diff --git a/casbin/enforcer_synced.cpp b/casbin/enforcer_synced.cpp index 44560353..88dffaa6 100644 --- a/casbin/enforcer_synced.cpp +++ b/casbin/enforcer_synced.cpp @@ -1,518 +1,568 @@ /* - * Copyright 2020 The casbin Authors. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +* Copyright 2020 The casbin Authors. All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ #include "casbin/pch.h" -#ifndef ENFORCER_SYNCED_CPP -#define ENFORCER_SYNCED_CPP - -#include -#include -#include - +@@ -26,67 +26,67 @@ #include "casbin/enforcer_synced.h" #include "casbin/persist/watcher.h" #include "casbin/util/ticker.h" -namespace casbin { - -/** - * Enforcer is the default constructor. - */ -SyncedEnforcer ::SyncedEnforcer() - : autoLoadRunning(false) {} - -/** - * Enforcer initializes an enforcer with a model file and a policy file. - * - * @param model_path the path of the model file. - * @param policyFile the path of the policy file. - */ -SyncedEnforcer ::SyncedEnforcer(const std::string& model_path, const std::string& policy_file) - : Enforcer(model_path, policy_file), autoLoadRunning(false) {} - -/** - * Enforcer initializes an enforcer with a database adapter. - * - * @param model_path the path of the model file. - * @param adapter the adapter. - */ -SyncedEnforcer ::SyncedEnforcer(const std::string& model_path, std::shared_ptr adapter) - : Enforcer(model_path, adapter), autoLoadRunning(false) {} - -/** - * Enforcer initializes an enforcer with a model and a database adapter. - * - * @param m the model. - * @param adapter the adapter. - */ -SyncedEnforcer ::SyncedEnforcer(const std::shared_ptr& m, std::shared_ptr adapter) - : Enforcer(m, adapter), autoLoadRunning(false) {} - -/** - * Enforcer initializes an enforcer with a model. - * - * @param m the model. - */ -SyncedEnforcer ::SyncedEnforcer(const std::shared_ptr& m) - : Enforcer(m), autoLoadRunning(false) {} - -/** - * Enforcer initializes an enforcer with a model file. - * - * @param model_path the path of the model file. - */ -SyncedEnforcer ::SyncedEnforcer(const std::string& model_path) - : Enforcer(model_path), autoLoadRunning(false) {} - -/** - * Enforcer initializes an enforcer with a model file, a policy file and an enable log flag. - * - * @param model_path the path of the model file. - * @param policyFile the path of the policy file. - * @param enableLog whether to enable Casbin's log. - */ -SyncedEnforcer ::SyncedEnforcer(const std::string& model_path, const std::string& policy_file, bool enable_log) - : Enforcer(model_path, policy_file, enable_log), autoLoadRunning(false) {} - -// SyncedEnforcer::SyncedEnforcer(const SyncedEnforcer& ce) -// : Enforcer(ce), autoLoadRunning(ce.autoLoadRunning) -// {} - -// SyncedEnforcer::SyncedEnforcer(SyncedEnforcer&& ce) -// : Enforcer(ce), autoLoadRunning(ce->autoLoadRunning) + namespace casbin { + + /** +* Enforcer is the default constructor. + */ + SyncedEnforcer ::SyncedEnforcer() + : autoLoadRunning(false) {} + + /** +* Enforcer initializes an enforcer with a model file and a policy file. +* +* @param model_path the path of the model file. +* @param policyFile the path of the policy file. + */ + SyncedEnforcer ::SyncedEnforcer(const std::string& model_path, const std::string& policy_file) + : Enforcer(model_path, policy_file), autoLoadRunning(false) {} + + /** +* Enforcer initializes an enforcer with a database adapter. +* +* @param model_path the path of the model file. +* @param adapter the adapter. + */ + SyncedEnforcer ::SyncedEnforcer(const std::string& model_path, std::shared_ptr adapter) + : Enforcer(model_path, adapter), autoLoadRunning(false) {} + + /** +* Enforcer initializes an enforcer with a model and a database adapter. +* +* @param m the model. +* @param adapter the adapter. + */ + SyncedEnforcer ::SyncedEnforcer(const std::shared_ptr& m, std::shared_ptr adapter) + : Enforcer(m, adapter), autoLoadRunning(false) {} + + /** +* Enforcer initializes an enforcer with a model. +* +* @param m the model. + */ + SyncedEnforcer ::SyncedEnforcer(const std::shared_ptr& m) + : Enforcer(m), autoLoadRunning(false) {} + + /** +* Enforcer initializes an enforcer with a model file. +* +* @param model_path the path of the model file. + */ + SyncedEnforcer ::SyncedEnforcer(const std::string& model_path) + : Enforcer(model_path), autoLoadRunning(false) {} + + /** +* Enforcer initializes an enforcer with a model file, a policy file and an enable log flag. +* +* @param model_path the path of the model file. +* @param policyFile the path of the policy file. +* @param enableLog whether to enable Casbin's log. + */ + SyncedEnforcer ::SyncedEnforcer(const std::string& model_path, const std::string& policy_file, bool enable_log) + : Enforcer(model_path, policy_file, enable_log), autoLoadRunning(false) {} + + // SyncedEnforcer::SyncedEnforcer(const SyncedEnforcer& ce) + // : Enforcer(ce), autoLoadRunning(ce.autoLoadRunning) + @@ -97,69 +97,69 @@ SyncedEnforcer ::SyncedEnforcer(const std::string& model_path, const std::string // {} void SyncedEnforcer ::LoadPolicyWrapper() { - Enforcer::LoadPolicy(); - ++n; + Enforcer::LoadPolicy(); + ++n; } // StartAutoLoadPolicy starts a thread that will go through every specified duration call LoadPolicy void SyncedEnforcer ::StartAutoLoadPolicy(std::chrono::duration t) { - if (IsAutoLoadingRunning()) - return; - autoLoadRunning = true; - Ticker::on_tick_t onTick = [this]() { - SyncedEnforcer::LoadPolicy(); - ++n; - }; - ticker = std::make_unique(onTick, t); - n = 1; - ticker->start(); + if (IsAutoLoadingRunning()) + return; + autoLoadRunning = true; + Ticker::on_tick_t onTick = [this]() { + SyncedEnforcer::LoadPolicy(); + ++n; + }; + ticker = std::make_unique(onTick, t); + n = 1; + ticker->start(); } // IsAutoLoadingRunning check if SyncedEnforcer is auto loading policies bool SyncedEnforcer ::IsAutoLoadingRunning() { - return autoLoadRunning; + return autoLoadRunning; } // StopAutoLoadPolicy causes the thread to exit void SyncedEnforcer ::StopAutoLoadPolicy() { - ticker->stop(); - autoLoadRunning = false; + ticker->stop(); + autoLoadRunning = false; } std::string SyncedEnforcer ::UpdateWrapper() { - LoadPolicy(); - return ""; + LoadPolicy(); + return ""; } // SetWatcher sets the current watcher. void SyncedEnforcer ::SetWatcher(std::shared_ptr w) { - watcher = w; - return watcher->SetUpdateCallback(&SyncedEnforcer::UpdateWrapper); + watcher = w; + return watcher->SetUpdateCallback(&SyncedEnforcer::UpdateWrapper); } // LoadModel reloads the model from the model CONF file. void SyncedEnforcer ::LoadModel() { - std::unique_lock lock(policyMutex); - Enforcer::LoadModel(); + std::unique_lock lock(policyMutex); + Enforcer::LoadModel(); } // ClearPolicy clears all policy. void SyncedEnforcer ::ClearPolicy() { - std::unique_lock lock(policyMutex); - Enforcer::ClearPolicy(); + std::unique_lock lock(policyMutex); + Enforcer::ClearPolicy(); } // LoadPolicy reloads the policy from file/database. void SyncedEnforcer ::LoadPolicy() { - std::unique_lock lock(policyMutex); - Enforcer::LoadPolicy(); + std::unique_lock lock(policyMutex); + Enforcer::LoadPolicy(); } // LoadFilteredPolicy reloads a filtered policy from file/database. template void SyncedEnforcer ::LoadFilteredPolicy(Filter f) { - std::unique_lock lock(policyMutex); - Enforcer::LoadFilteredPolicy(f); + std::unique_lock lock(policyMutex); + Enforcer::LoadFilteredPolicy(f); } // LoadIncrementalFilteredPolicy reloads a filtered policy from file/database. -// void SyncedEnforcer ::LoadIncrementalFilteredPolicy(Filter f) { -// std::lock_guard lock(policyMutex); -// Enforcer::LoadIncrementalFilteredPolicy(f); -// } - -// SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database. -void SyncedEnforcer ::SavePolicy() { - std::unique_lock lock(policyMutex); - Enforcer::SavePolicy(); -} - -// BuildRoleLinks manually rebuild the role inheritance relations. -void