test: add examples

Author: abichinger

.gitignore

@@ -1,2 +1,3 @@
 node_modules
-todo
+todo
+.tmp

example_functions_test.go

@@ -0,0 +1,58 @@
+package fastac_test
+
+import (
+	"github.com/abichinger/fastac"
+	"github.com/abichinger/fastac/model"
+	"github.com/abichinger/fastac/model/fm"
+)
+
+//the model uses a custom MatchingFunc named customPathMatch
+var example_functions_model = `
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && customPathMatch(r.obj, p.obj) && r.act == p.act`
+
+var example_functions_policy = [][]string{
+	{"p", "alice", "*", "GET"},
+	{"p", "alice", "/user/alice", "PATCH"},
+}
+
+// ExampleFunctions shows how to use a custom util.MatchingFunc
+func Example_functions() {
+
+	//customPathMatch needs to be registered before loading the model
+	fm.SetFunction("customPathMatch", func(arguments ...interface{}) (interface{}, error) {
+		rObj := arguments[0].(string)
+		rSub := arguments[1].(string)
+
+		if rSub == "*" {
+			return true, nil
+		}
+		return rObj == rSub, nil
+	})
+
+	//create enforcer and add rules
+	m := model.NewModel()
+	_ = m.LoadModelFromText(example_functions_model)
+	e, _ := fastac.NewEnforcer(m, nil)
+	_ = e.AddRules(example_functions_policy)
+
+	//perform some requests
+	printReq(e, "alice", "/user/alice/entry/1", "GET")
+	printReq(e, "bob", "/user/alice/entry/1", "GET")
+	printReq(e, "alice", "/user/alice", "PATCH")
+	printReq(e, "bob", "/user/alice", "PATCH")
+
+	// Output: alice, /user/alice/entry/1, GET => allow
+	// bob, /user/alice/entry/1, GET => deny
+	// alice, /user/alice, PATCH => allow
+	// bob, /user/alice, PATCH => deny
+}

example_matcher_test.go

@@ -0,0 +1,80 @@
+package fastac_test
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/abichinger/fastac"
+	"github.com/abichinger/fastac/model"
+	"github.com/abichinger/fastac/rbac"
+	"github.com/abichinger/fastac/util"
+)
+
+//the model uses the built-in MatchingFunc pathMatch
+var example_matcher_model = `
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub) && pathMatch(r.obj, p.obj) && r.act == p.act`
+
+var example_matcher_policy = [][]string{
+	{"p", "role:user", "/user/:uid/entry/:eid", "GET"},
+	{"p", "user:alice", "/user/alice/*", "POST"},
+	{"p", "role:admin", "/user/:uid/entry/:eid", "DELETE"},
+	{"g", "reg:user:.*", "role:user"},
+	{"g", "user:alice", "role:admin"},
+}
+
+func printReq(e *fastac.Enforcer, params ...interface{}) {
+	b, _ := e.Enforce(params...)
+	var rule []string
+	for _, param := range params {
+		rule = append(rule, param.(string))
+	}
+	if b {
+		fmt.Printf("%s => allow\n", strings.Join(rule, ", "))
+	} else {
+		fmt.Printf("%s => deny\n", strings.Join(rule, ", "))
+	}
+}
+
+// ExampleMatchers shows the usage of util.MatchingFunc and util.IMatcher
+func Example_matchers() {
+
+	//create enforcer and add rules
+	m := model.NewModel()
+	_ = m.LoadModelFromText(example_matcher_model)
+	e, _ := fastac.NewEnforcer(m, nil)
+	_ = e.AddRules(example_matcher_policy)
+
+	//get the default rolemanager
+	rm, _ := e.GetModel().GetRoleManager("g")
+
+	// set a role matcher.
+	// create a PrefixMatcher. PrefixMatcher implements the interface util.IMatcher
+	// each regex pattern needs to be marked with the prefix "reg:"
+	roleMatcher := util.NewPrefixMatcher("reg:", util.RegexMatch)
+	rm.(rbac.IDefaultRoleManager).SetMatcher(roleMatcher)
+
+	printReq(e, "user:alice", "/user/joe/entry/1", "GET") //allow, because user:alice has role:user
+	printReq(e, "user:alice", "/user/alice/entry/2", "POST")
+	printReq(e, "user:alice", "/user/bob/entry/3", "POST")
+	printReq(e, "user:alice", "/user/bob/entry/3", "DELETE")
+	printReq(e, "user:bob", "/user/alice/entry/2", "DELETE")
+
+	// Output: user:alice, /user/joe/entry/1, GET => allow
+	// user:alice, /user/alice/entry/2, POST => allow
+	// user:alice, /user/bob/entry/3, POST => deny
+	// user:alice, /user/bob/entry/3, DELETE => allow
+	// user:bob, /user/alice/entry/2, DELETE => deny
+}

