Merge branch 'master' into dev

jcasbin · Oct 19, 2024 · 31d85f2 · 31d85f2
2 parents d0f4cc1 + 49b01e1
commit 31d85f2
Show file tree

Hide file tree

Showing 11 changed files with 605 additions and 2 deletions.
diff --git a/src/main/java/org/casbin/command/AbstractCommand.java b/src/main/java/org/casbin/command/AbstractCommand.java
@@ -0,0 +1,12 @@
+package org.casbin.command;
+
+import org.casbin.NewEnforcer;
+
+public abstract class AbstractCommand {
+
+    protected AbstractCommand() {
+
+    }
+
+    public abstract String run(NewEnforcer enforcer, String... args) throws Exception;
+}
diff --git a/src/main/java/org/casbin/command/EnforceCommand.java b/src/main/java/org/casbin/command/EnforceCommand.java
@@ -0,0 +1,15 @@
+package org.casbin.command;
+
+import org.casbin.NewEnforcer;
+
+public class EnforceCommand extends AbstractCommand {
+    @Override
+    public String run(NewEnforcer enforcer, String... args) throws Exception {
+        String subject = args[0];
+        String object = args[1];
+        String action = args[2];
+        boolean res = enforcer.enforce(subject, object, action);
+        System.out.println(res ? "Allowed" : "Denied");
+        return String.valueOf(res);
+    }
+}
diff --git a/src/main/java/org/casbin/command/HelpCommand.java b/src/main/java/org/casbin/command/HelpCommand.java
@@ -0,0 +1,8 @@
+package org.casbin.command;
+
+public class HelpCommand {
+
+    public void run() {
+        System.out.println("Usage: java -jar casbin-java-cli.jar rbac|rbac_with_condition|rbac_with_domains|role_manager|management [options]");
+    }
+}
diff --git a/src/main/java/org/casbin/command/ManagementCommand.java b/src/main/java/org/casbin/command/ManagementCommand.java
diff --git a/src/main/java/org/casbin/command/OperationHandle.java b/src/main/java/org/casbin/command/OperationHandle.java
@@ -0,0 +1,5 @@
+package org.casbin.command;
+
+public interface OperationHandle {
+    String handle(String[] params);
+}
diff --git a/src/main/java/org/casbin/command/RBACCommand.java b/src/main/java/org/casbin/command/RBACCommand.java
@@ -0,0 +1,10 @@
+package org.casbin.command;
+
+import org.casbin.NewEnforcer;
+
+public class RBACCommand extends AbstractCommand{
+    @Override
+    public String run(NewEnforcer enforcer, String... args) throws Exception {
+        return "";
+    }
+}
diff --git a/src/main/java/org/casbin/command/RBACWithConditionsCommand.java b/src/main/java/org/casbin/command/RBACWithConditionsCommand.java
@@ -0,0 +1,10 @@
+package org.casbin.command;
+
+import org.casbin.NewEnforcer;
+
+public class RBACWithConditionsCommand extends AbstractCommand{
+    @Override
+    public String run(NewEnforcer enforcer, String... args) throws Exception {
+        return "";
+    }
+}
diff --git a/src/main/java/org/casbin/command/RBACWithDomainsCommand.java b/src/main/java/org/casbin/command/RBACWithDomainsCommand.java
@@ -0,0 +1,90 @@
+package org.casbin.command;
+
+import org.apache.commons.cli.*;
+import org.casbin.NewEnforcer;
+
+import java.util.HashMap;
+import java.util.Map;
+
+
+public class RBACWithDomainsCommand extends AbstractCommand{
+
+    private static final String GET_USERS_FOR_ROLE_IN_DOMAIN = "getUsersForRoleInDomain";
+    private static final String GET_ROLES_FOR_USER_IN_DOMAIN = "getRolesForUserInDomain";
+    private static final String GET_PERMISSIONS_FOR_USER_IN_DOMAIN = "getPermissionsForUserInDomain";
+    private static final String ADD_ROLE_FOR_USER_IN_DOMAIN = "addRoleForUserInDomain";
+    private static final String DELETE_ROLE_FOR_USER_IN_DOMAIN = "deleteRoleForUserInDomain";
+    private static final String DELETE_ROLES_FOR_USER_IN_DOMAIN = "deleteRolesForUserInDomain";
+
+    @Override
+    public String run(NewEnforcer enforcer, String... args) throws Exception {
+        Options options = getOptions();
+
+        CommandLineParser parser = new DefaultParser();
+        HelpFormatter formatter = new HelpFormatter();
+
+        Map<String, OperationHandle> handlers = getStringOperationHandleMap(enforcer);
+
+        try {
+            CommandLine cmd = parser.parse(options, args);
