From 031868e10463c9b7586c6e953e21efaf8e8b0934 Mon Sep 17 00:00:00 2001 From: "Yash Pandey (YP)" Date: Tue, 30 Mar 2021 17:43:25 +0530 Subject: [PATCH] feat: added synced enforcer Signed-off-by: Yash Pandey (YP) --- .gitignore | 3 +- casbin/casbin.vcxproj | 1 + casbin/casbin.vcxproj.filters | 3 + casbin/enforcer_synced.h | 292 ++++++++++++++++++++++++++++++++++ 4 files changed, 298 insertions(+), 1 deletion(-) create mode 100644 casbin/enforcer_synced.h diff --git a/.gitignore b/.gitignore index 47f7b330..7b14ee16 100644 --- a/.gitignore +++ b/.gitignore @@ -353,6 +353,7 @@ MigrationBackup/ .idea/ *.iml +.vscode # CMake work directory -cmake-build/ \ No newline at end of file +cmake-build/ diff --git a/casbin/casbin.vcxproj b/casbin/casbin.vcxproj index 6df54a2e..829cd0c0 100644 --- a/casbin/casbin.vcxproj +++ b/casbin/casbin.vcxproj @@ -233,6 +233,7 @@ + diff --git a/casbin/casbin.vcxproj.filters b/casbin/casbin.vcxproj.filters index 997ddf31..b1435e0e 100644 --- a/casbin/casbin.vcxproj.filters +++ b/casbin/casbin.vcxproj.filters @@ -470,6 +470,9 @@ Header Files\ip_parser\exception + + Header Files + diff --git a/casbin/enforcer_synced.h b/casbin/enforcer_synced.h new file mode 100644 index 00000000..c2d5430e --- /dev/null +++ b/casbin/enforcer_synced.h @@ -0,0 +1,292 @@ +/* + * Copyright 2020 The casbin Authors. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CASBIN_H_ENFORCER_SYNC +#define CASBIN_H_ENFORCER_SYNC + +#include +#include +#include + +#include "./enforcer.h" +#include "./persist/watcher.h" +#include "./util/ticker.h" + +class SyncedEnforcer : public Enforcer { + mutex policyMutex; + atomic_bool autoLoadRunning; + atomic_int n; + shared_ptr watcher; + unique_ptr ticker; + +public: + /** + * Enforcer is the default constructor. + */ + SyncedEnforcer(); + + /** + * Enforcer initializes an enforcer with a model file and a policy file. + * + * @param model_path the path of the model file. + * @param policy_file the path of the policy file. + */ + SyncedEnforcer(string model_path, string policy_file); + + /** + * Enforcer initializes an enforcer with a database adapter. + * + * @param model_path the path of the model file. + * @param adapter the adapter. + */ + SyncedEnforcer(string model_path, shared_ptr adapter); + + /** + * Enforcer initializes an enforcer with a model and a database adapter. + * + * @param m the model. + * @param adapter the adapter. + */ + SyncedEnforcer(shared_ptr m, shared_ptr adapter); + + /** + * Enforcer initializes an enforcer with a model. + * + * @param m the model. + */ + SyncedEnforcer(shared_ptr m); + + /** + * Enforcer initializes an enforcer with a model file. + * + * @param model_path the path of the model file. + */ + SyncedEnforcer(string model_path); + + /** + * Enforcer initializes an enforcer with a model file, a policy file and an enable log flag. + * + * @param model_path the path of the model file. + * @param policy_file the path of the policy file. + * @param enable_log whether to enable Casbin's log. + */ + SyncedEnforcer(string model_path, string policy_file, bool enable_log); + + // StartAutoLoadPolicy starts a thread that will go through every specified duration call LoadPolicy + void StartAutoLoadPolicy(std::chrono::duration t); + + // IsAutoLoadingRunning check if SyncedEnforcer is auto loading policies + inline bool IsAutoLoadingRunning(); + + // StopAutoLoadPolicy causes the thread to exit + void StopAutoLoadPolicy(); + + string UpdateWrapper(); + + // SetWatcher sets the current watcher. + void SetWatcher(shared_ptr w); + + // LoadModel reloads the model from the model CONF file. + void LoadModel(); + + // ClearPolicy clears all policy. + void ClearPolicy(); + + // LoadPolicy reloads the policy from file/database. + void LoadPolicy(); + + void LoadPolicyWrapper(); + + // LoadFilteredPolicy reloads a filtered policy from file/database. + template + void LoadFilteredPolicy(Filter); + + // LoadIncrementalFilteredPolicy reloads a filtered policy from file/database. + void LoadIncrementalFilteredPolicy(Filter); + + // SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database. + void SavePolicy(); + + // BuildRoleLinks manually rebuild the role inheritance relations. + void BuildRoleLinks(); + + // Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). + bool Enforce(Scope); + + // Enforce with a vector param,decides whether a "subject" can access a + // "object" with the operation "action", input parameters are usually: (sub, + // obj, act). + bool Enforce(vector params); + + // Enforce with a map param,decides whether a "subject" can access a "object" + // with the operation "action", input parameters are usually: (sub, obj, act). + bool Enforce(unordered_map params); + + // BatchEnforce enforce in batches + vector BatchEnforce(vector> requests); + + // BatchEnforceWithMatcher enforce with matcher in batches + vector BatchEnforceWithMatcher(string matcher, vector> requests); + + // GetAllSubjects gets the list of subjects that show up in the current policy. + vector GetAllSubjects(); + + // GetAllNamedSubjects gets the list of subjects that show up in the current named policy. + vector GetAllNamedSubjects(string ptype); + + // GetAllObjects gets the list of objects that show up in the current policy. + vector GetAllObjects(); + + // GetAllNamedObjects gets the list of objects that show up in the current named policy. + vector GetAllNamedObjects(string ptype); + + // GetAllNamedActions gets the list of actions that show up in the current named policy. + vector GetAllNamedActions(string ptype); + + // GetAllRoles gets the list of roles that show up