Codecov Report

Merging #121 into master will increase coverage by 0.03%.
The diff coverage is 92.10%.

@@            Coverage Diff             @@
##           master     #121      +/-   ##
==========================================
+ Coverage   87.20%   87.23%   +0.03%     
==========================================
  Files          19       19              
  Lines        2961     2992      +31     
==========================================
+ Hits         2582     2610      +28     
- Misses        379      382       +3     

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 222c27d...d3207c5. Read the comment docs.

@GopherJ very good work! Actually it inspires me about a better grammar:

model:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub_rule, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = eval(p.sub_rule) && r.obj == p.obj && r.act == p.act

policy:

p, any(r.sub.age > 18), /data1, read

I made this change because Any(r.sub.age > 18) is rule instead of subject itself. eval() is a built-in function that evaluates a boolean expression into a boolean. The user needs to make sure any(r.sub.age > 18) is a valid expression for Casbin matcher.

@hsluoyz I love the new grammar because Any is just what I used to test and avoid conflicts ~~ sub_rule is a good design which refers to an ABAC rule.

So just to think about implementation:

we should check if matcher has eval(*) right? If yes, we replace it by the inside variable's value and add a () to avoid && || priority problem.

I think your implementation is simple and correct. Thumbs up!

ok thanks!

lgtm

As next step, we can:

1. Sync this feature to Golang' Casbin and solve this issue: Scaling ABAC Rules casbin#354
2. Add it to ABAC docs: https://casbin.org/docs/en/abac