1
|
|
|
<?php |
2
|
|
|
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
4
|
|
|
|
5
|
|
|
namespace Casbin\Model; |
6
|
|
|
|
7
|
|
|
use Casbin\Log\Log; |
8
|
|
|
use Casbin\Rbac\RoleManager; |
9
|
|
|
use Casbin\Util\Util; |
10
|
|
|
|
11
|
|
|
/** |
12
|
|
|
* Trait Policy. |
13
|
|
|
* |
14
|
|
|
* @author [email protected] |
|
|
|
|
15
|
|
|
*/ |
|
|
|
|
16
|
|
|
trait Policy |
17
|
|
|
{ |
18
|
|
|
/** |
19
|
|
|
* initializes the roles in RBAC. |
|
|
|
|
20
|
|
|
* |
21
|
|
|
* @param RoleManager $rm |
|
|
|
|
22
|
|
|
*/ |
|
|
|
|
23
|
162 |
|
public function buildRoleLinks(RoleManager $rm): void |
24
|
|
|
{ |
25
|
162 |
|
if (!isset($this->items['g'])) { |
26
|
81 |
|
return; |
27
|
|
|
} |
28
|
81 |
|
foreach ($this->items['g'] as $ast) { |
29
|
81 |
|
$ast->buildRoleLinks($rm); |
30
|
|
|
} |
31
|
81 |
|
} |
32
|
|
|
|
33
|
|
|
/** |
34
|
|
|
* prints the policy to log. |
|
|
|
|
35
|
|
|
*/ |
|
|
|
|
36
|
162 |
|
public function printPolicy(): void |
37
|
|
|
{ |
38
|
162 |
|
Log::logPrint('Policy:'); |
39
|
162 |
|
foreach (['p', 'g'] as $sec) { |
40
|
162 |
|
if (!isset($this->items[$sec])) { |
41
|
81 |
|
return; |
42
|
|
|
} |
43
|
162 |
|
foreach ($this->items[$sec] as $key => $ast) { |
44
|
162 |
|
Log::logPrint($key, ': ', $ast->value, ': ', $ast->policy); |
45
|
|
|
} |
46
|
|
|
} |
47
|
81 |
|
} |
48
|
|
|
|
49
|
|
|
/** |
50
|
|
|
* clears all current policy. |
|
|
|
|
51
|
|
|
*/ |
|
|
|
|
52
|
165 |
|
public function clearPolicy(): void |
53
|
|
|
{ |
54
|
165 |
|
foreach (['p', 'g'] as $sec) { |
55
|
165 |
|
if (!isset($this->items[$sec])) { |
56
|
81 |
|
return; |
57
|
|
|
} |
58
|
165 |
|
foreach ($this->items[$sec] as $key => $ast) { |
59
|
165 |
|
$this->items[$sec][$key]->policy = []; |
60
|
|
|
} |
61
|
|
|
} |
62
|
84 |
|
} |
63
|
|
|
|
64
|
|
|
/** |
65
|
|
|
* gets all rules in a policy. |
|
|
|
|
66
|
|
|
* |
67
|
|
|
* @param string $sec |
|
|
|
|
68
|
|
|
* @param string $ptype |
|
|
|
|
69
|
|
|
* |
70
|
|
|
* @return array |
71
|
|
|
*/ |
72
|
9 |
|
public function getPolicy(string $sec, string $ptype): array |
73
|
|
|
{ |
74
|
9 |
|
return $this->items[$sec][$ptype]->policy; |
75
|
|
|
} |
76
|
|
|
|
77
|
|
|
/** |
78
|
|
|
* gets rules based on field filters from a policy. |
|
|
|
|
79
|
|
|
* |
80
|
|
|
* @param string $sec |
|
|
|
|
81
|
|
|
* @param string $ptype |
|
|
|
|
82
|
|
|
* @param int $fieldIndex |
|
|
|
|
83
|
|
|
* @param string ...$fieldValues |
|
|
|
|
84
|
|
|
* |
85
|
|
|
* @return array |
86
|
|
|
*/ |
87
|
12 |
|
public function getFilteredPolicy(string $sec, string $ptype, int $fieldIndex, string ...$fieldValues): array |
88
|
|
|
{ |
89
|
12 |
|
$res = []; |
90
|
|
|
|
91
|
12 |
|