example_rules_test.go

@@ -0,0 +1,63 @@
+package fastac_test
+
+import (
+	"fmt"
+	"sort"
+
+	"github.com/abichinger/fastac"
+	"github.com/abichinger/fastac/util"
+)
+
+var example_rules_policy = [][]string{
+	{"p", "alice", "data1", "read"},
+	{"p", "alice", "data1", "write"},
+	{"p", "bob", "data2", "read"},
+	{"p", "bob", "data2", "write"},
+	{"p", "alice", "data3", "read"},
+	{"p", "bob", "data3", "read"},
+	{"p", "manager", "data3", "write"},
+	{"g", "bob", "manager"},
+}
+
+// ExampleManagePolicy demonstrates the usage of functions to modify the policy
+func Example_managePolicy() {
+
+	//create enforcer with rbac model and empty policy
+	e, _ := fastac.NewEnforcer("examples/rbac_model.conf", nil)
+
+	//add multiple rules at once
+	_ = e.AddRules(example_rules_policy)
+
+	//remove all rules of user bob
+	bobRules, _ := e.Filter(fastac.SetMatcher(`p.sub == "bob"`))
+	bobGroupingRules, _ := e.Filter(fastac.SetMatcher(`g.user == "bob"`))
+	_ = e.RemoveRules(append(bobRules, bobGroupingRules...))
+
+	//make alice a manager
+	alice_manager := []string{"g", "alice", "manager"}
+	added, _ := e.AddRule(alice_manager)
+	if added {
+		fmt.Println("rule added successfully")
+	}
+
+	//get a list of all rules
+	var allRules [][]string
+	e.GetModel().RangeRules(func(rule []string) bool {
+		allRules = append(allRules, rule)
+		return true
+	})
+
+	//sort and print rules
+	allRulesStr := util.Join2D(allRules, ", ")
+	sort.Strings(allRulesStr)
+	for _, rule := range allRulesStr {
+		fmt.Println(rule)
+	}
+
+	// Output: rule added successfully
+	// g, alice, manager
+	// p, alice, data1, read
+	// p, alice, data1, write
+	// p, alice, data3, read
+	// p, manager, data3, write
+}

example_storage_test.go

@@ -0,0 +1,69 @@
+package fastac_test
+
+import (
+	"fmt"
+	"os"
+	"sort"
+	"strings"
+
+	"github.com/abichinger/fastac"
+	gormadapter "github.com/abichinger/gorm-adapter"
+	"gorm.io/driver/sqlite"
+	"gorm.io/gorm"
+)
+
+var example_rules_1 = [][]string{
+	{"p", "alice", "data1", "read"},
+	{"p", "alice", "data1", "write"},
+	{"p", "bob", "data1", "read"},
+}
+
+func createDB(name string) *gorm.DB {
+	_ = os.Mkdir(".tmp", 0755)
+	db, _ := gorm.Open(sqlite.Open(".tmp/"+name+".db"), &gorm.Config{})
+	return db
+}
+
+func removeDB(name string) {
+	os.Remove(".tmp/" + name + ".db")
+}
+
+// ExampleStorageAdapter shows how to store/load policy rules to/from a storage adapter
+func Example_storageAdapter() {
+
+	//init adapter
+	db := createDB("example")
+	defer removeDB("example")
+	a, err := gormadapter.NewAdapter(db)
+	if err != nil {
+		panic(err)
+	}
+
+	//create enforcer and store rules using the autosave feature
+	e, _ := fastac.NewEnforcer("examples/basic_model.conf", a, fastac.OptionAutosave(true))
+	err = e.AddRules(example_rules_1)
+	if err != nil {
+		panic(err)
+	}
+
+	//second enforcer to demonstrate LoadPolicy
+	e2, _ := fastac.NewEnforcer("examples/basic_model.conf", a)
+	err = e2.LoadPolicy()
+	if err != nil {
+		panic(err)
+	}
+
+	loadedRules := []string{}
+	e2.GetModel().RangeRules(func(rule []string) bool {
+		loadedRules = append(loadedRules, strings.Join(rule, ", "))
+		return true
+	})
+
+	sort.Strings(loadedRules)
+	for _, rule := range loadedRules {
+		fmt.Println(rule)
+	}
+	// Output: p, alice, data1, read
+	// p, alice, data1, write
+	// p, bob, data1, read
+}

