refactor: match Go Casbin implementation exactly

- Reverted to single pType evaluation per enforce call
- Added pType reference check like Go: expString.includes(pType+"_")
- Added Go's example files: multiple_policy_definitions and rbac_with_multiple_policy
- Added test matching Go's TestMultiplePolicyDefinitions
- Removed custom implementation that iterated all policy types

Co-authored-by: hsluoyz <3787410+hsluoyz@users.noreply.github.com>

Author: Copilot

IMPLEMENTATION_NOTES.md

@@ -0,0 +1,19 @@
+[request_definition]
+r = sub, obj, act
+r2 = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+p2= sub_rule, obj, act, eft
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+#RABC
+m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
+#ABAC
+m2 = eval(p2.sub_rule) && r2.obj == p2.obj && r2.act == p2.act

examples/multiple_policy_definitions_model.conf

@@ -0,0 +1,5 @@
+p, data2_admin, data2, read
+p2, r2.sub.Age > 18 && r2.sub.Age < 60, /data1, read, allow
+p2, r2.sub.Age > 60 && r2.sub.Age < 100, /data1, read, deny
+
+g, alice, data2_admin

examples/multiple_policy_definitions_policy.csv

@@ -0,0 +1,17 @@
+[request_definition]
+r = user, thing, action
+
+[policy_definition]
+p = role, thing, action
+p2 = role, action
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.user, p.role) && r.thing == p.thing && r.action == p.action
+m2 = g(r.user, p2.role) && r.action == p.action
+
+[role_definition]
+g = _,_
+g2 = _,_

examples/rbac_with_multiple_policy_model.conf

@@ -0,0 +1,9 @@
+p, user, /data, GET
+p, admin, /data, POST
+
+p2, user, view
+p2, admin, create
+
+g, admin, user
+g, alice, admin
+g2, alice, user