SyncedEnforcer ::BuildRoleLinks() { - std::unique_lock lock(policyMutex); - Enforcer::BuildRoleLinks(); -} - -// Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). -bool SyncedEnforcer ::Enforce(std::shared_ptr evalator) { - std::unique_lock lock(policyMutex); - return Enforcer::Enforce(evalator); -} - -// Enforce with a vector param,decides whether a "subject" can access a -// "object" with the operation "action", input parameters are usually: (sub, -// obj, act). -bool SyncedEnforcer::Enforce(const DataVector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::Enforce(params); -} - -// Enforce with a vector param,decides whether a "subject" can access a -// "object" with the operation "action", input parameters are usually: (sub, -// obj, act). -bool SyncedEnforcer ::Enforce(const DataList& params) { - std::unique_lock lock(policyMutex); - return Enforcer::Enforce(params); -} - -// Enforce with a map param,decides whether a "subject" can access a "object" -// with the operation "action", input parameters are usually: (sub, obj, act). -bool SyncedEnforcer ::Enforce(const DataMap& params) { - std::unique_lock lock(policyMutex); - return Enforcer::Enforce(params); -} - -// BatchEnforce enforce in batches -std::vector SyncedEnforcer ::BatchEnforce(const std::initializer_list& requests) { - std::unique_lock lock(policyMutex); - - // note: why not return Enforcer::BatchEnforce(requests) ? - // Inside Enforcer::BatchEnforce, this->Enforce will be executed - // but now 'this' is SyncedEnforcer, which means it will call SyncedEnforcer::Enforce - // This will cause a deadlock - - std::vector results; - results.reserve(requests.size()); - for (const auto& request : requests) { - results.push_back(Enforcer::Enforce(request)); - } - return results; -} - -// BatchEnforceWithMatcher enforce with matcher in batches -std::vector SyncedEnforcer::BatchEnforceWithMatcher(const std::string& matcher, const std::initializer_list& requests) { - std::unique_lock lock(policyMutex); - std::vector results; - results.reserve(requests.size()); - for (const auto& request : requests) { - results.push_back(Enforcer::EnforceWithMatcher(matcher, request)); - } - return results; -} - -// GetAllSubjects gets the list of subjects that show up in the current policy. -std::vector SyncedEnforcer ::GetAllSubjects() { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllSubjects(); -} - -// GetAllNamedSubjects gets the list of subjects that show up in the current named policy. -std::vector SyncedEnforcer ::GetAllNamedSubjects(const std::string& ptype) { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllNamedSubjects(ptype); -} - -// GetAllObjects gets the list of objects that show up in the current policy. -std::vector SyncedEnforcer ::GetAllObjects() { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllObjects(); -} - -// GetAllNamedObjects gets the list of objects that show up in the current named policy. -std::vector SyncedEnforcer ::GetAllNamedObjects(const std::string& ptype) { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllNamedObjects(ptype); -} - -// GetAllNamedActions gets the list of actions that show up in the current named policy. -std::vector SyncedEnforcer ::GetAllNamedActions(const std::string& ptype) { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllNamedActions(ptype); -} - -// GetAllRoles gets the list of roles that show up in the current policy. -std::vector SyncedEnforcer ::GetAllRoles() { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllRoles(); -} - -// GetAllNamedRoles gets the list of roles that show up in the current named policy. -std::vector SyncedEnforcer ::GetAllNamedRoles(const std::string& ptype) { - std::shared_lock lock(policyMutex); - return Enforcer::GetAllNamedRoles(ptype); -} - -// GetPolicy gets all the authorization rules in the policy. -PoliciesValues SyncedEnforcer ::GetPolicy() { - std::shared_lock lock(policyMutex); - return Enforcer::GetPolicy(); -} - -// GetNamedPolicy gets all the authorization rules in the name:x::d policy. -PoliciesValues SyncedEnforcer ::GetNamedPolicy(const std::string& ptype) { - std::shared_lock lock(policyMutex); - return Enforcer::GetNamedPolicy(ptype); -} - -// GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified. -PoliciesValues SyncedEnforcer ::GetFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) { - std::shared_lock lock(policyMutex); - return Enforcer::GetFilteredNamedPolicy(ptype, fieldIndex, fieldValues); -} - -// GetGroupingPolicy gets all the role inheritance rules in the policy. -PoliciesValues SyncedEnforcer ::GetGroupingPolicy() { - std::shared_lock lock(policyMutex); - return Enforcer::GetGroupingPolicy(); -} - -// GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. -PoliciesValues SyncedEnforcer ::GetFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) { - std::shared_lock lock(policyMutex); - return Enforcer::GetFilteredGroupingPolicy(fieldIndex, fieldValues); -} - -// GetNamedGroupingPolicy gets all the role inheritance rules in the policy. -PoliciesValues SyncedEnforcer ::GetNamedGroupingPolicy(const std::string& ptype) { - std::shared_lock lock(policyMutex); - return Enforcer::GetNamedGroupingPolicy(ptype); -} - -// GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. -PoliciesValues SyncedEnforcer ::GetFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) { - std::shared_lock lock(policyMutex); - return Enforcer::GetFilteredNamedGroupingPolicy(ptype, fieldIndex, fieldValues); -} - -// HasPolicy determines whether an authorization rule exists. -bool SyncedEnforcer ::HasPolicy(const std::vector& params) { - std::shared_lock lock(policyMutex); - return Enforcer::HasPolicy(params); -} - -// HasNamedPolicy determines whether a named authorization rule exists. -bool SyncedEnforcer ::HasNamedPolicy(const std::string& ptype, const std::vector& params) { - std::shared_lock lock(policyMutex); - return Enforcer::HasNamedPolicy(ptype, params); -} - -// AddPolicy adds an authorization rule to the current policy. -// If the rule already exists, the function returns false and the rule will not be added. -// Otherwise the function returns true by adding the new rule. -bool SyncedEnforcer ::AddPolicy(const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::AddPolicy(params); -} - -// AddPolicies adds authorization rules to the current policy. -// If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. -// Otherwise the function returns true for the corresponding rule by adding the new rule. -bool SyncedEnforcer ::AddPolicies(const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::AddPolicies(rules); -} - -// AddNamedPolicy adds an authorization rule to the current named policy. -// If the rule already exists, the function returns false and the rule will not be added. -// Otherwise the function returns true by adding the new rule. -bool SyncedEnforcer ::AddNamedPolicy(const std::string& ptype, const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::AddNamedPolicy(ptype, params); -} - -// AddNamedPolicies adds authorization rules to the current named policy. -// If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. -// Otherwise the function returns true for the corresponding by adding the new rule. -bool SyncedEnforcer ::AddNamedPolicies(const std::string& ptype, const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::AddNamedPolicies(ptype, rules); -} - -// RemovePolicy removes an authorization rule from the current policy. -bool SyncedEnforcer ::RemovePolicy(const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::RemovePolicy(params); -} - -// UpdatePolicy updates an authorization rule from the current policy. -bool SyncedEnforcer ::UpdatePolicy(const std::vector& oldPolicy, const std::vector& newPolicy) { - std::unique_lock lock(policyMutex); - return Enforcer::UpdatePolicy(oldPolicy, newPolicy); -} - -bool