foreach ($this->items[$sec][$ptype]->policy as $rule) { |
92
|
12 |
|
$matched = true; |
93
|
12 |
|
foreach ($fieldValues as $i => $fieldValue) { |
94
|
12 |
|
if ('' != $fieldValue && $rule[$fieldIndex + $i] != $fieldValue) { |
95
|
12 |
|
$matched = false; |
96
|
|
|
|
97
|
12 |
|
break; |
98
|
|
|
} |
99
|
|
|
} |
100
|
|
|
|
101
|
12 |
|
if ($matched) { |
102
|
12 |
|
$res[] = $rule; |
103
|
|
|
} |
104
|
|
|
} |
105
|
|
|
|
106
|
12 |
|
return $res; |
107
|
|
|
} |
108
|
|
|
|
109
|
|
|
/** |
110
|
|
|
* determines whether a model has the specified policy rule. |
|
|
|
|
111
|
|
|
* |
112
|
|
|
* @param string $sec |
|
|
|
|
113
|
|
|
* @param string $ptype |
|
|
|
|
114
|
|
|
* @param array $rule |
|
|
|
|
115
|
|
|
* |
116
|
|
|
* @return bool |
117
|
|
|
*/ |
118
|
63 |
|
public function hasPolicy(string $sec, string $ptype, array $rule): bool |
119
|
|
|
{ |
120
|
63 |
|
if (!isset($this->items[$sec][$ptype])) { |
121
|
|
|
return false; |
122
|
|
|
} |
123
|
|
|
|
124
|
63 |
|
return in_array($rule, $this->items[$sec][$ptype]->policy, true); |
125
|
|
|
} |
126
|
|
|
|
127
|
|
|
/** |
128
|
|
|
* adds a policy rule to the model. |
|
|
|
|
129
|
|
|
* |
130
|
|
|
* @param string $sec |
|
|
|
|
131
|
|
|
* @param string $ptype |
|
|
|
|
132
|
|
|
* @param array $rule |
|
|
|
|
133
|
|
|
* |
134
|
|
|
* @return bool |
135
|
|
|
*/ |
136
|
51 |
|
public function addPolicy(string $sec, string $ptype, array $rule): bool |
137
|
|
|
{ |
138
|
51 |
|
if (!$this->hasPolicy($sec, $ptype, $rule)) { |
139
|
51 |
|
$this->items[$sec][$ptype]->policy[] = $rule; |
140
|
|
|
|
141
|
51 |
|
return true; |
142
|
|
|
} |
143
|
|
|
|
144
|
3 |
|
return false; |
145
|
|
|
} |
146
|
|
|
|
147
|
|
|
/** |
148
|
|
|
* removes a policy rule from the model. |
|
|
|
|
149
|
|
|
* |
150
|
|
|
* @param string $sec |
|
|
|
|
151
|
|
|
* @param string $ptype |
|
|
|
|
152
|
|
|
* @param array $rule |
|
|
|
|
153
|
|
|
* |
154
|
|
|
* @return bool |
155
|
|
|
*/ |
156
|
27 |
|
public function removePolicy(string $sec, string $ptype, array $rule): bool |
157
|
|
|
{ |
158
|
27 |
|
if (!isset($this->items[$sec][$ptype])) { |
159
|
|
|
return false; |
160
|
|
|
} |
161
|
|
|
|
162
|
27 |
|
$offset = array_search($rule, $this->items[$sec][$ptype]->policy, true); |
163
|
|
|
|
164
|
27 |
|
if (false === $offset) { |
165
|
6 |
|
return false; |
166
|
|
|
} |
167
|
|
|
|
168
|
27 |
|
array_splice($this->items[$sec][$ptype]->policy, $offset, 1); |
|
|
|
|
169
|
|
|
|
170
|
27 |
|
return true; |
171
|
|
|
} |
172
|
|
|
|
173
|
|
|
/** |
174
|
|
|
* removes policy rules based on field filters from the model. |
|
|
|
|
175
|
|
|
* |
176
|
|
|
* @param string $sec |
|
|
|
|
177
|
|
|
* @param string $ptype |
|
|
|
|
178
|
|
|
