casbin
/
laravel-authz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: casbin:revert-19-pr/adapter
Branches Tags
casbin:master
casbin:develop
casbin:fix/support-laravel9
casbin:revert-19-pr/adapter
casbin:v3.5.0
casbin:v3.4.0
casbin:v3.3.0
casbin:v3.2.0
casbin:v3.1.6
casbin:v3.1.5
casbin:v3.1.4
casbin:v3.1.3
casbin:v3.1.2
casbin:v3.1.1
casbin:v3.1.0
casbin:v3.0.2
casbin:v3.0.1
casbin:v3.0.0
casbin:v2.5.1
casbin:v2.5.0
casbin:v2.4.0
casbin:v2.3.5
casbin:v2.3.4
casbin:v2.3.3
casbin:v2.3.2
casbin:v2.3.1
casbin:v2.3.0
casbin:v2.2.0
casbin:v2.1.0
casbin:v2.0.0
casbin:v1.6.0
casbin:v1.5.0
casbin:v1.4.0
casbin:v1.3.0
casbin:v1.2.0
casbin:v1.1.0
casbin:v1.0.0
casbin:v0.2
casbin:v0.1
...
pull from: casbin:master
Branches Tags
casbin:master
casbin:develop
casbin:fix/support-laravel9
casbin:revert-19-pr/adapter
casbin:v3.5.0
casbin:v3.4.0
casbin:v3.3.0
casbin:v3.2.0
casbin:v3.1.6
casbin:v3.1.5
casbin:v3.1.4
casbin:v3.1.3
casbin:v3.1.2
casbin:v3.1.1
casbin:v3.1.0
casbin:v3.0.2
casbin:v3.0.1
casbin:v3.0.0
casbin:v2.5.1
casbin:v2.5.0
casbin:v2.4.0
casbin:v2.3.5
casbin:v2.3.4
casbin:v2.3.3
casbin:v2.3.2
casbin:v2.3.1
casbin:v2.3.0
casbin:v2.2.0
casbin:v2.1.0
casbin:v2.0.0
casbin:v1.6.0
casbin:v1.5.0
casbin:v1.4.0
casbin:v1.3.0
casbin:v1.2.0
casbin:v1.1.0
casbin:v1.0.0
casbin:v0.2
casbin:v0.1

33 Commits
revert-19- ... master

Author SHA1 Message Date
Dobando a050a9c222
BREAKING CHANGE: upgrade to PHP 8.0 and PHP-Casbin 4.0 (#75) 2024-10-28 23:22:19 +08:00
Dobando 434ee8003f
docs: fix CI badge and update TOC in README.md (#74) 
* feat: Integrate Laravel's built-in authorization Gates

- Integrate Laravel's built-in authorization Gates (#70)
- Added guidance for Gates in README.md

* docs: fix CI badge and update TOC in README.md
 2024-08-08 10:23:35 +08:00
Dobando 11ffe28750
feat: Integrate Laravel's built-in authorization Gates (#73) 
- Integrate Laravel's built-in authorization Gates (#70)
- Added guidance for Gates in README.md
 2024-08-07 23:18:59 +08:00
Dobando 4d49aef1ab
feat: use Laravel's built-in Manager class (#72) 
- Use Laravel's built-in abstract Manager class instead of ModelLoaderFactory (#71)
 2024-07-05 19:16:47 +08:00
Pike 259a389595
feat: loading model from remote url (#69) 
* feat: loading model from remote url

