Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: enhance FilteredFileAdapter to handle flexible filtering for policies and roles #360

Merged
merged 5 commits into from
Nov 25, 2024
Merged

feat: enhance FilteredFileAdapter to handle flexible filtering for policies and roles #360

merged 5 commits into from
Nov 25, 2024

Conversation

HashCookie
Copy link
Contributor

@HashCookie HashCookie commented Nov 24, 2024
edited by hsluoyz
Loading

Fix: #361

  • The old logic's handling of the g rules is too simplistic. If filter[1] is a null value (indicating there are no g rules to filter), the old logic will still continue to call filter_words for filtering, which may lead to unnecessary misfiltering.
  • When filtering g rules, the filter may be a null value. The old logic did not explicitly handle this situation, which could lead to all g rules being skipped (misfiltered).

Changes

  1. Improved Filtering Logic:
  • Refactored filter_line and filter_words to distinguish between p and g rules.
  • Added explicit handling for empty filters, ensuring that g rules can still be loaded when adapter.filter.G is empty.
  1. Optimized Role Rule Handling:
  • Ensured that g rules are only filtered when adapter.filter.G contains non-empty criteria, preventing unintentional exclusion of role inheritance relationships.

Test

import casbin

if __name__ == "__main__":
     adapter = casbin.persist.adapters.filtered_file_adapter.FilteredFileAdapter(
         "policy.csv"
     )
     adapter.filter.P = ["", "domain1", "", ""]
     adapter.filter.G = ["", "", "domain1"]

     model = casbin.Enforcer.new_model("model.conf")
     filtered_enforcer = casbin.Enforcer(model, adapter)

     filtered_enforcer.load_filtered_policy(filtered_enforcer.adapter.filter)
     print(f"filtered_enforcer.get_policy(): {filtered_enforcer.get_policy()}")

     unfiltered_enforcer = casbin.Enforcer("model.conf", "policy.csv")
     print(f"unfiltered_enforcer.get_policy(): {unfiltered_enforcer.get_policy()}")

     request_vals = ["alice", "domain1", "data1", "read"]

     print(f"request to filtered_enforcer: {filtered_enforcer.enforce(*request_vals)} (expected True)") 
     print(f"request to unfiltered_enforcer: {unfiltered_enforcer.enforce(*request_vals)} (expected True)") 

     print("Filtered Policy Rules:", filtered_enforcer.get_policy())
     print("Filtered Role Rules:", filtered_enforcer.get_grouping_policy())

     print("Before filtering:", unfiltered_enforcer.get_policy())
     print("After filtering:", filtered_enforcer.get_policy())
     print("Role assignments:", filtered_enforcer.get_grouping_policy())

Return

filtered_enforcer.get_policy(): [['admin', 'domain1', 'data1', 'read'], ['admin', 'domain1', 'data1', 'write']]
unfiltered_enforcer.get_policy(): [['admin', 'domain1', 'data1', 'read'], ['admin', 'domain1', 'data1', 'write'], ['admin', 'domain2', 'data2', 'read'], ['admin', 'domain2', 'data2', 'write']]
request to filtered_enforcer: True (expected True)
request to unfiltered_enforcer: True (expected True)
Filtered Policy Rules: [['admin', 'domain1', 'data1', 'read'], ['admin', 'domain1', 'data1', 'write']]
Filtered Role Rules: [['alice', 'admin', 'domain1']]
Before filtering: [['admin', 'domain1', 'data1', 'read'], ['admin', 'domain1', 'data1', 'write'], ['admin', 'domain2', 'data2', 'read'], ['admin', 'domain2', 'data2', 'write']]
After filtering: [['admin', 'domain1', 'data1', 'read'], ['admin', 'domain1', 'data1', 'write']]
Role assignments: [['alice', 'admin', 'domain1']]

@hsluoyz
Copy link
Member

hsluoyz commented Nov 24, 2024

@HashCookie add a test case for it

hsluoyz
hsluoyz requested changes Nov 25, 2024
View reviewed changes
tests/test_filter.py Show resolved Hide resolved
tests/test_filter.py Outdated Show resolved Hide resolved
@hsluoyz hsluoyz changed the title fix: enhance FilteredFileAdapter to handle flexible filtering for policies and roles feat: enhance FilteredFileAdapter to handle flexible filtering for policies and roles Nov 25, 2024
@hsluoyz hsluoyz merged commit 936d5f6 into casbin:master Nov 25, 2024
17 checks passed
github-actions bot pushed a commit that referenced this pull request Nov 25, 2024
@semantic-release-bot
chore(release): 1.37.0 [skip ci]
c42b55e 
# [1.37.0](v1.36.3...v1.37.0) (2024-11-25)

### Features

* enhance FilteredFileAdapter to handle flexible filtering for policies and roles ([#360](#360)) ([936d5f6](936d5f6))
@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 1.37.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hsluoyz hsluoyz hsluoyz approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enfocer.enforce() not giving expected result when loading policy subset
2 participants
@HashCookie @hsluoyz