Skip to content

Commit

Permalink
Merge pull request #53 from divy9881/fix_iteration
Browse files Browse the repository at this point in the history 
feat: add basic model enforcer tests and fix enforcer for expression evaluation.
  • Loading branch information
@hsluoyz
hsluoyz authored Jul 1, 2020
2 parents cbd2038 + dd50662 commit 8f4c866
Show file tree
Hide file tree
Showing 41 changed files with 1,370 additions and 357 deletions.
6 changes: 3 additions & 3 deletions casbin/casbin.vcxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@
<ClCompile Include="persist\default_watcher_ex.cpp" />
<ClCompile Include="persist\file_adapter\batch_file_adapter.cpp" />
<ClCompile Include="persist\file_adapter\file_adapter.cpp" />
<ClCompile Include="persist\file_adapter\filtered_adapter.cpp" />
<ClCompile Include="persist\file_adapter\filtered_file_adapter.cpp" />
<ClCompile Include="rbac\default_role_manager.cpp" />
<ClCompile Include="rbac_api.cpp" />
<ClCompile Include="rbac_api_with_domains.cpp" />
Expand Down Expand Up @@ -267,14 +267,14 @@
<ClInclude Include="model\scope_config.h" />
<ClInclude Include="persist.h" />
<ClInclude Include="persist\adapter.h" />
<ClInclude Include="persist\adapter_filtered.h" />
<ClInclude Include="persist\batch_adapter.h" />
<ClInclude Include="persist\default_watcher.h" />
<ClInclude Include="persist\default_watcher_ex.h" />
<ClInclude Include="persist\file-adapter\batch_file_adapter.h" />
<ClInclude Include="persist\file-adapter\file_adapter.h" />
<ClInclude Include="persist\file-adapter\filtered_adapter.h" />
<ClInclude Include="persist\file-adapter\pch.h" />
<ClInclude Include="persist\file_adapter\filtered_file_adapter.h" />
<ClInclude Include="persist\filtered_adapter.h" />
<ClInclude Include="persist\pch.h" />
<ClInclude Include="persist\watcher.h" />
<ClInclude Include="persist\watcher_ex.h" />
Expand Down
18 changes: 9 additions & 9 deletions casbin/casbin.vcxproj.filters
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,9 +222,6 @@
<ClCompile Include="persist\file_adapter\file_adapter.cpp">
<Filter>Source Files\persist\file_adapter</Filter>
</ClCompile>
<ClCompile Include="persist\file_adapter\filtered_adapter.cpp">
<Filter>Source Files\persist\file_adapter</Filter>
</ClCompile>
<ClCompile Include="persist\adapter.cpp">
<Filter>Source Files\persist</Filter>
</ClCompile>
Expand Down Expand Up @@ -255,6 +252,9 @@
<ClCompile Include="ip_parser\parser\parseIPv4.cpp">
<Filter>Source Files\ip_parser\parser</Filter>
</ClCompile>
<ClCompile Include="persist\file_adapter\filtered_file_adapter.cpp">
<Filter>Source Files\persist\file_adapter</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="config\config_interface.h">
Expand All @@ -272,9 +272,6 @@
<ClInclude Include="persist\adapter.h">
<Filter>Header Files\persist</Filter>
</ClInclude>
<ClInclude Include="persist\adapter_filtered.h">
<Filter>Header Files\persist</Filter>
</ClInclude>
<ClInclude Include="persist\watcher.h">
<Filter>Header Files\persist</Filter>
</ClInclude>
Expand Down Expand Up @@ -416,9 +413,6 @@
<ClInclude Include="duktape\pch.h">
<Filter>Header Files\duktape</Filter>
</ClInclude>
<ClInclude Include="persist\file-adapter\filtered_adapter.h">
<Filter>Header Files\persist\file_adapter</Filter>
</ClInclude>
<ClInclude Include="effect\default_effector.h">
<Filter>Header Files\effect</Filter>
</ClInclude>
Expand Down Expand Up @@ -467,5 +461,11 @@
<ClInclude Include="model\scope_config.h">
<Filter>Header Files\model</Filter>
</ClInclude>
<ClInclude Include="persist\filtered_adapter.h">
<Filter>Header Files\persist</Filter>
</ClInclude>
<ClInclude Include="persist\file_adapter\filtered_file_adapter.h">
<Filter>Header Files\persist\file_adapter</Filter>
</ClInclude>
</ItemGroup>
</Project>
5 changes: 3 additions & 2 deletions casbin/config/config.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,9 +156,10 @@ void Config :: Set(string key, string value) {
if (keys.size() >= 2) {
section = keys[0];
option = keys[1];
} else {
option = keys[0];
}
else
option = keys[0];