* @param int $fieldIndex |
|
|
|
|
179
|
|
|
* @param string ...$fieldValues |
|
|
|
|
180
|
|
|
* |
181
|
|
|
* @return bool |
182
|
|
|
*/ |
183
|
24 |
|
public function removeFilteredPolicy(string $sec, string $ptype, int $fieldIndex, string ...$fieldValues): bool |
184
|
|
|
{ |
185
|
24 |
|
$tmp = []; |
186
|
24 |
|
$res = false; |
187
|
|
|
|
188
|
24 |
|
if (!isset($this->items[$sec][$ptype])) { |
189
|
|
|
return $res; |
190
|
|
|
} |
191
|
|
|
|
192
|
24 |
|
foreach ($this->items[$sec][$ptype]->policy as $rule) { |
193
|
24 |
|
$matched = true; |
194
|
24 |
|
foreach ($fieldValues as $i => $fieldValue) { |
195
|
24 |
|
if ('' != $fieldValue && $rule[$fieldIndex + $i] != $fieldValue) { |
196
|
15 |
|
$matched = false; |
197
|
|
|
|
198
|
21 |
|
break; |
199
|
|
|
} |
200
|
|
|
} |
201
|
|
|
|
202
|
24 |
|
if ($matched) { |
203
|
24 |
|
$res = true; |
204
|
|
|
} else { |
205
|
21 |
|
$tmp[] = $rule; |
206
|
|
|
} |
207
|
|
|
} |
208
|
|
|
|
209
|
24 |
|
$this->items[$sec][$ptype]->policy = $tmp; |
210
|
|
|
|
211
|
24 |
|
return $res; |
212
|
|
|
} |
213
|
|
|
|
214
|
|
|
/** |
215
|
|
|
* gets all values for a field for all rules in a policy, duplicated values are removed. |
|
|
|
|
216
|
|
|
* |
217
|
|
|
* @param string $sec |
|
|
|
|
218
|
|
|
* @param string $ptype |
|
|
|
|
219
|
|
|
* @param int $fieldIndex |
|
|
|
|
220
|
|
|
* |
221
|
|
|
* @return array |
222
|
|
|
*/ |
223
|
9 |
|
public function getValuesForFieldInPolicy(string $sec, string $ptype, int $fieldIndex): array |
224
|
|
|
{ |
225
|
9 |
|
$values = []; |
226
|
|
|
|
227
|
9 |
|
if (!isset($this->items[$sec][$ptype])) { |
228
|
|
|
return $values; |
229
|
|
|
} |
230
|
|
|
|
231
|
9 |
|
foreach ($this->items[$sec][$ptype]->policy as $rule) { |
232
|
9 |
|
$values[] = $rule[$fieldIndex]; |
233
|
|
|
} |
234
|
|
|
|
235
|
9 |
|
Util::arrayRemoveDuplicates($values); |
236
|
|
|
|
237
|
9 |
|
return $values; |
238
|
|
|
} |
239
|
|
|
|
240
|
|
|
/** |
241
|
|
|
* gets all values for a field for all rules in a policy of all ptypes, duplicated values are removed. |
|
|
|
|
242
|
|
|
* |
243
|
|
|
* @param string $sec |
|
|
|
|
244
|
|
|
* @param int $fieldIndex |
|
|
|
|
245
|
|
|
* |
246
|
|
|
* @return array |
247
|
|
|
*/ |
248
|
6 |
|
public function getValuesForFieldInPolicyAllTypes(string $sec, int $fieldIndex): array |
249
|
|
|
{ |
250
|
6 |
|
$values = []; |
251
|
|
|
|
252
|
6 |
|
foreach ($this->items[$sec] as $key => $ptype) { |
253
|
6 |
|
$values = array_merge($values, $this->getValuesForFieldInPolicy($sec, $key, $fieldIndex)); |
254
|
|
|
} |
255
|
|
|
|
256
|
6 |
|
Util::arrayRemoveDuplicates($values); |
257
|
|
|
|
258
|
6 |
|
return $values; |
259
|
|
|
} |
260
|
|
|
} |
261
|
|
|
|