SyncedEnforcer ::UpdateNamedPolicy(const std::string& ptype, const std::vector& p1, const std::vector& p2) { - std::unique_lock lock(policyMutex); - return Enforcer::UpdateNamedPolicy(ptype, p1, p2); -} - -// UpdatePolicies updates authorization rules from the current policies. -bool SyncedEnforcer ::UpdatePolicies(const PoliciesValues& oldPolices, const PoliciesValues& newPolicies) { - std::unique_lock lock(policyMutex); - return Enforcer::UpdatePolicies(oldPolices, newPolicies); -} - -bool SyncedEnforcer ::UpdateNamedPolicies(const std::string& ptype, const PoliciesValues& p1, const PoliciesValues& p2) { - std::unique_lock lock(policyMutex); - return Enforcer::UpdateNamedPolicies(ptype, p1, p2); -} - -// RemovePolicies removes authorization rules from the current policy. -bool SyncedEnforcer ::RemovePolicies(const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::RemovePolicies(rules); -} - -// RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. -bool SyncedEnforcer ::RemoveFilteredPolicy(int fieldIndex, const std::vector& fieldValues) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveFilteredPolicy(fieldIndex, fieldValues); -} - -// RemoveNamedPolicy removes an authorization rule from the current named policy. -bool SyncedEnforcer ::RemoveNamedPolicy(const std::string& ptype, const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveNamedPolicy(ptype, params); -} - -// RemoveNamedPolicies removes authorization rules from the current named policy. -bool SyncedEnforcer ::RemoveNamedPolicies(const std::string& ptype, const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveNamedPolicies(ptype, rules); -} - -// RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified. -bool SyncedEnforcer ::RemoveFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveFilteredNamedPolicy(ptype, fieldIndex, fieldValues); -} - -// HasGroupingPolicy determines whether a role inheritance rule exists. -bool SyncedEnforcer ::HasGroupingPolicy(const std::vector& params) { - std::shared_lock lock(policyMutex); - return Enforcer::HasGroupingPolicy(params); -} - -// HasNamedGroupingPolicy determines whether a named role inheritance rule exists. -bool SyncedEnforcer ::HasNamedGroupingPolicy(const std::string& ptype, const std::vector& params) { - std::shared_lock lock(policyMutex); - return Enforcer::HasNamedGroupingPolicy(ptype, params); -} - -// AddGroupingPolicy adds a role inheritance rule to the current policy. -// If the rule already exists, the function returns false and the rule will not be added. -// Otherwise the function returns true by adding the new rule. -bool SyncedEnforcer ::AddGroupingPolicy(const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::AddGroupingPolicy(params); -} - -// AddGroupingPolicies adds role inheritance rulea to the current policy. -// If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. -// Otherwise the function returns true for the corresponding policy rule by adding the new rule. -bool SyncedEnforcer ::AddGroupingPolicies(const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::AddGroupingPolicies(rules); -} - -// AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. -// If the rule already exists, the function returns false and the rule will not be added. -// Otherwise the function returns true by adding the new rule. -bool SyncedEnforcer ::AddNamedGroupingPolicy(const std::string& ptype, const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::AddNamedGroupingPolicy(ptype, params); -} - -// AddNamedGroupingPolicies adds named role inheritance rules to the current policy. -// If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. -// Otherwise the function returns true for the corresponding policy rule by adding the new rule. -bool SyncedEnforcer ::AddNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::AddNamedGroupingPolicies(ptype, rules); -} - -// RemoveGroupingPolicy removes a role inheritance rule from the current policy. -bool SyncedEnforcer ::RemoveGroupingPolicy(const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveGroupingPolicy(params); -} - -// RemoveGroupingPolicies removes role inheritance rules from the current policy. -bool SyncedEnforcer ::RemoveGroupingPolicies(const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveGroupingPolicies(rules); -} - -// RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified. -bool SyncedEnforcer ::RemoveFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveFilteredGroupingPolicy(fieldIndex, fieldValues); -} - -// RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy. -bool SyncedEnforcer ::RemoveNamedGroupingPolicy(const std::string& ptype, const std::vector& params) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveNamedGroupingPolicy(ptype, params); -} - -// RemoveNamedGroupingPolicies removes role inheritance rules from the current named policy. -bool SyncedEnforcer ::RemoveNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveNamedGroupingPolicies(ptype, rules); -} - -bool SyncedEnforcer ::UpdateGroupingPolicy(const std::vector& oldRule, const std::vector& newRule) { - std::unique_lock lock(policyMutex); - return Enforcer::UpdateGroupingPolicy(oldRule, newRule); -} - -bool SyncedEnforcer ::UpdateNamedGroupingPolicy(const std::string& ptype, const std::vector& oldRule, const std::vector& newRule) { - std::unique_lock lock(policyMutex); - return Enforcer::UpdateNamedGroupingPolicy(ptype, oldRule, newRule); -} - -// RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified. -bool SyncedEnforcer ::RemoveFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) { - std::unique_lock lock(policyMutex); - return Enforcer::RemoveFilteredNamedGroupingPolicy(ptype, fieldIndex, fieldValues); -} + @@ -170,349 +170,410 @@ void SyncedEnforcer ::LoadFilteredPolicy(Filter f) { + + // SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database. + void SyncedEnforcer ::SavePolicy() { + std::unique_lock lock(policyMutex); + Enforcer::SavePolicy(); + } + + // BuildRoleLinks manually rebuild the role inheritance relations. + void SyncedEnforcer ::BuildRoleLinks() { + std::unique_lock lock(policyMutex); + Enforcer::BuildRoleLinks(); + } + + // Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). + bool SyncedEnforcer ::Enforce(std::shared_ptr evalator) { + std::unique_lock lock(policyMutex); + return Enforcer::Enforce(evalator); + } + + // Enforce with a vector param,decides whether a "subject" can access a + // "object" with the operation "action", input parameters are usually: (sub, + // obj, act). + bool SyncedEnforcer::Enforce(const DataVector& params) { + std::unique_lock lock(policyMutex); + return Enforcer::Enforce(params); + } + + // Enforce with a vector param,decides whether a "subject" can access a + // "object" with the operation "action", input parameters are usually: (sub, + // obj, act). + bool SyncedEnforcer ::Enforce(const DataList& params) { + std::unique_lock lock(policyMutex); + return Enforcer::Enforce(params); + } + + // Enforce with a map param,decides whether a "subject" can access a "object" + // with the operation "action", input parameters are usually: (sub, obj, act). + bool SyncedEnforcer ::Enforce(const DataMap& params) { + std::unique_lock lock(policyMutex); + return Enforcer::Enforce(params); + } + + // BatchEnforce enforce in batches + std::vector SyncedEnforcer ::BatchEnforce(const std::initializer_list& requests) { + std::unique_lock lock(policyMutex); + + // note: why not return Enforcer::BatchEnforce(requests) ? + // Inside Enforcer::BatchEnforce, this->Enforce will be executed + // but now 'this' is SyncedEnforcer, which means it will call SyncedEnforcer::Enforce + // This will cause a deadlock + + std::vector results; + results.reserve(requests.size()); + for (const auto& request : requests) { + results.push_back(Enforcer::Enforce(request)); + } + return