AddConfig(section, option, value);
mtx_lock.unlock();
}
Expand Down
18 changes: 8 additions & 10 deletions casbin/effect/default_effector.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,37 +33,35 @@ DefaultEffector* DefaultEffector :: NewDefaultEffector(){
bool DefaultEffector :: MergeEffects(string expr, vector<Effect> effects, vector<float> results) {
bool result;

unsigned int number_of_effects = sizeof(effects) / sizeof(effects[0]);

if (!expr.compare("some(where (p_eft == allow))")) {
if (!expr.compare("some(where (p.eft == allow))")) {
result = false;
for(unsigned int index = 0 ; index < number_of_effects ; index++){
for(unsigned int index = 0 ; index < effects.size() ; index++){
if (effects[index] == Effect::Allow) {
result = true;
break;
}
}
} else if (!expr.compare("!some(where (p_eft == deny))")) {
} else if (!expr.compare("!some(where (p.eft == deny))")) {
result = true;
for(unsigned int index = 0 ; index < number_of_effects ; index++){
for(unsigned int index = 0 ; index < effects.size(); index++){
if (effects[index] == Effect::Deny) {
result = false;
break;
}
}
} else if (!expr.compare("some(where (p_eft == allow)) && !some(where (p_eft == deny))")) {
} else if (!expr.compare("some(where (p.eft == allow)) && !some(where (p.eft == deny))")) {
result = false;
for(unsigned int index = 0 ; index < number_of_effects ; index++){
for(unsigned int index = 0 ; index < effects.size(); index++){
if (effects[index] == Effect::Allow) {
result = true;
} else if (effects[index] == Effect::Deny) {
result = false;
break;
}
}
} else if (!expr.compare("priority(p_eft) || deny")) {
} else if (!expr.compare("priority(p.eft) || deny")) {
result = false;
for(unsigned int index = 0 ; index < number_of_effects ; index++){
for(unsigned int index = 0 ; index < effects.size(); index++){
if (effects[index] != Effect::Indeterminate) {
if (effects[index] == Effect::Allow) {
result = true;
Expand Down
93 changes: 50 additions & 43 deletions casbin/enforcer.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@

#include "pch.h"

#include <algorithm>

#include "./enforcer.h"
#include "./persist/watcher_ex.h"
#include "./persist/file_adapter/file_adapter.h"
Expand All @@ -37,117 +39,123 @@ bool Enforcer :: enforce(string matcher, Scope scope) {
// }()

this->func_map.scope = scope;
this->func_map.LoadFunctionMap();

if(this->enabled)
if(!this->enabled)
return true;

// for(unordered_map <string, Function> :: iterator it = this->fm.fmap.begin() ; it != this->fm.fmap.end() ; it++)
// this->fm.AddFunction(it->first, it->second);

string expString;
string exp_string;
if(matcher == "")
expString = this->model->m["m"].assertion_map["m"]->value;
exp_string = this->model->m["m"].assertion_map["m"]->value;
else
expString = matcher;
exp_string = matcher;


unordered_map <string, RoleManager*> rm_map;
bool ok = this->model->m.find("g") != this->model->m.end();