in the current policy. + vector GetAllRoles(); + + // GetAllNamedRoles gets the list of roles that show up in the current named policy. + vector GetAllNamedRoles(string ptype); + + // GetPolicy gets all the authorization rules in the policy. + vector> GetPolicy(); + + // GetNamedPolicy gets all the authorization rules in the named policy. + vector> GetNamedPolicy(string ptype); + + // GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified. + vector> GetFilteredNamedPolicy(string ptype, int fieldIndex, vector fieldValues); + + // GetGroupingPolicy gets all the role inheritance rules in the policy. + vector> GetGroupingPolicy(); + + // GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. + vector> GetFilteredGroupingPolicy(int fieldIndex, vector fieldValues); + + // GetNamedGroupingPolicy gets all the role inheritance rules in the policy. + vector> GetNamedGroupingPolicy(string ptype); + + // GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. + vector> GetFilteredNamedGroupingPolicy(string ptype, int fieldIndex, vector fieldValues); + + // HasPolicy determines whether an authorization rule exists. + bool HasPolicy(vector params); + + // HasNamedPolicy determines whether a named authorization rule exists. + bool HasNamedPolicy(string ptype, vector params); + + // AddPolicy adds an authorization rule to the current policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool AddPolicy(vector params); + + // AddPolicies adds authorization rules to the current policy. + // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. + // Otherwise the function returns true for the corresponding rule by adding the new rule. + bool AddPolicies(vector> rules); + + // AddNamedPolicy adds an authorization rule to the current named policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool AddNamedPolicy(string ptype, vector params); + + // AddNamedPolicies adds authorization rules to the current named policy. + // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. + // Otherwise the function returns true for the corresponding by adding the new rule. + bool AddNamedPolicies(string ptype, vector> rules); + + // RemovePolicy removes an authorization rule from the current policy. + bool RemovePolicy(vector params); + + // UpdatePolicy updates an authorization rule from the current policy. + bool UpdatePolicy(vector oldPolicy, vector newPolicy); + + bool UpdateNamedPolicy(string ptype, vector p1, vector p2); + + // UpdatePolicies updates authorization rules from the current policies. + bool UpdatePolicies(vector> oldPolices, vector> newPolicies); + + bool UpdateNamedPolicies(string ptype, vector> p1, vector> p2); + + // RemovePolicies removes authorization rules from the current policy. + bool RemovePolicies(vector> rules); + + // RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. + bool RemoveFilteredPolicy(int fieldIndex, vector fieldValues); + + // RemoveNamedPolicy removes an authorization rule from the current named policy. + bool RemoveNamedPolicy(string ptype, vector params); + + // RemoveNamedPolicies removes authorization rules from the current named policy. + bool RemoveNamedPolicies(string ptype, vector> rules); + + // RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified. + bool RemoveFilteredNamedPolicy(string ptype, int fieldIndex, vector fieldValues); + + // HasGroupingPolicy determines whether a role inheritance rule exists. + bool HasGroupingPolicy(vector params); + + // HasNamedGroupingPolicy determines whether a named role inheritance rule exists. + bool HasNamedGroupingPolicy(string ptype, vector params); + + // AddGroupingPolicy adds a role inheritance rule to the current policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool AddGroupingPolicy(vector params); + + // AddGroupingPolicies adds role inheritance rulea to the current policy. + // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. + // Otherwise the function returns true for the corresponding policy rule by adding the new rule. + bool AddGroupingPolicies(vector> rules); + + // AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool AddNamedGroupingPolicy(string ptype, vector params); + + // AddNamedGroupingPolicies adds named role inheritance rules to the current policy. + // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. + // Otherwise the function returns true for the corresponding policy rule by adding the new rule. + bool AddNamedGroupingPolicies(string ptype, vector> rules); + + // RemoveGroupingPolicy removes a role inheritance rule from the current policy. + bool RemoveGroupingPolicy(vector params); + + // RemoveGroupingPolicies removes role inheritance rules from the current policy. + bool RemoveGroupingPolicies(vector> rules); + + // RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified. + bool RemoveFilteredGroupingPolicy(int fieldIndex, vector fieldValues); + + // RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy. + bool RemoveNamedGroupingPolicy(string ptype, vector params); + + // RemoveNamedGroupingPolicies removes role inheritance rules from the current named policy. + bool RemoveNamedGroupingPolicies(string ptype, vector> rules); + + bool UpdateGroupingPolicy(vector oldRule, vector newRule); + + bool UpdateNamedGroupingPolicy(string ptype, vector oldRule, vector newRule); + + // RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified. + bool RemoveFilteredNamedGroupingPolicy(string ptype, int fieldIndex, vector fieldValues); + + // AddFunction adds a customized function. + void AddFunction(string name, Function function, Index nargs); +}; + +#endif // CASBIN_CPP_ENFORCER_SYNC