feat: Implement loadFilteredPolicy() (#84)

rushitote · web-flow · commit 3f7e220f2fb6 · 2021-07-13T23:44:06.000+08:00
Signed-off-by: Rushikesh Tote &lt;rushi.tote@gmail.com&gt;
diff --git a/src/main/CoreEnforcer.lua b/src/main/CoreEnforcer.lua
@@ -225,7 +225,18 @@ end
      * @param filter the filter used to specify which type of policy should be loaded.
 ]]
 function CoreEnforcer:loadFilteredPolicy(filter)
+    self.model:clearPolicy()
+    if not Util.isInstance(self.adapter, FilteredAdapter) then
+        error("Filtered policies are not supported by this adapter.")
+    end
 
+    self.adapter:loadFilteredPolicy(self.model, filter)
+
+    self:initBuildRoleLinks()
+    self.model:printPolicy()
+    if self.autoBuildRoleLinks then
+        self:buildRoleLinks()
+    end
 end
 
 --[[
diff --git a/src/persist/file_adapter/FilteredAdapter.lua b/src/persist/file_adapter/FilteredAdapter.lua
@@ -33,10 +33,7 @@ Filter.__index = Filter
     * supports loading of filtered policies.
 ]]
 FilteredAdapter = {
-    adapter,
-    isFiltered = true,
-    filePath,
-    filter = {}
+    isFiltered = true
 }
 setmetatable(FilteredAdapter, Adapter)
 
@@ -46,6 +43,7 @@ function FilteredAdapter:new(filePath)
     self.__index = self
     o.filePath = filePath
     o.adapter = FileAdapter:new(filePath)
+    o.filter = {}
     o.filter = setmetatable(o.filter, Filter)
     return o
 end
@@ -132,7 +130,7 @@ function FilteredAdapter:filterWords(line, filter)
     local i = 1
     for _, v in pairs(filter) do
         i = i + 1
-        if #v>0 and Util.trim(v) == Util.trim(line[i]) then
+        if #v>0 and Util.trim(v) ~= Util.trim(line[i]) then
             skipLine = true
             break
         end
diff --git a/tests/persist/filtered_adapter_spec.lua b/tests/persist/filtered_adapter_spec.lua
@@ -0,0 +1,87 @@
+--Copyright 2021 The casbin Authors. All Rights Reserved.
+--
+--Licensed under the Apache License, Version 2.0 (the "License");
+--you may not use this file except in compliance with the License.
+--You may obtain a copy of the License at
+--
+--    http://www.apache.org/licenses/LICENSE-2.0
+--
+--Unless required by applicable law or agreed to in writing, software
+--distributed under the License is distributed on an "AS IS" BASIS,
+--WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+--See the License for the specific language governing permissions and
+--limitations under the License.
+
+local filtered_adapter_module = require("src.persist.file_adapter.FilteredAdapter")
+local enforcer_module = require("src.main.Enforcer")
+local path = os.getenv("PWD") or io.popen("cd"):read()
+
+describe("FilteredAdapter tests", function ()
+    it("init FilteredAdapter test", function ()
+        local adapter = FilteredAdapter:new(path .. "/examples/rbac_with_domains_policy.csv")
+        local e = Enforcer:new(path .. "/examples/rbac_with_domains_model.conf", adapter)
+        assert.is.False(e:HasPolicy("admin", "domain1", "data1", "read"))
+    end)
+
+    it("load filtered policy test", function ()
+        local adapter = FilteredAdapter:new(path .. "/examples/rbac_with_domains_policy.csv")
+        local e = Enforcer:new(path .. "/examples/rbac_with_domains_model.conf", path .. "/examples/rbac_with_domains_policy.csv")
+        e:setAdapter(adapter)
+
+        assert.is.True(e:HasPolicy("admin", "domain1", "data1", "read"))
+        assert.is.True(e:HasPolicy("admin", "domain2", "data2", "read"))
+
+        local filter = {}
+        setmetatable(filter, Filter)
+        filter.G = {"", "", "domain1"}
+        filter.P = {"", "domain1"}
+
+        e:loadFilteredPolicy(filter)
+
+        assert.is.True(e:HasPolicy("admin", "domain1", "data1", "read"))
+        assert.is.False(e:HasPolicy("admin", "domain2", "data2", "read"))
+    end)
+
+    it("invalid filter test", function ()
+        local adapter = FilteredAdapter:new(path .. "/examples/rbac_with_domains_policy.csv")
+        local e = Enforcer:new(path .. "/examples/rbac_with_domains_model.conf", path .. "/examples/rbac_with_domains_policy.csv")
+        e:setAdapter(adapter)
+
+        local filter = {"", "domain1"}
+        assert.has_error(function ()
+            e:loadFilteredPolicy(filter)
+        end)
+    end)
+
+    it("empty filter test", function ()
+        local adapter = FilteredAdapter:new(path .. "/examples/rbac_with_domains_policy.csv")
+        local e = Enforcer:new(path .. "/examples/rbac_with_domains_model.conf", path .. "/examples/rbac_with_domains_policy.csv")
+        e:setAdapter(adapter)
+
+        e:loadFilteredPolicy(nil)
+
+        assert.is.False(e.adapter.isFiltered)
+    end)
+
+    it("unsupported filtered policy test", function ()
+        local e = Enforcer:new(path .. "/examples/rbac_with_domains_model.conf", path .. "/examples/rbac_with_domains_policy.csv")
+
+        local filter = {}
+        setmetatable(filter, Filter)
+        filter.G = {"", "", "domain1"}
+        filter.P = {"", "domain1"}
+        assert.has_error(function ()
+            e:loadFilteredPolicy(filter)
+        end)
+    end)
+
+    it("invalid file path test", function ()
+        local adapter = FilteredAdapter:new(path .. "/examples/does_not_exist_policy.csv")
+        local e = Enforcer:new(path .. "/examples/rbac_with_domains_model.conf", path .. "/examples/rbac_with_domains_policy.csv")
+        e:setAdapter(adapter)
+
+        assert.has_error(function ()
+            e:loadFilteredPolicy(nil)
+        end)
+    end)
+end)
