From 0b76a60ce9c98148e82a77fc123f5f7702ca4cdc Mon Sep 17 00:00:00 2001 From: Liao Xin <93535922+liewstar@users.noreply.github.com> Date: Thu, 2 Jan 2025 21:12:45 +0800 Subject: [PATCH] feat: support more than 3 args in EnforceEx() (#13) --- cmd/enforce.go | 22 ++++++++++++---------- cmd/enforce_test.go | 6 ++++++ test/rbac_with_domains_model.conf | 14 ++++++++++++++ test/rbac_with_domains_policy.csv | 6 ++++++ 4 files changed, 38 insertions(+), 10 deletions(-) create mode 100644 test/rbac_with_domains_model.conf create mode 100644 test/rbac_with_domains_policy.csv diff --git a/cmd/enforce.go b/cmd/enforce.go index 18e8212..e961a30 100644 --- a/cmd/enforce.go +++ b/cmd/enforce.go @@ -31,20 +31,21 @@ var enforceExCmd = &cobra.Command{ Use: "enforceEx", Short: "Test if a 'subject' can access a 'object' with a given 'action' based on the policy", Long: `Test if a 'subject' can access a 'object' with a given 'action' based on the policy`, - Args: cobra.ExactArgs(3), Run: func(cmd *cobra.Command, args []string) { modelPath, _ := cmd.Flags().GetString("model") policyPath, _ := cmd.Flags().GetString("policy") - subject := args[0] - object := args[1] - action := args[2] e, err := casbin.NewEnforcer(modelPath, policyPath) if err != nil { panic(err) } - res, explain, err := e.EnforceEx(subject, object, action) + params := make([]interface{}, len(args)) + for i, v := range args { + params[i] = v + } + + res, explain, err := e.EnforceEx(params...) if err != nil { cmd.PrintErrf("Error during enforcement: %v\n", err) return @@ -70,20 +71,21 @@ var enforceCmd = &cobra.Command{ Use: "enforce", Short: "Test if a 'subject' can access a 'object' with a given 'action' based on the policy", Long: `Test if a 'subject' can access a 'object' with a given 'action' based on the policy`, - Args: cobra.ExactArgs(3), Run: func(cmd *cobra.Command, args []string) { modelPath, _ := cmd.Flags().GetString("model") policyPath, _ := cmd.Flags().GetString("policy") - subject := args[0] - object := args[1] - action := args[2] e, err := casbin.NewEnforcer(modelPath, policyPath) if err != nil { panic(err) } - res, err := e.Enforce(subject, object, action) + params := make([]interface{}, len(args)) + for i, v := range args { + params[i] = v + } + + res, err := e.Enforce(params...) if err != nil { cmd.PrintErrf("Error during enforcement: %v\n", err) return diff --git a/cmd/enforce_test.go b/cmd/enforce_test.go index a79aa9d..9525049 100644 --- a/cmd/enforce_test.go +++ b/cmd/enforce_test.go @@ -26,6 +26,9 @@ func Test_enforceCmd(t *testing.T) { assertExecuteCommand(t, rootCmd, "{\"allow\":false,\"explain\":[]}\n", append(basicArgs, "alice", "data2", "write")...) assertExecuteCommand(t, rootCmd, "{\"allow\":true,\"explain\":[]}\n", append(basicArgs, "bob", "data2", "write")...) assertExecuteCommand(t, rootCmd, "{\"allow\":false,\"explain\":[]}\n", append(basicArgs, "bob", "data2", "read")...) + + domainArgs := []string{"enforce", "-m", "../test/rbac_with_domains_model.conf", "-p", "../test/rbac_with_domains_policy.csv"} + assertExecuteCommand(t, rootCmd, "{\"allow\":true,\"explain\":[]}\n", append(domainArgs, "alice", "domain1", "data1", "read")...) } func Test_enforceExCmd(t *testing.T) { @@ -36,4 +39,7 @@ func Test_enforceExCmd(t *testing.T) { assertExecuteCommand(t, rootCmd, "{\"allow\":false,\"explain\":[]}\n", append(basicArgs, "alice", "data2", "write")...) assertExecuteCommand(t, rootCmd, "{\"allow\":true,\"explain\":[\"bob\",\"data2\",\"write\"]}\n", append(basicArgs, "bob", "data2", "write")...) assertExecuteCommand(t, rootCmd, "{\"allow\":false,\"explain\":[]}\n", append(basicArgs, "bob", "data2", "read")...) + + domainArgs := []string{"enforceEx", "-m", "../test/rbac_with_domains_model.conf", "-p", "../test/rbac_with_domains_policy.csv"} + assertExecuteCommand(t, rootCmd, "{\"allow\":true,\"explain\":[\"admin\",\"domain1\",\"data1\",\"read\"]}\n", append(domainArgs, "alice", "domain1", "data1", "read")...) } diff --git a/test/rbac_with_domains_model.conf b/test/rbac_with_domains_model.conf new file mode 100644 index 0000000..57c3721 --- /dev/null +++ b/test/rbac_with_domains_model.conf @@ -0,0 +1,14 @@ +[request_definition] +r = sub, dom, obj, act + +[policy_definition] +p = sub, dom, obj, act + +[role_definition] +g = _, _, _ + +[policy_effect] +e = some(where (p.eft == allow)) + +[matchers] +m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act \ No newline at end of file diff --git a/test/rbac_with_domains_policy.csv b/test/rbac_with_domains_policy.csv new file mode 100644 index 0000000..8558d17 --- /dev/null +++ b/test/rbac_with_domains_policy.csv @@ -0,0 +1,6 @@ +p, admin, domain1, data1, read +p, admin, domain1, data1, write +p, admin, domain2, data2, read +p, admin, domain2, data2, write +g, alice, admin, domain1 +g, bob, admin, domain2 \ No newline at end of file