fix: add more example of globmatch and add unit test for it (#263)

casbin · Jun 26, 2022 · 42d65d2 · 42d65d2
1 parent 4f3e71f
commit 42d65d2
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 0 deletions.
diff --git a/examples/globmatch_model.conf b/examples/globmatch_model.conf
@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && globMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
diff --git a/examples/globmatch_policy.csv b/examples/globmatch_policy.csv
@@ -0,0 +1,5 @@
+p, alice, /alice_data/*, GET
+p, alice, /alice_data/???, POST
+
+p, bob, /alice_data/[1-9], GET
+p, bob, /bob_data/[!1-9], POST
diff --git a/tests/test_enforcer.py b/tests/test_enforcer.py
@@ -147,6 +147,19 @@ def custom_function(key1, key2):
         self.assertFalse(e.enforce("alice", "/alice_data2/myid", "GET"))
         self.assertTrue(e.enforce("alice", "/alice_data2/myid/using/res_id", "GET"))
 
+    def test_enforce_glob_match(self):
+        e = self.get_enforcer(
+            get_examples("globmatch_model.conf"),
+            get_examples("globmatch_policy.csv"),
+        )
+
+        self.assertTrue(e.enforce("alice", "/alice_data/test_all", "GET"))
+        self.assertTrue(e.enforce("alice", "/alice_data/123", "POST"))
+        self.assertTrue(e.enforce("bob", "/alice_data/1", "GET"))
+        self.assertFalse(e.enforce("bob", "/alice_data/0", "GET"))
+        self.assertTrue(e.enforce("bob", "/bob_data/0", "POST"))
+        self.assertFalse(e.enforce("bob", "/bob_data/1", "POST"))
+
     def test_enforce_priority(self):
         e = self.get_enforcer(get_examples("priority_model.conf"), get_examples("priority_policy.csv"))
         self.assertTrue(e.enforce("alice", "data1", "read"))