+
+            String option = cmd.hasOption(GET_USERS_FOR_ROLE_IN_DOMAIN) ? GET_USERS_FOR_ROLE_IN_DOMAIN :
+                            cmd.hasOption(GET_ROLES_FOR_USER_IN_DOMAIN) ? GET_ROLES_FOR_USER_IN_DOMAIN :
+                            cmd.hasOption(GET_PERMISSIONS_FOR_USER_IN_DOMAIN) ? GET_PERMISSIONS_FOR_USER_IN_DOMAIN :
+                            cmd.hasOption(ADD_ROLE_FOR_USER_IN_DOMAIN) ? ADD_ROLE_FOR_USER_IN_DOMAIN :
+                            cmd.hasOption(DELETE_ROLE_FOR_USER_IN_DOMAIN) ? DELETE_ROLE_FOR_USER_IN_DOMAIN : DELETE_ROLES_FOR_USER_IN_DOMAIN;
+
+            OperationHandle handle = handlers.get(option);
+            String[] params = cmd.getOptionValues(option);
+            String res = handle.handle(params);
+            enforcer.savePolicy();
+            System.out.println(res);
+            return res;
+        } catch (Exception e) {
+            System.out.println(e.getMessage());
+            formatter.printHelp("rbac_with_domains", options);
+        }
+        return "";
+    }
+
+    private static Map<String, OperationHandle> getStringOperationHandleMap(NewEnforcer enforcer) {
+        Map<String, OperationHandle> handlers = new HashMap<>();
+        handlers.put(GET_USERS_FOR_ROLE_IN_DOMAIN, (params) -> String.valueOf(enforcer.getUsersForRoleInDomain(params[0], params[1])));
+        handlers.put(GET_ROLES_FOR_USER_IN_DOMAIN, (params) -> String.valueOf(enforcer.getRolesForUserInDomain(params[0], params[1])));
+        handlers.put(GET_PERMISSIONS_FOR_USER_IN_DOMAIN, (params) -> String.valueOf(enforcer.getPermissionsForUserInDomain(params[0], params[1])));
+        handlers.put(ADD_ROLE_FOR_USER_IN_DOMAIN, (params) -> String.valueOf(enforcer.addRoleForUserInDomain(params[0], params[1], params[2])));
+        handlers.put(DELETE_ROLE_FOR_USER_IN_DOMAIN, (params) -> String.valueOf(enforcer.deleteRoleForUserInDomain(params[0], params[1], params[2])));
+        handlers.put(DELETE_ROLES_FOR_USER_IN_DOMAIN, (params) -> String.valueOf(enforcer.deleteRolesForUser(params[0])));
+        return handlers;
+    }
+
+    private static Options getOptions() {
+        Options options = new Options();
+
+        Option option = new Option("gu", GET_USERS_FOR_ROLE_IN_DOMAIN, true, "retrieve the users that have a role within a domain");
+        option.setArgs(2);
+        options.addOption(option);
+
+        option = new Option("gr", GET_ROLES_FOR_USER_IN_DOMAIN, true, "retrieves the roles that a user has within a domain");
+        option.setArgs(2);
+        options.addOption(option);
+
+        option = new Option("gp", GET_PERMISSIONS_FOR_USER_IN_DOMAIN, true, "retrieves the permissions for a user or role within a domain");
+        option.setArgs(2);
+        options.addOption(option);
+
+        option = new Option("ar", ADD_ROLE_FOR_USER_IN_DOMAIN, true, "adds a role for a user within a domain. It returns false if the user already has the role (no changes made)");
+        option.setArgs(3);
+        options.addOption(option);
+
+        option = new Option("dr", DELETE_ROLE_FOR_USER_IN_DOMAIN, true, "removes a role for a user within a domain. It returns false if the user does not have the role (no changes made)");
+        option.setArgs(3);
+        options.addOption(option);
+
+        option = new Option("drs", DELETE_ROLES_FOR_USER_IN_DOMAIN, true, "removes all roles for a user within a domain. It returns false if the user does not have any roles (no changes made)");
+        option.setArgs(1);
+        options.addOption(option);
+
+        return options;
+    }
+}
diff --git a/src/main/java/org/casbin/command/RoleManagerCommand.java b/src/main/java/org/casbin/command/RoleManagerCommand.java
@@ -0,0 +1,10 @@
+package org.casbin.command;
+
+import org.casbin.NewEnforcer;
+
+public class RoleManagerCommand extends AbstractCommand{
+    @Override
+    public String run(NewEnforcer enforcer, String... args) throws Exception {
+        return "";
+    }
+}
diff --git a/src/main/java/org/casbin/util/Util.java b/src/main/java/org/casbin/util/Util.java
@@ -7,14 +7,12 @@
 import java.util.regex.Pattern;
 