results; + } + + // BatchEnforceWithMatcher enforce with matcher in batches + std::vector SyncedEnforcer::BatchEnforceWithMatcher(const std::string& matcher, const std::initializer_list& requests) { + std::unique_lock lock(policyMutex); + std::vector results; + results.reserve(requests.size()); + for (const auto& request : requests) { + results.push_back(Enforcer::EnforceWithMatcher(matcher, request)); + } + return results; + } + + // GetAllSubjects gets the list of subjects that show up in the current policy. + std::vector SyncedEnforcer ::GetAllSubjects() { + std::shared_lock lock(policyMutex); + return Enforcer::GetAllSubjects(); + } + + // GetAllNamedSubjects gets the list of subjects that show up in the current named policy. + std::vector SyncedEnforcer ::GetAllNamedSubjects(const std::string& ptype) { + std::shared_lock lock(policyMutex); + return Enforcer::GetAllNamedSubjects(ptype); + } + + // GetAllObjects gets the list of objects that show up in the current policy. + std::vector SyncedEnforcer ::GetAllObjects() { + std::shared_lock lock(policyMutex); + return Enforcer::GetAllObjects(); + } + + // GetAllNamedObjects gets the list of objects that show up in the current named policy. + std::vector SyncedEnforcer ::GetAllNamedObjects(const std::string& ptype) { + std::shared_lock lock(policyMutex); + return Enforcer::GetAllNamedObjects(ptype); + } + + // GetAllNamedActions gets the list of actions that show up in the current named policy. + std::vector SyncedEnforcer ::GetAllNamedActions(const std::string& ptype) { + std::shared_lock lock(policyMutex); + return Enforcer::GetAllNamedActions(ptype); + } + + // GetAllRoles gets the list of roles that show up in the current policy. + std::vector SyncedEnforcer ::GetAllRoles() { + std::shared_lock lock(policyMutex); + return Enforcer::GetAllRoles(); + } + + // GetAllNamedRoles gets the list of roles that show up in the current named policy. + std::vector SyncedEnforcer ::GetAllNamedRoles(const std::string& ptype) { + std::shared_lock lock(policyMutex); + return Enforcer::GetAllNamedRoles(ptype); + } + + // GetPolicy gets all the authorization rules in the policy. + PoliciesValues SyncedEnforcer ::GetPolicy() { + std::shared_lock lock(policyMutex); + return Enforcer::GetPolicy(); + } + + // GetNamedPolicy gets all the authorization rules in the name:x::d policy. + PoliciesValues SyncedEnforcer ::GetNamedPolicy(const std::string& ptype) { + std::shared_lock lock(policyMutex); + return Enforcer::GetNamedPolicy(ptype); + } + + // GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified. + PoliciesValues SyncedEnforcer ::GetFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) { + std::shared_lock lock(policyMutex); + return Enforcer::GetFilteredNamedPolicy(ptype, fieldIndex, fieldValues); + } + + // GetGroupingPolicy gets all the role inheritance rules in the policy. + PoliciesValues SyncedEnforcer ::GetGroupingPolicy() { + std::shared_lock lock(policyMutex); + return Enforcer::GetGroupingPolicy(); + } + + // GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. + PoliciesValues SyncedEnforcer ::GetFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) { + std::shared_lock lock(policyMutex); + return Enforcer::GetFilteredGroupingPolicy(fieldIndex, fieldValues); + } + + // GetNamedGroupingPolicy gets all the role inheritance rules in the policy. + PoliciesValues SyncedEnforcer ::GetNamedGroupingPolicy(const std::string& ptype) { + std::shared_lock lock(policyMutex); + return Enforcer::GetNamedGroupingPolicy(ptype); + } + + // GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. + PoliciesValues SyncedEnforcer ::GetFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) { + std::shared_lock lock(policyMutex); + return Enforcer::GetFilteredNamedGroupingPolicy(ptype, fieldIndex, fieldValues); + } + + // HasPolicy determines whether an authorization rule exists. + bool SyncedEnforcer ::HasPolicy(const std::vector& params) { + std::shared_lock lock(policyMutex); + return Enforcer::HasPolicy(params); + } + + // HasNamedPolicy determines whether a named authorization rule exists. + bool SyncedEnforcer ::HasNamedPolicy(const std::string& ptype, const std::vector& params) { + std::shared_lock lock(policyMutex); + return Enforcer::HasNamedPolicy(ptype, params); + } + + // AddPolicy adds an authorization rule to the current policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool SyncedEnforcer ::AddPolicy(const std::vector& params) { + std::unique_lock lock(policyMutex); + return Enforcer::AddPolicy(params); + } + + // AddPolicies adds authorization rules to the current policy. + // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. + // Otherwise the function returns true for the corresponding rule by adding the new rule. + bool SyncedEnforcer ::AddPolicies(const PoliciesValues& rules) { + std::unique_lock lock(policyMutex); + return Enforcer::AddPolicies(rules); + } + + // AddNamedPolicy adds an authorization rule to the current named policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool SyncedEnforcer ::AddNamedPolicy(const std::string& ptype, const std::vector& params) { + std::unique_lock lock(policyMutex); + return Enforcer::AddNamedPolicy(ptype, params); + } + + // AddNamedPolicies adds authorization rules to the current named policy. + // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. + // Otherwise the function returns true for the corresponding by adding the new rule. + bool SyncedEnforcer ::AddNamedPolicies(const std::string& ptype, const PoliciesValues& rules) { + std::unique_lock lock(policyMutex); + return Enforcer::AddNamedPolicies(ptype, rules); + } + + // RemovePolicy removes an authorization rule from the current policy. + bool SyncedEnforcer ::RemovePolicy(const std::vector& params) { + std::unique_lock lock(policyMutex); + return Enforcer::RemovePolicy(params); + } + + // UpdatePolicy updates an authorization rule from the current policy. + bool SyncedEnforcer ::UpdatePolicy(const std::vector& oldPolicy, const std::vector& newPolicy) { + std::unique_lock lock(policyMutex); + return Enforcer::UpdatePolicy(oldPolicy, newPolicy); + } + + bool SyncedEnforcer ::UpdateNamedPolicy(const std::string& ptype, const std::vector& p1, const std::vector& p2) { + std::unique_lock lock(policyMutex); + return Enforcer::UpdateNamedPolicy(ptype, p1, p2); + } + + // UpdatePolicies updates authorization rules from the current policies. + bool SyncedEnforcer ::UpdatePolicies(const PoliciesValues& oldPolices, const PoliciesValues& newPolicies) { + std::unique_lock lock(policyMutex); + return Enforcer::UpdatePolicies(oldPolices, newPolicies); + } + + bool SyncedEnforcer ::UpdateNamedPolicies(const std::string& ptype, const PoliciesValues& p1, const PoliciesValues& p2) { + std::unique_lock lock(policyMutex); + return Enforcer::UpdateNamedPolicies(ptype, p1, p2); + } + + // RemovePolicies removes authorization rules from the current policy. + bool SyncedEnforcer ::RemovePolicies(const PoliciesValues& rules) { + std::unique_lock lock(policyMutex); + return Enforcer::RemovePolicies(rules); + } + + // RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. + bool SyncedEnforcer ::RemoveFilteredPolicy(int fieldIndex, const std::vector& fieldValues) { + std::unique_lock lock(policyMutex); + return Enforcer::RemoveFilteredPolicy(fieldIndex, fieldValues); + } + + // RemoveNamedPolicy removes an authorization rule from the current named policy. + bool SyncedEnforcer ::RemoveNamedPolicy(const std::string& ptype, const std::vector& params) { + std::unique_lock lock(policyMutex); + return Enforcer::RemoveNamedPolicy(ptype, params); + } + + // RemoveNamedPolicies removes authorization rules from the current named policy. + bool SyncedEnforcer ::RemoveNamedPolicies(const std::string& ptype, const PoliciesValues& rules) { + std::unique_lock lock(policyMutex); + return