feat: support more than 3 args in EnforceEx() (#13)

cmd/enforce.go

@@ -31,20 +31,21 @@ var enforceExCmd = &cobra.Command{
 	Use:   "enforceEx",
 	Short: "Test if a 'subject' can access a 'object' with a given 'action' based on the policy",
 	Long:  `Test if a 'subject' can access a 'object' with a given 'action' based on the policy`,
-	Args:  cobra.ExactArgs(3),
 	Run: func(cmd *cobra.Command, args []string) {
 		modelPath, _ := cmd.Flags().GetString("model")
 		policyPath, _ := cmd.Flags().GetString("policy")
-		subject := args[0]
-		object := args[1]
-		action := args[2]
 
 		e, err := casbin.NewEnforcer(modelPath, policyPath)
 		if err != nil {
 			panic(err)
 		}
 
-		res, explain, err := e.EnforceEx(subject, object, action)
+		params := make([]interface{}, len(args))
+		for i, v := range args {
+			params[i] = v
+		}
+
+		res, explain, err := e.EnforceEx(params...)
 		if err != nil {
 			cmd.PrintErrf("Error during enforcement: %v\n", err)
 			return
@@ -70,20 +71,21 @@ var enforceCmd = &cobra.Command{
 	Use:   "enforce",
 	Short: "Test if a 'subject' can access a 'object' with a given 'action' based on the policy",
 	Long:  `Test if a 'subject' can access a 'object' with a given 'action' based on the policy`,
-	Args:  cobra.ExactArgs(3),
 	Run: func(cmd *cobra.Command, args []string) {
 		modelPath, _ := cmd.Flags().GetString("model")
 		policyPath, _ := cmd.Flags().GetString("policy")
-		subject := args[0]
-		object := args[1]
-		action := args[2]
 
 		e, err := casbin.NewEnforcer(modelPath, policyPath)
 		if err != nil {
 			panic(err)
 		}
 
-		res, err := e.Enforce(subject, object, action)
+		params := make([]interface{}, len(args))
+		for i, v := range args {
+			params[i] = v
+		}
+
+		res, err := e.Enforce(params...)
 		if err != nil {
 			cmd.PrintErrf("Error during enforcement: %v\n", err)
 			return

cmd/enforce_test.go

@@ -26,6 +26,9 @@ func Test_enforceCmd(t *testing.T) {
 	assertExecuteCommand(t, rootCmd, "{\"allow\":false,\"explain\":[]}\n", append(basicArgs, "alice", "data2", "write")...)
 	assertExecuteCommand(t, rootCmd, "{\"allow\":true,\"explain\":[]}\n", append(basicArgs, "bob", "data2", "write")...)
 	assertExecuteCommand(t, rootCmd, "{\"allow\":false,\"explain\":[]}\n", append(basicArgs, "bob", "data2", "read")...)
+
+	domainArgs := []string{"enforce", "-m", "../test/rbac_with_domains_model.conf", "-p", "../test/rbac_with_domains_policy.csv"}
+	assertExecuteCommand(t, rootCmd, "{\"allow\":true,\"explain\":[]}\n", append(domainArgs, "alice", "domain1", "data1", "read")...)
 }
 
 func Test_enforceExCmd(t *testing.T) {
@@ -36,4 +39,7 @@ func Test_enforceExCmd(t *testing.T) {
 	assertExecuteCommand(t, rootCmd, "{\"allow\":false,\"explain\":[]}\n", append(basicArgs, "alice", "data2", "write")...)
 	assertExecuteCommand(t, rootCmd, "{\"allow\":true,\"explain\":[\"bob\",\"data2\",\"write\"]}\n", append(basicArgs, "bob", "data2", "write")...)
 	assertExecuteCommand(t, rootCmd, "{\"allow\":false,\"explain\":[]}\n", append(basicArgs, "bob", "data2", "read")...)
+
+	domainArgs := []string{"enforceEx", "-m", "../test/rbac_with_domains_model.conf", "-p", "../test/rbac_with_domains_policy.csv"}
+	assertExecuteCommand(t, rootCmd, "{\"allow\":true,\"explain\":[\"admin\",\"domain1\",\"data1\",\"read\"]}\n", append(domainArgs, "alice", "domain1", "data1", "read")...)
 }

test/rbac_with_domains_model.conf

@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, dom, obj, act
+
+[policy_definition]
+p = sub, dom, obj, act
+
+[role_definition]
+g = _, _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act

test/rbac_with_domains_policy.csv

@@ -0,0 +1,6 @@
+p, admin, domain1, data1, read
+p, admin, domain1, data1, write
+p, admin, domain2, data2, read
+p, admin, domain2, data2, write
+g, alice, admin, domain1
+g, bob, admin, domain2