 public class Util {
-
     public static String getMethodName(String methodCodes) {
         String regex = "\\b(\\w+)\\s*\\(";
         Pattern pattern = Pattern.compile(regex);
         Matcher matcher = pattern.matcher(methodCodes);
         return matcher.find() ? matcher.group(1) : null;
     }
-
     public static int getArgsNum(String methodCodes) {
         String regex = "\\(([^)]*)\\)";
         Pattern pattern = Pattern.compile(regex);

diff --git a/src/test/java/org/casbin/ClientTest.java b/src/test/java/org/casbin/ClientTest.java
@@ -21,6 +21,7 @@ public void testRBAC() throws ParseException {
 
     @Test
     public void testABAC() throws ParseException {
+
         assertEquals(Client.run(new String[]{"enforce","-m","examples/abac_rule_with_domains_model.conf","-p","examples/abac_rule_with_domains_policy.csv", "alice", "domain1", "data1", "read"}), "{\"allow\":true,\"explain\":null}");
         assertEquals(Client.run(new String[]{"enforce","-m","examples/abac_rule_with_domains_model.conf","-p","examples/abac_rule_with_domains_policy.csv", "alice","domain1", "data1", "write"}), "{\"allow\":true,\"explain\":null}");
         assertEquals(Client.run(new String[]{"enforce","-m","examples/abac_rule_with_domains_model.conf","-p","examples/abac_rule_with_domains_policy.csv", "alice", "domain2", "data1", "read"}), "{\"allow\":false,\"explain\":null}");
@@ -30,15 +31,18 @@ public void testABAC() throws ParseException {
         assertEquals(Client.run(new String[]{"enforce","-m","examples/abac_rule_with_domains_model.conf","-p","examples/abac_rule_with_domains_policy.csv", "bob", "domain2", "data2", "read"}), "{\"allow\":true,\"explain\":null}");
         assertEquals(Client.run(new String[]{"enforce","-m","examples/abac_rule_with_domains_model.conf","-p","examples/abac_rule_with_domains_policy.csv", "bob", "domain2", "data2", "read"}), "{\"allow\":true,\"explain\":null}");
 
+
     }
 
     @Test
     public void testAddAndRemovePolicy() throws ParseException {
+
         assertEquals(Client.run(new String[]{"addPolicy","-m","examples/abac_rule_with_domains_model.conf","-p","examples/abac_rule_with_domains_policy.csv", "alice", "domain1", "data1", "read"}), "{\"allow\":true,\"explain\":null}");
         assertEquals(Client.run(new String[]{"removePolicy","-m","examples/abac_rule_with_domains_model.conf","-p","examples/abac_rule_with_domains_policy.csv", "alice", "domain1", "data1", "read"}), "{\"allow\":true,\"explain\":null}");
 
         assertEquals(Client.run(new String[]{"addPolicy","-m","examples/rbac_model.conf","-p","examples/rbac_policy.csv", "alice", "data2", "write"}), "{\"allow\":true,\"explain\":null}");
         assertEquals(Client.run(new String[]{"removePolicy","-m","examples/rbac_model.conf","-p","examples/rbac_policy.csv", "alice", "data2", "write"}), "{\"allow\":true,\"explain\":null}");
+
     }
 
     @Test
@@ -235,4 +239,58 @@ public void testManagementApi() {
 
     }
 
+    @Test
+    public void testCustomFunction() throws ParseException {
+        String methodName = "keyMatchTest";
+        String model = "[request_definition]\n" +
+                "r = sub, obj, act\n" +
+                "\n" +
+                "[policy_definition]\n" +
+                "p = sub, obj, act\n" +
+                "\n" +
+                "[policy_effect]\n" +
+                "e = some(where (p.eft == allow))\n" +
+                "\n" +
+                "[matchers]\n" +
+                "m = r.sub == p.sub && "+methodName+"(r.obj, p.obj) && regexMatch(r.act, p.act)\n";
+        String func = "public static boolean "+methodName+"(String key1, String key2) {\n" +
+                "        int i = key2.indexOf('*');\n" +
+                "        if (i == -1) {\n" +
+                "            return key1.equals(key2);\n" +
+                "        }\n" +
+                "\n" +
+                "        if (key1.length() > i) {\n" +
+                "            return key1.substring(0, i).equals(key2.substring(0, i));\n" +
+                "        }\n" +
+                "        return key1.equals(key2.substring(0, i));\n" +
+                "    }";
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "alice, /alice_data/resource1, GET"}), "true");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "alice, /alice_data/resource1, POST"}), "true");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "alice, /alice_data/resource2, GET"}), "true");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "alice, /alice_data/resource2, POST"}), "false");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "alice, /bob_data/resource1, GET"}), "false");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "alice, /bob_data/resource1, POST"}), "false");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "alice, /bob_data/resource2, GET"}), "false");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "alice, /bob_data/resource2, POST"}), "false");
+
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "bob, /alice_data/resource1, GET"}), "false");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "bob, /alice_data/resource1, POST"}), "false");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "bob, /alice_data/resource2, GET"}), "true");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "bob, /alice_data/resource2, POST"}), "false");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "bob, /bob_data/resource1, GET"}), "false");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "bob, /bob_data/resource1, POST"}), "true");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "bob, /bob_data/resource2, GET"}), "false");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "bob, /bob_data/resource2, POST"}), "true");
+
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "cathy, /cathy_data, GET"}), "true");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "cathy, /cathy_data, POST"}), "true");
+        assertEquals(Client.run(new String[]{"management", "-m", model, "-p", "examples/keymatch_policy.csv", "-af", func, "-e", "cathy, /cathy_data, DELETE"}), "false");
+
+        }
+
+        @Test
+        public void testEnforce() {
+            assertEquals(Client.run(new String[]{"enforce","-m","examples/rbac_model.conf","-p","examples/rbac_policy.csv", "alice", "data1", "read"}), "true");
+        }
+
 }