From 49b01e16a5cdedb280f276af4035b78b6b440fc9 Mon Sep 17 00:00:00 2001 From: Liao Xin <93535922+liewstar@users.noreply.github.com> Date: Sun, 22 Sep 2024 22:28:20 +0800 Subject: [PATCH] fix: add enforce command (#15) --- README.md | 8 ++++---- src/main/java/org/casbin/Client.java | 2 ++ .../java/org/casbin/command/EnforceCommand.java | 15 +++++++++++++++ src/test/java/org/casbin/ClientTest.java | 5 +++++ 4 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 src/main/java/org/casbin/command/EnforceCommand.java diff --git a/README.md b/README.md index 9921991..5726c14 100644 --- a/README.md +++ b/README.md @@ -33,13 +33,13 @@ mvn clean install - Check whether Alice has read permission on data1 ```shell - ./casbin -m "examples/rbac_model.conf" -p "examples/rbac_policy.csv" -e "alice, data1, read" + ./casbin enforce -m "examples/rbac_model.conf" -p "examples/rbac_policy.csv" "alice" "data1" "read" ``` - > Allow + > Allowed ```shell - ./casbin -m "[request_definition]|r = sub, obj, act|[policy_definition]|p = sub, obj, act|[role_definition]|g = _, _|[policy_effect]|e = some(where (p.eft == allow))|[matchers]|m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act" -p "p, alice, data1, read|p, bob, data2, write|p, data2_admin, data2, read|p, data2_admin, data2, write|g, alice, data2_admin" -e "alice, data1, read" + ./casbin enforce -m "[request_definition]|r = sub, obj, act|[policy_definition]|p = sub, obj, act|[role_definition]|g = _, _|[policy_effect]|e = some(where (p.eft == allow))|[matchers]|m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act" -p "p, alice, data1, read|p, bob, data2, write|p, data2_admin, data2, read|p, data2_admin, data2, write|g, alice, data2_admin" "alice" "data1" "read" ``` - > Allow + > Allowed - Check whether Alice has write permission for data2. If so, display the effective policy. diff --git a/src/main/java/org/casbin/Client.java b/src/main/java/org/casbin/Client.java index b7ff039..bb7e872 100644 --- a/src/main/java/org/casbin/Client.java +++ b/src/main/java/org/casbin/Client.java @@ -20,6 +20,7 @@ public class Client { private static final String RBAC_WITH_DOMAINS_COMMAND = "rbac_with_domains"; private static final String ROLEMANAGER_COMMAND = "role_manager"; private static final String MANAGEMENT_COMMAND = "management"; + private static final String ENFORCE_COMMAND = "enforce"; private static final Map COMMANDS = new HashMap<>(); @@ -29,6 +30,7 @@ public class Client { COMMANDS.put(RBAC_WITH_DOMAINS_COMMAND, new RBACWithDomainsCommand()); COMMANDS.put(ROLEMANAGER_COMMAND, new RoleManagerCommand()); COMMANDS.put(MANAGEMENT_COMMAND, new ManagementCommand()); + COMMANDS.put(ENFORCE_COMMAND, new EnforceCommand()); } public static String run(String... args) { diff --git a/src/main/java/org/casbin/command/EnforceCommand.java b/src/main/java/org/casbin/command/EnforceCommand.java new file mode 100644 index 0000000..04c16e8 --- /dev/null +++ b/src/main/java/org/casbin/command/EnforceCommand.java @@ -0,0 +1,15 @@ +package org.casbin.command; + +import org.casbin.NewEnforcer; + +public class EnforceCommand extends AbstractCommand { + @Override + public String run(NewEnforcer enforcer, String... args) throws Exception { + String subject = args[0]; + String object = args[1]; + String action = args[2]; + boolean res = enforcer.enforce(subject, object, action); + System.out.println(res ? "Allowed" : "Denied"); + return String.valueOf(res); + } +} diff --git a/src/test/java/org/casbin/ClientTest.java b/src/test/java/org/casbin/ClientTest.java index bd60c50..125a541 100644 --- a/src/test/java/org/casbin/ClientTest.java +++ b/src/test/java/org/casbin/ClientTest.java @@ -111,4 +111,9 @@ public void testCustomFunction() throws ParseException { } + @Test + public void testEnforce() { + assertEquals(Client.run(new String[]{"enforce","-m","examples/rbac_model.conf","-p","examples/rbac_policy.csv", "alice", "data1", "read"}), "true"); + } + }