From 05d8dfced4e39dc1dbb5c4cb477c7e16799c9e9b Mon Sep 17 00:00:00 2001 From: sheny1xuan <43725202+sheny1xuan@users.noreply.github.com> Date: Fri, 4 Jun 2021 23:48:56 +0800 Subject: [PATCH 1/3] refactor: refactor ManagementEnforcer.update_policy and update_policies (#160) Signed-off-by: Shen Yixuan <1479765922@qq.com> --- casbin/model/policy.py | 51 ++++++++++++++++++++++++--- examples/priority_model_explicit.conf | 14 ++++++++ examples/priority_policy_explicit.csv | 12 +++++++ tests/model/test_policy.py | 35 ++++++++++++++++++ 4 files changed, 107 insertions(+), 5 deletions(-) create mode 100644 examples/priority_model_explicit.conf create mode 100644 examples/priority_policy_explicit.csv diff --git a/casbin/model/policy.py b/casbin/model/policy.py index aca055a4..2f1931c3 100644 --- a/casbin/model/policy.py +++ b/casbin/model/policy.py @@ -85,19 +85,60 @@ def add_policies(self,sec,ptype,rules): def update_policy(self, sec, ptype, old_rule, new_rule): """update a policy rule from the model.""" - if not self.has_policy(sec, ptype, old_rule): + if sec not in self.model.keys(): + return False + if ptype not in self.model[sec]: + return False + + ast = self.model[sec][ptype] + + if old_rule in ast.policy: + rule_index = ast.policy.index(old_rule) + else: return False - return self.remove_policy(sec, ptype, old_rule) and self.add_policy(sec, ptype, new_rule) + if "p_priority" in ast.tokens: + priority_index = ast.tokens.index("p_priority") + if old_rule[priority_index] == new_rule[priority_index]: + ast.policy[rule_index] = new_rule + else: + raise Exception("New rule should have the same priority with old rule.") + else: + ast.policy[rule_index] = new_rule + + return True def update_policies(self, sec, ptype, old_rules, new_rules): """update policy rules from the model.""" - for rule in old_rules: - if not self.has_policy(sec, ptype, rule): + if sec not in self.model.keys(): + return False + if ptype not in self.model[sec]: + return False + if len(old_rules) != len(new_rules): + return False + + ast = self.model[sec][ptype] + old_rules_index = [] + + for old_rule in old_rules: + if old_rule in ast.policy: + old_rules_index.append(ast.policy.index(old_rule)) + else: return False - return self.remove_policies(sec, ptype, old_rules) and self.add_policies(sec, ptype, new_rules) + if "p_priority" in ast.tokens: + priority_index = ast.tokens.index("p_priority") + for idx, old_rule, new_rule in zip(old_rules_index, old_rules, new_rules): + if old_rule[priority_index] == new_rule[priority_index]: + ast.policy[idx] = new_rule + else: + raise Exception("New rule should have the same priority with old rule.") + else: + for idx, old_rule, new_rule in zip(old_rules_index ,old_rules, new_rules): + ast.policy[idx] = new_rule + + return True def remove_policy(self, sec, ptype, rule): """removes a policy rule from the model.""" diff --git a/examples/priority_model_explicit.conf b/examples/priority_model_explicit.conf new file mode 100644 index 00000000..5df75b27 --- /dev/null +++ b/examples/priority_model_explicit.conf @@ -0,0 +1,14 @@ +[request_definition] +r = sub, obj, act + +[policy_definition] +p = priority, sub, obj, act, eft + +[role_definition] +g = _, _ + +[policy_effect] +e = priority(p.eft) || deny + +[matchers] +m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act \ No newline at end of file diff --git a/examples/priority_policy_explicit.csv b/examples/priority_policy_explicit.csv new file mode 100644 index 00000000..0fec82c5 --- /dev/null +++ b/examples/priority_policy_explicit.csv @@ -0,0 +1,12 @@ +p, 10, data1_deny_group, data1, read, deny +p, 10, data1_deny_group, data1, write, deny +p, 10, data2_allow_group, data2, read, allow +p, 10, data2_allow_group, data2, write, allow + + +p, 1, alice, data1, write, allow +p, 1, alice, data1, read, allow +p, 1, bob, data2, read, deny + +g, bob, data2_allow_group +g, alice, data1_deny_group diff --git a/tests/model/test_policy.py b/tests/model/test_policy.py index 65bd6507..4a8d08f1 