go.mod

@@ -3,18 +3,24 @@ module github.com/abichinger/fastac
 go 1.17
 
 require (
+	github.com/abichinger/gorm-adapter v1.0.1
 	github.com/abichinger/govaluate v1.5.1-0.20220503123756-74b96f998566
 	github.com/casbin/casbin/v2 v2.44.3
 	github.com/go-ini/ini v1.66.4
 	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.7.1
 	github.com/vansante/go-event-emitter v1.0.2
+	gorm.io/driver/sqlite v1.3.2
+	gorm.io/gorm v1.23.5
 )
 
 require (
 	github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jinzhu/now v1.1.5 // indirect
+	github.com/mattn/go-sqlite3 v1.14.12 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
+	golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 )

go.sum

@@ -1,5 +1,9 @@
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible h1:1G1pk05UrOh0NlF1oeaaix1x8XzrfjIDK47TY0Zehcw=
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
+github.com/abichinger/fastac v1.0.1/go.mod h1:HWQYswCOqXnViLAJzBOiRdIIi2rUhzhhKb7Z+TZ6Di4=
+github.com/abichinger/gorm-adapter v1.0.1 h1:9MxhILBlN07w3JPUy6DUeQBjjCCODw0aEvcKb8p3YpM=
+github.com/abichinger/gorm-adapter v1.0.1/go.mod h1:aQT/0ZwJDx/mo83sPdVfS2YTV3/XzQs+NIXfOVgAmW8=
+github.com/abichinger/govaluate v1.5.1-0.20220429195714-1a681aad947c/go.mod h1:kxvs9v5HO4iu/FbZPqhiWJ43Vv7INmjYTlyBbfGq3Xo=
 github.com/abichinger/govaluate v1.5.1-0.20220503123756-74b96f998566 h1:rKOEJDa0kBdr+pOIZHb6gCzACW8mfI+zkDqjxgMPflY=
 github.com/abichinger/govaluate v1.5.1-0.20220503123756-74b96f998566/go.mod h1:kxvs9v5HO4iu/FbZPqhiWJ43Vv7INmjYTlyBbfGq3Xo=
 github.com/casbin/casbin/v2 v2.44.3 h1:tPP1YypfG2fqe7S2zivYuD11yc+/mc0GXJe/sDVbb1U=
@@ -11,12 +15,21 @@ github.com/go-ini/ini v1.66.4 h1:dKjMqkcbkzfddhIhyglTPgMoJnkvmG+bSLrU9cTHc5M=
 github.com/go-ini/ini v1.66.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
+github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
+github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
+github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.12 h1:TJ1bhYJPV44phC+IMu1u2K/i5RriLTPe+yc68XDJ1Z0=
+github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/vansante/go-event-emitter v1.0.2 h1:Qh/B4aM2OKyWWqToiIgS9XCf5sR8/R6vAp/rOpSuwss=
@@ -25,11 +38,20 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gorm.io/driver/sqlite v1.3.1/go.mod h1:wJx0hJspfycZ6myN38x1O/AqLtNS6c5o9TndewFbELg=
+gorm.io/driver/sqlite v1.3.2 h1:nWTy4cE52K6nnMhv23wLmur9Y3qWbZvOBz+V4PrGAxg=
+gorm.io/driver/sqlite v1.3.2/go.mod h1:B+8GyC9K7VgzJAcrcXMRPdnMcck+8FgJynEehEPM16U=
+gorm.io/gorm v1.23.1/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
+gorm.io/gorm v1.23.4/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
+gorm.io/gorm v1.23.5 h1:TnlF26wScKSvknUC/Rn8t0NLLM22fypYBlvj1+aH6dM=
+gorm.io/gorm v1.23.5/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=