1
|
|
|
<?php |
2
|
|
|
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
4
|
|
|
|
5
|
|
|
namespace Casbin; |
6
|
|
|
|
7
|
|
|
use Casbin\Exceptions\NotImplementedException; |
8
|
|
|
use Casbin\Log\Log; |
9
|
|
|
use Casbin\Model\Policy; |
10
|
|
|
use Casbin\Persist\BatchAdapter; |
11
|
|
|
use Casbin\Persist\UpdatableAdapter; |
12
|
|
|
use Casbin\Persist\WatcherEx; |
13
|
|
|
use Casbin\Persist\WatcherUpdatable; |
14
|
|
|
|
15
|
|
|
/** |
16
|
|
|
* InternalEnforcer = CoreEnforcer + Internal API. |
17
|
|
|
* |
18
|
|
|
* @author [email protected] |
|
|
|
|
19
|
|
|
*/ |
|
|
|
|
20
|
|
|
class InternalEnforcer extends CoreEnforcer |
21
|
|
|
{ |
22
|
|
|
/** |
|
|
|
|
23
|
|
|
* @return bool |
24
|
|
|
*/ |
25
|
84 |
|
protected function shouldPersist(): bool |
26
|
|
|
{ |
27
|
84 |
|
return !is_null($this->adapter) && $this->autoSave; |
28
|
|
|
} |
29
|
|
|
|
30
|
|
|
/** |
31
|
|
|
* Adds a rule to the current policy. |
32
|
|
|
* |
33
|
|
|
* @param string $sec |
|
|
|
|
34
|
|
|
* @param string $ptype |
|
|
|
|
35
|
|
|
* @param array $rule |
|
|
|
|
36
|
|
|
* |
37
|
|
|
* @return bool |
38
|
|
|
*/ |
39
|
36 |
|
protected function addPolicyInternal(string $sec, string $ptype, array $rule): bool |
40
|
|
|
{ |
41
|
36 |
|
if ($this->model->hasPolicy($sec, $ptype, $rule)) { |
42
|
3 |
|
return false; |
43
|
|
|
} |
44
|
|
|
|
45
|
36 |
|
if ($this->shouldPersist()) { |
46
|
|
|
try { |
47
|
33 |
|
$this->adapter->addPolicy($sec, $ptype, $rule); |
48
|
33 |
|
} catch (NotImplementedException $e) { |
|
|
|
|
49
|
|
|
} |
50
|
|
|
} |
51
|
|
|
|
52
|
36 |
|
$this->model->addPolicy($sec, $ptype, $rule); |
53
|
|
|
|
54
|
36 |
|
if ($sec == "g") { |
55
|
18 |
|
$this->buildIncrementalRoleLinks(Policy::POLICY_ADD, $ptype, [$rule]); |
56
|
|
|
} |
57
|
|
|
|
58
|
36 |
|
if ($this->watcher !== null && $this->autoNotifyWatcher) { |
59
|
|
|
if ($this->watcher instanceof WatcherEx) { |
60
|
|
|
$this->watcher->updateForAddPolicy($sec, $ptype, ...$rule); |
61
|
|
|
} else { |
62
|
|
|
$this->watcher->update(); |
63
|
|
|
} |
64
|
|
|
} |
65
|
|
|
|
66
|
36 |
|
return true; |
67
|
|
|
} |
68
|
|
|
|
69
|
|
|
/** |
70
|
|
|
* Adds rules to the current policy. |
71
|
|
|
* |
72
|
|
|
* @param string $sec |
|
|
|
|
73
|
|
|
* @param string $ptype |
|
|
|
|
74
|
|
|
* @param array $rules |
|
|
|
|
75
|
|
|
* |
76
|
|
|
* @return bool |
77
|
|
|
* @throws Exceptions\CasbinException |
78
|
|
|
*/ |
79
|
18 |
|
protected function addPoliciesInternal(string $sec, string $ptype, array $rules): bool |
80
|
|
|
{ |
81
|
18 |
|