if(ok) {
for(unordered_map <string, Assertion*> :: iterator it = this->model->m["g"].assertion_map.begin() ; it != this->model->m["g"].assertion_map.end() ; it++){
RoleManager* rm = it->second->rm;
int index = int(expString.find((it->first)+"("));
int char_count = int(count(it->second->value.begin(), it->second->value.end(), '_'));
int index = int(exp_string.find((it->first)+"("));
if(index != string::npos)
expString.insert(index+(it->first+"(").length()-1, (it->first)+"_rm");
PushPointer(this->func_map.scope, (void *)rm, (it->first)+"_rm");
this->func_map.AddFunction(it->first, GFunction);
exp_string.insert(index+(it->first+"(").length(), "rm, ");
PushPointer(this->func_map.scope, (void *)rm, "rm");
this->func_map.AddFunction(it->first, GFunction, char_count + 1);
}
}

unordered_map <string, int> pIntTokens;
unordered_map <string, int> p_int_tokens;
for(int i = 0 ; i < this->model->m["p"].assertion_map["p"]->tokens.size() ; i++)
pIntTokens[this->model->m["p"].assertion_map["p"]->tokens[i]] = i;
p_int_tokens[this->model->m["p"].assertion_map["p"]->tokens[i]] = i;

vector <string> pTokens = this->model->m["p"].assertion_map["p"]->tokens;
vector <string> p_tokens = this->model->m["p"].assertion_map["p"]->tokens;

vector <Effect> policyEffects;
vector <float> matcherResults;
int policy_len = int(this->model->m["p"].assertion_map["p"]->policy.size());

int policyLen = int(this->model->m["p"].assertion_map["p"]->policy.size());
vector <Effect> policy_effects(policy_len, Effect :: Indeterminate);
vector <float> matcher_results;

if(policyLen != 0) {
if(policy_len != 0) {
if(this->model->m["r"].assertion_map["r"]->tokens.size() != this->func_map.GetRLen())
return false;

//TODO
for( int i = 0 ; i < this->model->m["p"].assertion_map["p"]->policy.size() ; i++){
for( int i = 0 ; i < policy_len ; i++){
// log.LogPrint("Policy Rule: ", pvals)
vector<string> pVals = this->model->m["p"].assertion_map["p"]->policy[i];
if(this->model->m["p"].assertion_map["p"]->tokens.size() != pVals.size())
vector<string> p_vals = this->model->m["p"].assertion_map["p"]->policy[i];
if(this->model->m["p"].assertion_map["p"]->tokens.size() != p_vals.size())
return false;

PushObject(this->func_map.scope, "p");
for(int j = 0 ; j < pTokens.size() ; j++){
int index = int(pTokens[j].find("_"));
string token = pTokens[j].substr(index+1);
PushStringPropToObject(this->func_map.scope, "p", pVals[j], token);
for(int j = 0 ; j < p_tokens.size() ; j++){
int index = int(p_tokens[j].find("_"));
string token = p_tokens[j].substr(index+1);
PushStringPropToObject(this->func_map.scope, "p", p_vals[j], token);
}

this->func_map.Eval(expString);
this->func_map.Evaluate(exp_string);

//TODO
// log.LogPrint("Result: ", result)

if(CheckType(this->func_map.scope) == Type :: Bool){
bool result = GetBoolean(this->func_map.scope);
if(!result) {
policyEffects[i] = Effect :: Indeterminate;
policy_effects[i] = Effect :: Indeterminate;
continue;
}
}
else if(CheckType(this->func_map.scope) == Type :: Float){
bool result = GetFloat(this->func_map.scope);
if(result == 0) {
policyEffects[i] = Effect :: Indeterminate;
policy_effects[i] = Effect :: Indeterminate;
continue;
} else
matcherResults[i] = result;
matcher_results[i] = result;
}
else
return false;