100644 --- a/tests/model/test_policy.py +++ b/tests/model/test_policy.py @@ -68,6 +68,19 @@ def test_update_policy(self): self.assertFalse(m.has_policy('p', 'p', old_rule)) self.assertTrue(m.has_policy('p', 'p', new_rule)) + m = Model() + m.load_model(get_examples("priority_model_explicit.conf")) + + old_rule = ['1', 'admin', 'data1', 'read', 'allow'] + new_rule = ['1', 'admin', 'data2', 'read', 'allow'] + + m.add_policy('p', 'p', old_rule) + self.assertTrue(m.has_policy('p', 'p', old_rule)) + + m.update_policy('p', 'p', old_rule, new_rule) + self.assertFalse(m.has_policy('p', 'p', old_rule)) + self.assertTrue(m.has_policy('p', 'p', new_rule)) + def test_update_policies(self): m = Model() m.load_model(get_examples("basic_model.conf")) @@ -91,6 +104,28 @@ def test_update_policies(self): for new_rule in new_rules: self.assertTrue(m.has_policy('p', 'p', new_rule)) + m = Model() + m.load_model(get_examples("priority_model_explicit.conf")) + + old_rules = [['1', 'admin', 'data1', 'read', 'allow'], + ['1', 'admin', 'data2', 'read', 'allow'], + ['1', 'admin', 'data3', 'read', 'allow']] + new_rules = [['1', 'admin', 'data4', 'read', 'allow'], + ['1', 'admin', 'data5', 'read', 'allow'], + ['1', 'admin', 'data6', 'read', 'allow']] + + m.add_policies('p', 'p', old_rules) + + for old_rule in old_rules: + self.assertTrue(m.has_policy('p', 'p', old_rule)) + + m.update_policies('p', 'p', old_rules, new_rules) + + for old_rule in old_rules: + self.assertFalse(m.has_policy('p', 'p', old_rule)) + for new_rule in new_rules: + self.assertTrue(m.has_policy('p', 'p', new_rule)) + def test_remove_policy(self): m = Model() m.load_model(get_examples("basic_model.conf")) From 4724f7a2c137ba5357634aee1eebc1b1c28959f9 Mon Sep 17 00:00:00 2001 From: jetz Date: Mon, 7 Jun 2021 14:57:29 +0800 Subject: [PATCH 2/3] fix: start auto loading policy for SyncedEnforcer Signed-off-by: jetz --- casbin/synced_enforcer.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/casbin/synced_enforcer.py b/casbin/synced_enforcer.py index 61130128..5f408766 100644 --- a/casbin/synced_enforcer.py +++ b/casbin/synced_enforcer.py @@ -49,6 +49,7 @@ def start_auto_load_policy(self, interval): return self._auto_loading.value = True self._auto_loading_thread = threading.Thread(target=self._auto_load_policy, args=[interval], daemon=True) + self._auto_loading_thread.start() def stop_auto_load_policy(self): """stops the thread started by start_auto_load_policy""" @@ -577,4 +578,4 @@ def remove_named_grouping_policies(self,ptype,rules): return self._e.remove_named_grouping_policies(ptype,rules) def build_incremental_role_links(self, op, ptype, rules): - self.get_model().build_incremental_role_links(self.get_role_manager(), op, "g", ptype, rules) \ No newline at end of file + self.get_model().build_incremental_role_links(self.get_role_manager(), op, "g", ptype, rules) From 1fe4cb23e99e3434b5274980b39c3c428f349997 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 7 Jun 2021 15:07:31 +0000 Subject: [PATCH 3/3] chore(release): 1.1.2 [skip ci] ## [1.1.2](https://github.com/casbin/pycasbin/compare/v1.1.1...v1.1.2) (2021-06-07) ### Bug Fixes * start auto loading policy for SyncedEnforcer ([4724f7a](https://github.com/casbin/pycasbin/commit/4724f7a2c137ba5357634aee1eebc1b1c28959f9)) --- CHANGELOG.md | 7 +++++++ setup.cfg | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2288f3ea..efba723c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Semantic Versioning Changelog +## [1.1.2](https://github.com/casbin/pycasbin/compare/v1.1.1...v1.1.2) (2021-06-07) + + +### Bug Fixes + +* start auto loading policy for SyncedEnforcer ([4724f7a](https://github.com/casbin/pycasbin/commit/4724f7a2c137ba5357634aee1eebc1b1c28959f9)) + ## [1.1.1](https://github.com/casbin/pycasbin/compare/v1.1.0...v1.1.1) (2021-05-24) diff --git a/setup.cfg b/setup.cfg index 7dbb9bb8..f0295041 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,3 +1,3 @@ [metadata] -version = 1.1.1 +version = 1.1.2