if ($this->model->hasPolicies($sec, $ptype, $rules)) { |
82
|
9 |
|
return false; |
83
|
|
|
} |
84
|
|
|
|
85
|
18 |
|
if ($this->shouldPersist() && $this->adapter instanceof BatchAdapter) { |
86
|
|
|
try { |
87
|
18 |
|
$this->adapter->addPolicies($sec, $ptype, $rules); |
88
|
12 |
|
} catch (NotImplementedException $e) { |
|
|
|
|
89
|
|
|
} |
90
|
|
|
} |
91
|
|
|
|
92
|
18 |
|
$this->model->addPolicies($sec, $ptype, $rules); |
93
|
|
|
|
94
|
18 |
|
if ($sec == "g") { |
95
|
6 |
|
$this->buildIncrementalRoleLinks(Policy::POLICY_ADD, $ptype, $rules); |
96
|
|
|
} |
97
|
|
|
|
98
|
18 |
|
if ($this->watcher !== null && $this->autoNotifyWatcher) { |
99
|
|
|
$this->watcher->update(); |
100
|
|
|
} |
101
|
|
|
|
102
|
18 |
|
return true; |
103
|
|
|
} |
104
|
|
|
|
105
|
|
|
/** |
|
|
|
|
106
|
|
|
* @param string $sec |
|
|
|
|
107
|
|
|
* @param string $ptype |
|
|
|
|
108
|
|
|
* @param string[] $oldRule |
|
|
|
|
109
|
|
|
* @param string[] $newRule |
|
|
|
|
110
|
|
|
* |
111
|
|
|
* @return bool |
112
|
|
|
*/ |
113
|
3 |
|
protected function updatePolicyInternal(string $sec, string $ptype, array $oldRule, array $newRule): bool |
114
|
|
|
{ |
115
|
3 |
|
if ($this->shouldPersist() && $this->adapter instanceof UpdatableAdapter) { |
116
|
|
|
try { |
117
|
3 |
|
$this->adapter->updatePolicy($sec, $ptype, $oldRule, $newRule); |
118
|
3 |
|
} catch (NotImplementedException $e) { |
|
|
|
|
119
|
|
|
} |
120
|
|
|
} |
121
|
|
|
|
122
|
3 |
|
$ruleUpdated = $this->model->updatePolicy($sec, $ptype, $oldRule, $newRule); |
123
|
3 |
|
if (!$ruleUpdated) { |
124
|
|
|
return false; |
125
|
|
|
} |
126
|
|
|
|
127
|
3 |
|
if ($sec == "g") { |
128
|
|
|
// remove the old rule |
129
|
|
|
$this->buildIncrementalRoleLinks(Policy::POLICY_REMOVE, $ptype, [$oldRule]); |
130
|
|
|
|
131
|
|
|
// add the new rule |
132
|
|
|
$this->buildIncrementalRoleLinks(Policy::POLICY_ADD, $ptype, [$newRule]); |
133
|
|
|
} |
134
|
|
|
|
135
|
3 |
|
if ($this->watcher !== null && $this->autoNotifyWatcher) { |
136
|
|
|
try { |
137
|
|
|
if ($this->watcher instanceof WatcherUpdatable) { |
138
|
|
|
$this->watcher->updateForUpdatePolicy($oldRule, $newRule); |
139
|
|
|
} else { |
140
|
|
|
$this->watcher->update(); |
141
|
|
|
} |
142
|
|
|
} catch (\Exception $e) { |
143
|
|
|
Log::logPrint("An exception occurred:" . $e->getMessage()); |
144
|
|
|
return false; |
145
|
|
|
} |
146
|
|
|
} |
147
|
|
|
|
148
|
3 |
|
return true; |
149
|
|
|
} |
150
|
|
|
|
151
|
3 |
|
protected function updatePoliciesInternal(string $sec, string $ptype, array $oldRules, array $newRules): bool |
|
|
|
|
152
|
|
|