bool ok = pIntTokens.find("p_eft") != pIntTokens.end();
if(ok) {
int j = pIntTokens["p_eft"];
string eft = pVals[j];
bool is_p_eft = p_int_tokens.find("p_eft") != p_int_tokens.end();
if(is_p_eft) {
int j = p_int_tokens["p_eft"];
string eft = p_vals[j];
if(eft == "allow")
policyEffects[i] = Effect :: Allow;
policy_effects[i] = Effect :: Allow;
else if(eft == "deny")
policyEffects[i] = Effect :: Deny;
policy_effects[i] = Effect :: Deny;
else
policyEffects[i] = Effect :: Indeterminate;
policy_effects[i] = Effect :: Indeterminate;
}
else
policyEffects[i] = Effect :: Allow;
policy_effects[i] = Effect :: Allow;

if(this->model->m["e"].assertion_map["e"]->value == "priority(p_eft) || deny")
break;
}
} else {
this->func_map.Eval(expString);
bool isValid = this->func_map.Evaluate(exp_string);
if(!isValid)
return false;
bool result = this->func_map.GetBooleanResult();

//TODO
// log.LogPrint("Result: ", result)

if(result)
policyEffects[0] = Effect::Allow;
policy_effects.push_back(Effect::Allow);
else
policyEffects[0] = Effect::Indeterminate;
policy_effects.push_back(Effect::Indeterminate);
}

//TODO
// log.LogPrint("Rule Results: ", policyEffects)

bool result = this->eft->MergeEffects(this->model->m["e"].assertion_map["e"]->value, policyEffects, matcherResults);
bool result = this->eft->MergeEffects(this->model->m["e"].assertion_map["e"]->value, policy_effects, matcher_results);

return result;
}

Expand Down Expand Up @@ -198,7 +206,7 @@ Enforcer* Enforcer :: NewEnforcer(Model* m, Adapter* adapter) {

e->Initialize();

if (e->adapter != NULL) {
if (e->adapter->file_path != "") {
e->LoadPolicy();
}
return e;
Expand Down Expand Up @@ -344,7 +352,6 @@ void Enforcer :: ClearPolicy() {
void Enforcer :: LoadPolicy() {
this->model->ClearPolicy();
this->adapter->LoadPolicy(this->model);

this->model->PrintPolicy();

if(this->auto_build_role_links) {
Expand Down
7 changes: 4 additions & 3 deletions casbin/enforcer.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
#include "./rbac/role_manager.h"
#include "./model/function.h"
#include "./enforcer_interface.h"
#include "./persist/adapter_filtered.h"
#include "./persist/filtered_adapter.h"

// Enforcer is the main interface for authorization enforcement and policy management.
class Enforcer : public IEnforcer{
Expand All @@ -33,7 +33,6 @@ class Enforcer : public IEnforcer{

Adapter* adapter;
Watcher* watcher;
RoleManager* rm;

bool enabled;
bool auto_save;
Expand All @@ -45,6 +44,8 @@ class Enforcer : public IEnforcer{

public:

RoleManager* rm;

/**
* Enforcer is the default constructor.
*/
Expand Down Expand Up @@ -190,7 +191,7 @@ class Enforcer : public IEnforcer{
bool RemoveNamedGroupingPolicy(string ptype, vector<string> params);
bool RemoveNamedGroupingPolicies(string p_type, vector<vector<string>> rules);
bool RemoveFilteredNamedGroupingPolicy(string ptype, int field_index, vector<string> field_values);
void AddFunction(string name, Function);
void AddFunction(string name, Function function, Index nargs);

/*RBAC API member functions.*/
vector<string> GetRolesForUser(string name);
Expand Down
2 changes: 1 addition & 1 deletion casbin/enforcer_interface.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ class IEnforcer {
virtual bool RemoveNamedGroupingPolicy(string ptype, vector<string> params) = 0;
virtual bool RemoveNamedGroupingPolicies(string p_type, vector<vector<string>> rules) = 0;
virtual bool RemoveFilteredNamedGroupingPolicy(string ptype, int fieldIndex, vector<string> fieldValues) = 0;
virtual void AddFunction(string name, Function) = 0;
virtual void AddFunction(string name, Function function, Index nargs) = 0;

/* Internal API member functions */
virtual bool addPolicy(string sec, string ptype, vector<string> rule) = 0;
Expand Down
Loading

0 comments on commit 8f4c866

Please sign in to comment.