Enforcer::RemoveNamedPolicies(ptype, rules); + } + + // RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified. + bool SyncedEnforcer ::RemoveFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) { + std::unique_lock lock(policyMutex); + return Enforcer::RemoveFilteredNamedPolicy(ptype, fieldIndex, fieldValues); + } + + // HasGroupingPolicy determines whether a role inheritance rule exists. + bool SyncedEnforcer ::HasGroupingPolicy(const std::vector& params) { + std::shared_lock lock(policyMutex); + return Enforcer::HasGroupingPolicy(params); + } + + // HasNamedGroupingPolicy determines whether a named role inheritance rule exists. + bool SyncedEnforcer ::HasNamedGroupingPolicy(const std::string& ptype, const std::vector& params) { + std::shared_lock lock(policyMutex); + return Enforcer::HasNamedGroupingPolicy(ptype, params); + } + + // AddGroupingPolicy adds a role inheritance rule to the current policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool SyncedEnforcer ::AddGroupingPolicy(const std::vector& params) { + std::unique_lock lock(policyMutex); + return Enforcer::AddGroupingPolicy(params); + } + + // AddGroupingPolicies adds role inheritance rulea to the current policy. + // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. + // Otherwise the function returns true for the corresponding policy rule by adding the new rule. + bool SyncedEnforcer ::AddGroupingPolicies(const PoliciesValues& rules) { + std::unique_lock lock(policyMutex); + return Enforcer::AddGroupingPolicies(rules); + } + + // AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool SyncedEnforcer ::AddNamedGroupingPolicy(const std::string& ptype, const std::vector& params) { + std::unique_lock lock(policyMutex); + return Enforcer::AddNamedGroupingPolicy(ptype, params); + } + + // AddNamedGroupingPolicies adds named role inheritance rules to the current policy. + // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. + // Otherwise the function returns true for the corresponding policy rule by adding the new rule. + bool SyncedEnforcer ::AddNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) { + std::unique_lock lock(policyMutex); + return Enforcer::AddNamedGroupingPolicies(ptype, rules); + } + + // RemoveGroupingPolicy removes a role inheritance rule from the current policy. + bool SyncedEnforcer ::RemoveGroupingPolicy(const std::vector& params) { + std::unique_lock lock(policyMutex); + return Enforcer::RemoveGroupingPolicy(params); + } + + // RemoveGroupingPolicies removes role inheritance rules from the current policy. + bool SyncedEnforcer ::RemoveGroupingPolicies(const PoliciesValues& rules) { + std::unique_lock lock(policyMutex); + return Enforcer::RemoveGroupingPolicies(rules); + } + + // RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified. + bool SyncedEnforcer ::RemoveFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) { + std::unique_lock lock(policyMutex); + return Enforcer::RemoveFilteredGroupingPolicy(fieldIndex, fieldValues); + } + + // RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy. + bool SyncedEnforcer ::RemoveNamedGroupingPolicy(const std::string& ptype, const std::vector& params) { + std::unique_lock lock(policyMutex); + return Enforcer::RemoveNamedGroupingPolicy(ptype, params); + } + + // RemoveNamedGroupingPolicies removes role inheritance rules from the current named policy. + bool SyncedEnforcer ::RemoveNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) { + std::unique_lock lock(policyMutex); + return Enforcer::RemoveNamedGroupingPolicies(ptype, rules); + } + + bool SyncedEnforcer ::UpdateGroupingPolicy(const std::vector& oldRule, const std::vector& newRule) { + std::unique_lock lock(policyMutex); + return Enforcer::UpdateGroupingPolicy(oldRule, newRule); + } + + bool SyncedEnforcer ::UpdateNamedGroupingPolicy(const std::string& ptype, const std::vector& oldRule, const std::vector& newRule) { + std::unique_lock lock(policyMutex); + return Enforcer::UpdateNamedGroupingPolicy(ptype, oldRule, newRule); + } + + // RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified. + bool SyncedEnforcer ::RemoveFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) { + std::unique_lock lock(policyMutex); + return Enforcer::RemoveFilteredNamedGroupingPolicy(ptype, fieldIndex, fieldValues); + } + + // GetAllActions gets the list of actions that show up in the current policy. + std::vector SyncedEnforcer::GetAllActions() { + std::unique_lock lock(policyMutex); + return Enforcer::GetAllActions(); + } + // GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified. + PoliciesValues SyncedEnforcer::GetFilteredPolicy(int fieldIndex, std::vector fieldValues) { + std::unique_lock lock(policyMutex); + return Enforcer::GetFilteredPolicy(fieldIndex, fieldValues); + } + // EnforceExWithMatcher use a custom matcher and explain enforcement by informing matched rules. + bool SyncedEnforcer::SyncedEnforceExWithMatcher(const std::string& matcher, std::shared_ptr evalator, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceExWithMatcher(matcher, evalator, explain); + } + bool SyncedEnforcer::SyncedEnforceExWithMatcher(const std::string& matcher, const DataList& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceExWithMatcher(matcher, params, explain); + } + bool SyncedEnforcer::SyncedEnforceExWithMatcher(const std::string& matcher, const DataVector& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceExWithMatcher(matcher, params, explain); + } + bool SyncedEnforcer::SyncedEnforceExWithMatcher(const std::string& matcher, const DataMap& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceExWithMatcher(matcher, params, explain); + } + // EnforceEx explain enforcement by informing matched rules. + bool SyncedEnforcer::SyncedEnforceEx(std::shared_ptr evalator, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceEx(evalator, explain); + } + bool SyncedEnforcer::SyncedEnforceEx(const DataList& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceEx(params, explain); + } + bool SyncedEnforcer::SyncedEnforceEx(const DataVector& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceEx(params, explain); + } + bool SyncedEnforcer::SyncedEnforceEx(const DataMap& params, std::vector& explain) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceEx(params, explain); + } + // EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "". + bool SyncedEnforcer::SyncedEnforceWithMatcher(const std::string& matcher, std::shared_ptr evalator) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceWithMatcher(matcher, evalator); + } + bool SyncedEnforcer::SyncedEnforceWithMatcher(const std::string& matcher, const DataList& params) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceWithMatcher(matcher, params); + } + bool SyncedEnforcer::SyncedEnforceWithMatcher(const std::string& matcher, const DataVector& params) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceWithMatcher(matcher, params); + } + bool SyncedEnforcer::SyncedEnforceWithMatcher(const std::string& matcher, const DataMap& params) { + std::unique_lock lock(policyMutex); + return Enforcer::EnforceWithMatcher(matcher, params); + } } // namespace casbin -#endif // ENFORCER_SYNCED_CPP +#endif // ENFORCER_SYNCED_CPP \ No newline at end of file diff --git a/include/casbin/enforcer_synced.h b/include/casbin/enforcer_synced.h index 45103c5f..08b3535a 100644 --- a/include/casbin/enforcer_synced.h +++ b/include/casbin/enforcer_synced.h @@ -1,7 +1,6 @@ -/* - * Copyright 2020 The casbin Authors. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); +* Copyright 2020 The casbin Authors. