + // EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "". + bool EnforceWithMatcher(const std::string& matcher, std::shared_ptr evalator); + bool EnforceWithMatcher(const std::string& matcher, const DataList& params); + bool EnforceWithMatcher(const std::string& matcher, const DataVector& params); + bool EnforceWithMatcher(const std::string& matcher, const DataMap& params); - // RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified. - bool RemoveFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; }; } // namespace casbin -#endif +#endif \ No newline at end of file