{ |
153
|
3 |
|
if ($this->shouldPersist() && $this->adapter instanceof UpdatableAdapter) { |
154
|
|
|
try { |
155
|
3 |
|
$this->adapter->updatePolicies($sec, $ptype, $oldRules, $newRules); |
156
|
3 |
|
} catch (NotImplementedException $e) { |
|
|
|
|
157
|
|
|
} |
158
|
|
|
} |
159
|
|
|
|
160
|
3 |
|
$ruleUpdated = $this->model->updatePolicies($sec, $ptype, $oldRules, $newRules); |
161
|
3 |
|
if (!$ruleUpdated) { |
162
|
3 |
|
return false; |
163
|
|
|
} |
164
|
|
|
|
165
|
3 |
|
if ($sec == "g") { |
166
|
|
|
// remove the old rule |
167
|
|
|
$this->buildIncrementalRoleLinks(Policy::POLICY_REMOVE, $ptype, $oldRules); |
168
|
|
|
|
169
|
|
|
// add the new rule |
170
|
|
|
$this->buildIncrementalRoleLinks(Policy::POLICY_ADD, $ptype, $newRules); |
171
|
|
|
} |
172
|
|
|
|
173
|
3 |
|
if ($this->watcher !== null && $this->autoNotifyWatcher) { |
174
|
|
|
try { |
175
|
3 |
|
if ($this->watcher instanceof WatcherUpdatable) { |
176
|
3 |
|
$this->watcher->updateForUpdatePolicies($oldRules, $newRules); |
177
|
|
|
} else { |
178
|
3 |
|
$this->watcher->update(); |
179
|
|
|
} |
180
|
3 |
|
} catch (\Exception $e) { |
181
|
3 |
|
Log::logPrint("An exception occurred:" . $e->getMessage()); |
182
|
3 |
|
return false; |
183
|
|
|
} |
184
|
|
|
} |
185
|
|
|
|
186
|
3 |
|
return true; |
187
|
|
|
} |
188
|
|
|
|
189
|
|
|
/** |
190
|
|
|
* Removes a rule from the current policy. |
191
|
|
|
* |
192
|
|
|
* @param string $sec |
|
|
|
|
193
|
|
|
* @param string $ptype |
|
|
|
|
194
|
|
|
* @param array $rule |
|
|
|
|
195
|
|
|
* |
196
|
|
|
* @return bool |
197
|
|
|
*/ |
198
|
33 |
|
protected function removePolicyInternal(string $sec, string $ptype, array $rule): bool |
199
|
|
|
{ |
200
|
33 |
|
if ($this->shouldPersist()) { |
201
|
|
|
try { |
202
|
33 |
|
$this->adapter->removePolicy($sec, $ptype, $rule); |
203
|
33 |
|
} catch (NotImplementedException $e) { |
|
|
|
|
204
|
|
|
} |
205
|
|
|
} |
206
|
|
|
|
207
|
33 |
|
$ruleRemoved = $this->model->removePolicy($sec, $ptype, $rule); |
208
|
33 |
|
if (!$ruleRemoved) { |
209
|
3 |
|
return false; |
210
|
|
|
} |
211
|
|
|
|
212
|
33 |
|
if ($sec == "g") { |
213
|
18 |
|
$this->buildIncrementalRoleLinks(Policy::POLICY_REMOVE, $ptype, [$rule]); |
214
|
|
|
} |
215
|
|
|
|
216
|
33 |
|
if ($this->watcher !== null && $this->autoNotifyWatcher) { |
217
|
|
|
if ($this->watcher instanceof WatcherEx) { |
218
|
|
|
$this->watcher->updateForRemovePolicy($sec, $ptype, ...$rule); |
219
|
|
|
} else { |
220
|
|
|
$this->watcher->update(); |
221
|
|
|
} |
222
|
|
|
} |
223
|
|
|
|
224
|
33 |
|
return true; |