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * @@ -16,284 +15,311 @@ #ifndef CASBIN_H_ENFORCER_SYNC #define CASBIN_H_ENFORCER_SYNC - -#include -#include -#include -#include - -#include "./enforcer.h" -#include "./persist/watcher.h" -#include "./util/ticker.h" - + @@ -29,271 +29,296 @@ namespace casbin { -class SyncedEnforcer : public Enforcer { - std::shared_mutex policyMutex; - std::atomic_bool autoLoadRunning; - std::atomic_int n; - std::shared_ptr watcher; - std::unique_ptr ticker; + class SyncedEnforcer : public Enforcer { + std::shared_mutex policyMutex; + std::atomic_bool autoLoadRunning; + std::atomic_int n; + std::shared_ptr watcher; + std::unique_ptr ticker; -public: - /** + public: + /** * Enforcer is the default constructor. - */ - SyncedEnforcer(); + */ + SyncedEnforcer(); - /** + /** * Enforcer initializes an enforcer with a model file and a policy file. * * @param model_path the path of the model file. * @param policy_file the path of the policy file. - */ - SyncedEnforcer(const std::string& model_path, const std::string& policy_file); + */ + SyncedEnforcer(const std::string& model_path, const std::string& policy_file); - /** + /** * Enforcer initializes an enforcer with a database adapter. * * @param model_path the path of the model file. * @param adapter the adapter. - */ - SyncedEnforcer(const std::string& model_path, std::shared_ptr adapter); + */ + SyncedEnforcer(const std::string& model_path, std::shared_ptr adapter); - /** + /** * Enforcer initializes an enforcer with a model and a database adapter. * * @param m the model. * @param adapter the adapter. - */ - SyncedEnforcer(const std::shared_ptr& m, std::shared_ptr adapter); + */ + SyncedEnforcer(const std::shared_ptr& m, std::shared_ptr adapter); - /** + /** * Enforcer initializes an enforcer with a model. * * @param m the model. - */ - SyncedEnforcer(const std::shared_ptr& m); + */ + SyncedEnforcer(const std::shared_ptr& m); - /** + /** * Enforcer initializes an enforcer with a model file. * * @param model_path the path of the model file. - */ - SyncedEnforcer(const std::string& model_path); + */ + SyncedEnforcer(const std::string& model_path); - /** + /** * Enforcer initializes an enforcer with a model file, a policy file and an enable log flag. * * @param model_path the path of the model file. * @param policy_file the path of the policy file. * @param enable_log whether to enable Casbin's log. - */ - SyncedEnforcer(const std::string& model_path, const std::string& policy_file, bool enable_log); + */ + SyncedEnforcer(const std::string& model_path, const std::string& policy_file, bool enable_log); + + // StartAutoLoadPolicy starts a thread that will go through every specified duration call LoadPolicy + void StartAutoLoadPolicy(std::chrono::duration t); + + // IsAutoLoadingRunning check if SyncedEnforcer is auto loading policies + bool IsAutoLoadingRunning(); + + // StopAutoLoadPolicy causes the thread to exit + void StopAutoLoadPolicy(); + + std::string UpdateWrapper(); + + // SetWatcher sets the current watcher. + void SetWatcher(std::shared_ptr w) override; + + // LoadModel reloads the model from the model CONF file. + void LoadModel() override; + + // ClearPolicy clears all policy. + void ClearPolicy() override; + + // LoadPolicy reloads the policy from file/database. + void LoadPolicy() override; + + void LoadPolicyWrapper(); + + // LoadFilteredPolicy reloads a filtered policy from file/database. + template + void LoadFilteredPolicy(Filter); + + // LoadIncrementalFilteredPolicy reloads a filtered policy from file/database. + void LoadIncrementalFilteredPolicy(Filter); + + // SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database. + void SavePolicy() override; + + // BuildRoleLinks manually rebuild the role inheritance relations. + void BuildRoleLinks() override; + + // Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). + bool Enforce(std::shared_ptr) override; + + // Enforce with a vector param,decides whether a "subject" can access a + // "object" with the operation "action", input parameters are usually: (sub, + // obj, act). + bool Enforce(const DataVector& params) override; - // StartAutoLoadPolicy starts a thread that will go through every specified duration call LoadPolicy - void StartAutoLoadPolicy(std::chrono::duration t); + // Enforce with a vector param,decides whether a "subject" can access a + // "object" with the operation "action", input parameters are usually: (sub, + // obj, act). + bool Enforce(const DataList& params) override; - // IsAutoLoadingRunning check if SyncedEnforcer is auto loading policies - bool IsAutoLoadingRunning(); + // Enforce with a map param,decides whether a "subject" can access a "object" + // with the operation "action", input parameters are usually: (sub, obj, act). + bool Enforce(const DataMap& params) override; - // StopAutoLoadPolicy causes the thread to exit - void StopAutoLoadPolicy(); + // BatchEnforce enforce in batches + std::vector BatchEnforce(const std::initializer_list& requests) override; - std::string UpdateWrapper(); + // BatchEnforceWithMatcher enforce with matcher in batches + std::vector BatchEnforceWithMatcher(const std::string& matcher, const std::initializer_list& requests) override; - // SetWatcher sets the current watcher. - void SetWatcher(std::shared_ptr w) override; + // GetAllSubjects gets the list of subjects that show up in the current policy. + std::vector GetAllSubjects() override; - // LoadModel reloads the model from the model CONF file. - void LoadModel() override; + // GetAllNamedSubjects gets the list of subjects that show up in the current named policy. + std::vector GetAllNamedSubjects(const std::string& ptype) override; - // ClearPolicy clears all policy. - void ClearPolicy() override; + // GetAllObjects gets the list of objects that show up in the current policy. + std::vector GetAllObjects() override; - // LoadPolicy reloads the policy from file/database. - void LoadPolicy() override; + // GetAllNamedObjects gets the list of objects that show up in the current named policy. + std::vector GetAllNamedObjects(const std::string& ptype) override; - void LoadPolicyWrapper(); + // GetAllNamedActions gets the list of actions that show up in the current named policy. + std::vector GetAllNamedActions(const std::string& ptype) override; - // LoadFilteredPolicy reloads a filtered policy from file/database. - template - void LoadFilteredPolicy(Filter); + // GetAllRoles gets the list of roles that show up in the current policy. + std::vector GetAllRoles() override; - // LoadIncrementalFilteredPolicy reloads a filtered policy from file/database. - void LoadIncrementalFilteredPolicy(Filter); + // GetAllNamedRoles gets the list of roles that show up in the current named policy. + std::vector GetAllNamedRoles(const std::string& ptype) override; - // SavePolicy saves the current policy (usually after changed with Casbin API) back to file/database. - void SavePolicy() override; + // GetPolicy gets all the authorization rules in the policy. + PoliciesValues GetPolicy() override; - // BuildRoleLinks manually rebuild the role inheritance relations. - void BuildRoleLinks() override; + // GetNamedPolicy gets all the authorization rules in the named policy. + PoliciesValues GetNamedPolicy(const std::string& ptype) override; - // Enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). - bool Enforce(std::shared_ptr) override; + // GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified. + PoliciesValues GetFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; - // Enforce with a vector param,decides whether a "subject" can access a - // "object" with the operation "action", input parameters are usually: (sub, - // obj, act). - bool Enforce(const DataVector& params) override; + // GetGroupingPolicy gets all the role inheritance rules in the policy. + PoliciesValues GetGroupingPolicy() override; - // Enforce with a vector param,decides whether a "subject" can access a - // "object" with the operation "action", input parameters are usually: (sub, - // obj, act). - bool Enforce(const DataList& params) override; + // GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. + PoliciesValues GetFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) override; - // Enforce with a map param,decides whether a "subject" can access a "object" - // with the operation "action", input parameters are usually: (sub, obj, act). - bool Enforce(const DataMap& params) override; + // GetNamedGroupingPolicy gets all the role inheritance rules in the policy. + PoliciesValues GetNamedGroupingPolicy(const std::string& ptype) override; - // BatchEnforce enforce in batches - std::vector BatchEnforce(const std::initializer_list& requests) override; + // GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. + PoliciesValues GetFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; - // BatchEnforceWithMatcher enforce with matcher in batches - std::vector BatchEnforceWithMatcher(const std::string& matcher, const std::initializer_list& requests) override; + // HasPolicy determines whether an authorization rule exists. + bool HasPolicy(const std::vector& params) override; - // GetAllSubjects gets the list of subjects that show up in the current policy. - std::vector GetAllSubjects() override; + // HasNamedPolicy determines whether a named authorization rule exists. + bool HasNamedPolicy(const std::string& ptype, const std::vector& params) override; - // GetAllNamedSubjects gets the list of subjects that show up in the current named policy. - std::vector GetAllNamedSubjects(const std::string& ptype) override; + // AddPolicy adds an authorization rule to the current policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool AddPolicy(const std::vector& params) override; - // GetAllObjects gets the list of objects that show up in the current policy. - std::vector GetAllObjects() override; + // AddPolicies adds authorization rules to the current policy. + // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. + // Otherwise the function returns true for the corresponding rule by adding the new rule. + bool AddPolicies(const PoliciesValues& rules) override; - // GetAllNamedObjects gets the list of objects that show up in the current named policy. - std::vector GetAllNamedObjects(const std::string& ptype) override; + // AddNamedPolicy adds an authorization rule to the current named policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool AddNamedPolicy(const std::string& ptype, const std::vector& params) override; - // GetAllNamedActions gets the list of actions that show up in the current named policy. - std::vector GetAllNamedActions(const std::string& ptype) override; + // AddNamedPolicies adds authorization rules to the current named policy. + // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. + // Otherwise the function returns true for the corresponding by adding the new rule. + bool AddNamedPolicies(const std::string& ptype, const PoliciesValues& rules) override; - // GetAllRoles gets the list of roles that show up in the current policy. - std::vector GetAllRoles() override; + // RemovePolicy removes an authorization rule from the current policy. + bool RemovePolicy(const std::vector& params) override; - // GetAllNamedRoles gets the list of roles that show up in the current named policy. - std::vector GetAllNamedRoles(const std::string& ptype) override; + // UpdatePolicy updates an authorization rule from the current policy. + bool UpdatePolicy(const std::vector& oldPolicy, const std::vector& newPolicy) override; - // GetPolicy gets all the authorization rules in the policy. - PoliciesValues GetPolicy() override; + bool UpdateNamedPolicy(const std::string& ptype, const std::vector& p1, const std::vector& p2) override; - // GetNamedPolicy gets all the authorization rules in the named policy. - PoliciesValues GetNamedPolicy(const std::string& ptype) override; + // UpdatePolicies updates authorization rules from the current policies. + bool UpdatePolicies(const PoliciesValues& oldPolices, const PoliciesValues& newPolicies) override; - // GetFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified. - PoliciesValues GetFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; + bool UpdateNamedPolicies(const std::string& ptype, const PoliciesValues& p1, const PoliciesValues& p2) override; - // GetGroupingPolicy gets all the role inheritance rules in the policy. - PoliciesValues GetGroupingPolicy() override; + // RemovePolicies removes authorization rules from the current policy. + bool RemovePolicies(const PoliciesValues& rules) override; - // GetFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. - PoliciesValues GetFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) override; + // RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. + bool RemoveFilteredPolicy(int fieldIndex, const std::vector& fieldValues) override; - // GetNamedGroupingPolicy gets all the role inheritance rules in the policy. - PoliciesValues GetNamedGroupingPolicy(const std::string& ptype) override; + // RemoveNamedPolicy removes an authorization rule from the current named policy. + bool RemoveNamedPolicy(const std::string& ptype, const std::vector& params) override; - // GetFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified. - PoliciesValues GetFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; + // RemoveNamedPolicies removes authorization rules from the current named policy. + bool RemoveNamedPolicies(const std::string& ptype, const PoliciesValues& rules) override; - // HasPolicy determines whether an authorization rule exists. - bool HasPolicy(const std::vector& params) override; + // RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified. + bool RemoveFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; - // HasNamedPolicy determines whether a named authorization rule exists. - bool HasNamedPolicy(const std::string& ptype, const std::vector& params) override; + // HasGroupingPolicy determines whether a role inheritance rule exists. + bool HasGroupingPolicy(const std::vector& params) override; - // AddPolicy adds an authorization rule to the current policy. - // If the rule already exists, the function returns false and the rule will not be added. - // Otherwise the function returns true by adding the new rule. - bool AddPolicy(const std::vector& params) override; + // HasNamedGroupingPolicy determines whether a named role inheritance rule exists. + bool HasNamedGroupingPolicy(const std::string& ptype, const std::vector& params) override; - // AddPolicies adds authorization rules to the current policy. - // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. - // Otherwise the function returns true for the corresponding rule by adding the new rule. - bool AddPolicies(const PoliciesValues& rules) override; + // AddGroupingPolicy adds a role inheritance rule to the current policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool AddGroupingPolicy(const std::vector& params) override; - // AddNamedPolicy adds an authorization rule to the current named policy. - // If the rule already exists, the function returns false and the rule will not be added. - // Otherwise the function returns true by adding the new rule. - bool AddNamedPolicy(const std::string& ptype, const std::vector& params) override; + // AddGroupingPolicies adds role inheritance rulea to the current policy. + // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. + // Otherwise the function returns true for the corresponding policy rule by adding the new rule. + bool AddGroupingPolicies(const PoliciesValues& rules) override; - // AddNamedPolicies adds authorization rules to the current named policy. - // If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. - // Otherwise the function returns true for the corresponding by adding the new rule. - bool AddNamedPolicies(const std::string& ptype, const PoliciesValues& rules) override; + // AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. + // If the rule already exists, the