feat: support in operator on list/set and other compound types

Signed-off-by: ffyuanda <46557895+ffyuanda@users.noreply.github.com>

casbin/util/expression.py

@@ -1,8 +1,8 @@
-from simpleeval import SimpleEval
+from simpleeval import EvalWithCompoundTypes
 import ast
 
 
-class SimpleEval(SimpleEval):
+class SimpleEval(EvalWithCompoundTypes):
     """Rewrite SimpleEval.
     >>> s = SimpleEval("20 + 30 - ( 10 * 5)")
     >>> s.eval()

examples/rbac_model_matcher_using_in_op_bracket.conf

@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act || r.obj in ['data2', 'data3']

examples/rbac_policy.csv

@@ -3,4 +3,4 @@ p, bob, data2, write
 p, data2_admin, data2, read
 p, data2_admin, data2, write
 
-g, alice, data2_admin
+g, alice, data2_admin

tests/test_enforcer.py

@@ -337,6 +337,17 @@ def test_abac_with_multiple_sub_rules(self):
         self.assertFalse(e.enforce(sub4, "/data1", "write"))
         self.assertTrue(e.enforce(sub4, "/data2", "write"))
 
+    def test_matcher_using_in_operator_bracket(self):
+        e = self.get_enforcer(
+            get_examples("rbac_model_matcher_using_in_op_bracket.conf"),
+            get_examples("rbac_policy.csv"),
+        )
+
+        self.assertTrue(e.enforce("alice", "data1", "read"))
+        self.assertTrue(e.enforce("alice", "data2", "read"))
+        self.assertTrue(e.enforce("alice", "data3", "scribble"))
+        self.assertFalse(e.enforce("alice", "data4", "scribble"))
+
 
 class TestConfigSynced(TestConfig):
     def get_enforcer(self, model=None, adapter=None):