225
|
|
|
} |
226
|
|
|
|
227
|
|
|
/** |
228
|
|
|
* Removes a rules from the current policy. |
229
|
|
|
* |
230
|
|
|
* @param string $sec |
|
|
|
|
231
|
|
|
* @param string $ptype |
|
|
|
|
232
|
|
|
* @param array $rules |
|
|
|
|
233
|
|
|
* |
234
|
|
|
* @return bool |
235
|
|
|
*/ |
236
|
15 |
|
protected function removePoliciesInternal(string $sec, string $ptype, array $rules): bool |
237
|
|
|
{ |
238
|
15 |
|
if (!$this->model->hasPolicies($sec, $ptype, $rules)) { |
239
|
6 |
|
return false; |
240
|
|
|
} |
241
|
|
|
|
242
|
15 |
|
if ($this->shouldPersist() && $this->adapter instanceof BatchAdapter) { |
243
|
|
|
try { |
244
|
15 |
|
$this->adapter->removePolicies($sec, $ptype, $rules); |
245
|
15 |
|
} catch (NotImplementedException $e) { |
|
|
|
|
246
|
|
|
} |
247
|
|
|
} |
248
|
|
|
|
249
|
15 |
|
$ruleRemoved = $this->model->removePolicies($sec, $ptype, $rules); |
250
|
15 |
|
if (!$ruleRemoved) { |
251
|
|
|
return false; |
252
|
|
|
} |
253
|
|
|
|
254
|
15 |
|
if ($sec == "g") { |
255
|
12 |
|
$this->buildIncrementalRoleLinks(Policy::POLICY_REMOVE, $ptype, $rules); |
256
|
|
|
} |
257
|
|
|
|
258
|
15 |
|
if ($this->watcher !== null && $this->autoNotifyWatcher) { |
259
|
|
|
// error intentionally ignored |
260
|
|
|
$this->watcher->update(); |
261
|
|
|
} |
262
|
|
|
|
263
|
15 |
|
return true; |
264
|
|
|
} |
265
|
|
|
|
266
|
|
|
/** |
267
|
|
|
* Removes rules based on field filters from the current policy. |
268
|
|
|
* |
269
|
|
|
* @param string $sec |
|
|
|
|
270
|
|
|
* @param string $ptype |
|
|
|
|
271
|
|
|
* @param int $fieldIndex |
|
|
|
|
272
|
|
|
* @param string ...$fieldValues |
|
|
|
|
273
|
|
|
* |
274
|
|
|
* @return bool |
275
|
|
|
*/ |
276
|
24 |
|
protected function removeFilteredPolicyInternal(string $sec, string $ptype, int $fieldIndex, string ...$fieldValues): bool |
277
|
|
|
{ |
278
|
24 |
|
if ($this->shouldPersist()) { |
279
|
|
|
try { |
280
|
24 |
|
$this->adapter->removeFilteredPolicy($sec, $ptype, $fieldIndex, ...$fieldValues); |
281
|
24 |
|
} catch (NotImplementedException $e) { |
|
|
|
|
282
|
|
|
} |
283
|
|
|
} |
284
|
|
|
|
285
|
24 |
|
$ruleRemoved = $this->model->removeFilteredPolicy($sec, $ptype, $fieldIndex, ...$fieldValues); |
286
|
24 |
|
if (!$ruleRemoved) { |
|
|
|
|
287
|
|
|
return false; |
288
|
|
|
} |
289
|
|
|
|
290
|
24 |
|
if ($sec == "g") { |
291
|
12 |
|
$this->buildIncrementalRoleLinks(Policy::POLICY_REMOVE, $ptype, $ruleRemoved); |
292
|
|
|
} |
293
|
|
|
|
294
|
24 |
|
if ($this->watcher !== null && $this->autoNotifyWatcher) { |
295
|
|
|
// error intentionally ignored |