function returns false and the rule will not be added. + // Otherwise the function returns true by adding the new rule. + bool AddNamedGroupingPolicy(const std::string& ptype, const std::vector& params) override; - // RemovePolicy removes an authorization rule from the current policy. - bool RemovePolicy(const std::vector& params) override; + // AddNamedGroupingPolicies adds named role inheritance rules to the current policy. + // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. + // Otherwise the function returns true for the corresponding policy rule by adding the new rule. + bool AddNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) override; - // UpdatePolicy updates an authorization rule from the current policy. - bool UpdatePolicy(const std::vector& oldPolicy, const std::vector& newPolicy) override; + // RemoveGroupingPolicy removes a role inheritance rule from the current policy. + bool RemoveGroupingPolicy(const std::vector& params) override; - bool UpdateNamedPolicy(const std::string& ptype, const std::vector& p1, const std::vector& p2) override; + // RemoveGroupingPolicies removes role inheritance rules from the current policy. + bool RemoveGroupingPolicies(const PoliciesValues& rules) override; - // UpdatePolicies updates authorization rules from the current policies. - bool UpdatePolicies(const PoliciesValues& oldPolices, const PoliciesValues& newPolicies) override; + // RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified. + bool RemoveFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) override; - bool UpdateNamedPolicies(const std::string& ptype, const PoliciesValues& p1, const PoliciesValues& p2) override; + // RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy. + bool RemoveNamedGroupingPolicy(const std::string& ptype, const std::vector& params) override; - // RemovePolicies removes authorization rules from the current policy. - bool RemovePolicies(const PoliciesValues& rules) override; + // RemoveNamedGroupingPolicies removes role inheritance rules from the current named policy. + bool RemoveNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) override; - // RemoveFilteredPolicy removes an authorization rule from the current policy, field filters can be specified. - bool RemoveFilteredPolicy(int fieldIndex, const std::vector& fieldValues) override; + bool UpdateGroupingPolicy(const std::vector& oldRule, const std::vector& newRule) override; - // RemoveNamedPolicy removes an authorization rule from the current named policy. - bool RemoveNamedPolicy(const std::string& ptype, const std::vector& params) override; + bool UpdateNamedGroupingPolicy(const std::string& ptype, const std::vector& oldRule, const std::vector& newRule) override; - // RemoveNamedPolicies removes authorization rules from the current named policy. - bool RemoveNamedPolicies(const std::string& ptype, const PoliciesValues& rules) override; + // RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified. + bool RemoveFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; - // RemoveFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified. - bool RemoveFilteredNamedPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; + // RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified. + bool RemoveFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; - // HasGroupingPolicy determines whether a role inheritance rule exists. - bool HasGroupingPolicy(const std::vector& params) override; + // GetAllActions gets the list of actions that show up in the current policy. + std::vector GetAllActions() override; - // HasNamedGroupingPolicy determines whether a named role inheritance rule exists. - bool HasNamedGroupingPolicy(const std::string& ptype, const std::vector& params) override; + // GetFilteredPolicy gets all the authorization rules in the policy, field filters can be specified. + PoliciesValues GetFilteredPolicy(int fieldIndex, std::vector fieldValues); - // AddGroupingPolicy adds a role inheritance rule to the current policy. - // If the rule already exists, the function returns false and the rule will not be added. - // Otherwise the function returns true by adding the new rule. - bool AddGroupingPolicy(const std::vector& params) override; + // EnforceExWithMatcher use a custom matcher and explain enforcement by informing matched rules. + bool SyncedEnforceExWithMatcher(const std::string& matcher, std::shared_ptr evalator, std::vector& explain); - // AddGroupingPolicies adds role inheritance rulea to the current policy. - // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. - // Otherwise the function returns true for the corresponding policy rule by adding the new rule. - bool AddGroupingPolicies(const PoliciesValues& rules) override; + bool SyncedEnforceExWithMatcher(const std::string& matcher, const DataList& params, std::vector& explain); - // AddNamedGroupingPolicy adds a named role inheritance rule to the current policy. - // If the rule already exists, the function returns false and the rule will not be added. - // Otherwise the function returns true by adding the new rule. - bool AddNamedGroupingPolicy(const std::string& ptype, const std::vector& params) override; + bool SyncedEnforceExWithMatcher(const std::string& matcher, const DataVector& params, std::vector& explain); - // AddNamedGroupingPolicies adds named role inheritance rules to the current policy. - // If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. - // Otherwise the function returns true for the corresponding policy rule by adding the new rule. - bool AddNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) override; + bool SyncedEnforceExWithMatcher(const std::string& matcher, const DataMap& params, std::vector& explain); - // RemoveGroupingPolicy removes a role inheritance rule from the current policy. - bool RemoveGroupingPolicy(const std::vector& params) override; + // EnforceEx explain enforcement by informing matched rules. + bool SyncedEnforceEx(std::shared_ptr evalator, std::vector& explain); - // RemoveGroupingPolicies removes role inheritance rules from the current policy. - bool RemoveGroupingPolicies(const PoliciesValues& rules) override; + bool SyncedEnforceEx(const DataList& params, std::vector& explain); - // RemoveFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified. - bool RemoveFilteredGroupingPolicy(int fieldIndex, const std::vector& fieldValues) override; + bool SyncedEnforceEx(const DataVector& params, std::vector& explain); - // RemoveNamedGroupingPolicy removes a role inheritance rule from the current named policy. - bool RemoveNamedGroupingPolicy(const std::string& ptype, const std::vector& params) override; + bool SyncedEnforceEx(const DataMap& params, std::vector& explain); - // RemoveNamedGroupingPolicies removes role inheritance rules from the current named policy. - bool RemoveNamedGroupingPolicies(const std::string& ptype, const PoliciesValues& rules) override; + // EnforceWithMatcher use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "". + bool SyncedEnforceWithMatcher(const std::string& matcher, std::shared_ptr evalator); - bool UpdateGroupingPolicy(const std::vector& oldRule, const std::vector& newRule) override; + bool SyncedEnforceWithMatcher(const std::string& matcher, const DataList& params); - bool UpdateNamedGroupingPolicy(const std::string& ptype, const std::vector& oldRule, const std::vector& newRule) override; + bool SyncedEnforceWithMatcher(const std::string& matcher, const DataVector& params); - // RemoveFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified. - bool RemoveFilteredNamedGroupingPolicy(const std::string& ptype, int fieldIndex, const std::vector& fieldValues) override; -}; + bool SyncedEnforceWithMatcher(const std::string& matcher, const DataMap& params); + }; -} // namespace casbin + } // namespace casbin -#endif +#endif \ No newline at end of file