296
|
|
|
if ($this->watcher instanceof WatcherEx) { |
297
|
|
|
$this->watcher->updateForRemoveFilteredPolicy($sec, $ptype, $fieldIndex, ...$fieldValues); |
298
|
|
|
} else { |
299
|
|
|
$this->watcher->update(); |
300
|
|
|
} |
301
|
|
|
} |
302
|
|
|
|
303
|
24 |
|
return true; |
304
|
|
|
} |
305
|
|
|
|
306
|
6 |
|
protected function updateFilteredPoliciesInternal(string $sec, string $ptype, array $newRules, int $fieldIndex, string ...$fieldValues): bool |
|
|
|
|
307
|
|
|
{ |
308
|
6 |
|
$oldRules = []; |
309
|
6 |
|
if ($this->shouldPersist()) { |
310
|
|
|
try { |
311
|
6 |
|
if ($this->adapter instanceof UpdatableAdapter) { |
312
|
6 |
|
$oldRules = $this->adapter->updateFilteredPolicies($sec, $ptype, $newRules, $fieldIndex, ...$fieldValues); |
313
|
|
|
} |
314
|
3 |
|
} catch (NotImplementedException $e) { |
|
|
|
|
315
|
|
|
} |
316
|
|
|
} |
317
|
|
|
|
318
|
6 |
|
$ruleChanged = $this->model->removePolicies($sec, $ptype, $oldRules); |
319
|
6 |
|
$this->model->addPolicies($sec, $ptype, $newRules); |
320
|
|
|
|
321
|
6 |
|
$ruleChanged = $ruleChanged && count($newRules) !== 0; |
322
|
6 |
|
if (!$ruleChanged) { |
323
|
3 |
|
return $ruleChanged; |
324
|
|
|
} |
325
|
|
|
|
326
|
6 |
|
if ($sec == "g") { |
327
|
|
|
// remove the old rules |
328
|
|
|
$this->buildIncrementalRoleLinks(Policy::POLICY_REMOVE, $ptype, $oldRules); |
329
|
|
|
// add the new rules |
330
|
|
|
$this->buildIncrementalRoleLinks(Policy::POLICY_ADD, $ptype, $newRules); |
331
|
|
|
} |
332
|
|
|
|
333
|
6 |
|
if ($this->watcher !== null && $this->autoNotifyWatcher) { |
334
|
|
|
// error intentionally ignored |
335
|
3 |
|
if ($this->watcher instanceof WatcherUpdatable) { |
336
|
3 |
|
$this->watcher->updateForUpdatePolicies($oldRules, $newRules); |
337
|
|
|
} else { |
338
|
3 |
|
$this->watcher->update(); |
339
|
|
|
} |
340
|
3 |
|
return $ruleChanged; |
341
|
|
|
} |
342
|
|
|
|
343
|
3 |
|
return $ruleChanged; |
344
|
|
|
} |
345
|
|
|
|
346
|
|
|
/** |
347
|
|
|
* Undocumented function |
348
|
|
|
* |
349
|
|
|
* @param string $ptype |
|
|
|
|
350
|
|
|
* @return int |
|
|
|
|
351
|
|
|
*/ |
352
|
9 |
|
protected function getDomainIndex(string $ptype): int |
353
|
|
|
{ |
354
|
9 |
|
$p = $this->model['p'][$ptype]; |
355
|
9 |
|
$pattern = sprintf("%s_dom", $ptype); |
356
|
9 |
|
$index = count($p->tokens); |
357
|
|
|
|
358
|
9 |
|
$tempIndex = array_search($pattern, $p->tokens); |
359
|
9 |
|
if ($tempIndex !== false) { |
360
|
9 |
|
$index = intval($tempIndex); |
361
|
|
|
} |
362
|
9 |
|
return $index; |
363
|
|
|
} |
364
|
|
|
} |
365
|
|
|
|