* Apply suggestions from code review

---------

Co-authored-by: Jon <techlee@qq.com>
 2024-06-16 01:18:49 +08:00
Jon 783c4017b0
Merge pull request #68 from Dobmod/master 
feat: add ptype parameter to artisan commands
 2024-05-24 13:39:57 +08:00
Dobando 718f846e77 feat: add ptype parameter to artisan commands and updated unit test 2024-05-24 12:13:57 +08:00
Jon 124ab91abb
Merge pull request #66 from mouyong/patch-1 2024-04-23 12:47:02 +08:00
mouyong ff3153e3f9
fix: typo 2024-04-23 12:21:50 +08:00
Jon 466590c083
Merge pull request #63 from php-casbin/develop 
fix: add laravel 11
 2024-03-24 23:33:09 +08:00
Jon abc63d7c66 fix: add laravel 11 2024-03-24 23:25:51 +08:00
Jon fd164639c3
docs: edit incorrect link. 2023-03-24 00:11:11 +08:00
Jon 4ba72d3b34 fix: Update the node version in github action to lts 2023-02-16 23:24:21 +08:00
Jon a237b71baa fix: Compatible with Laravel 10 2023-02-16 23:15:01 +08:00
Jon 774857a93c
Merge pull request #53 from cidosx/master 
Improve DatabaseAdapter
 2022-11-03 23:16:36 +08:00
Cidos 7e21d0c98b perf: DatabaseAdapter::updatePolicy return early if not exists 2022-11-01 15:11:33 +08:00
Cidos 440bc229f6
perf: using the connection of the current model when open the transaction. 2022-11-01 15:08:44 +08:00
Jon Lee 5de36c571d Merge branch 'master' of github.com:php-casbin/laravel-authz 2022-09-25 18:57:24 +08:00
Jon Lee bf0ea413c7 fix: composer install failed 2022-09-25 18:57:13 +08:00
Jon 0c3119cfab
fix: Add static call annotation (#45) (#51) 
Co-authored-by: topwms <zhangsizhao@126.com>
 2022-09-25 18:31:29 +08:00
Jon 14529baea7
Merge pull request #41 from php-casbin/fix/support-laravel9 
fix: support Laravel9
 2022-02-17 16:28:13 +08:00
Jon Lee 491620bfc6 fix: support laravel9 2022-02-17 16:23:55 +08:00
Jon a25afdb4a6
feat: compatible with lumen (#39) 2022-01-28 12:33:04 +08:00
Jon 4872e8f905
fix: Use loadPolicyArray instead of loadPolicyLine 2022-01-05 23:04:23 +08:00
basakest 0e5b1f2b3d
fix: Variable identifier type error, fix #36 (#37) 
fix: Variable identifier type error, fix #36
 2021-11-20 21:02:42 +08:00
basakest 8c89548b09
refactor: Rewrite updateFilteredPolicies method (#35) 2021-11-14 11:42:19 +08:00
dawn-darkest be98eed115
BREAKING CHANGE: modify column p_type to ptype (#31) 
BREAKING CHANGE: modify column p_type to ptype (#31)

Co-authored-by: liujun <liujun@163.com>
 2021-09-07 18:40:12 +08:00
Jon Lee 1f0702af05 fix: error in updateFilteredPolicies() 2021-09-02 17:36:01 +08:00
basakest 9676f0b918
feat: support updateFilteredPolicies method (#29) 
feat: support updateFilteredPolicies method
 2021-09-02 12:36:43 +08:00
basakest 877f2f27b4
feat: support updatePolicies method, fix #27 (#28) 2021-07-28 18:43:58 +08:00
basakest f81f206dbe
fix: Amend part logic of removePolicies (#24) 2021-07-11 09:05:47 +08:00
Donjan cc73dea28a
perf: Optimize the cache to improve performance 
* Improve performance

* Trigger event

* add DatabaseAdapterForCacheTest.php

Co-authored-by: Donjan <Donjan@cqbaobao.cn>
 2021-05-06 16:17:40 +08:00
Jon Lee 66a857628e
fix: Revert "perf: Improve performance" (#21) 
This reverts commit 3354b558a6.
 2021-04-25 12:18:05 +08:00
30 changed files with 1251 additions and 192 deletions
Show Stats Expand all files Collapse all files

92
.github/workflows/build.yml vendored
View File

@ -27,77 +27,26 @@ jobs:
# laravel: [ ]
# stability: [ prefer-lowest, prefer-stable ]
include:
# Laravel 5.5
- php: 7.1
laravel: 5.5.*
phpunit: ~6.0
- php: 7.2
laravel: 5.5.*
phpunit: ~6.0
- php: 7.3
laravel: 5.5.*
phpunit: ~6.0
# Laravel 5.6
- php: 7.1
laravel: 5.6.*
phpunit: ~7.0
- php: 7.2
laravel: 5.6.*
phpunit: ~7.0
- php: 7.3
laravel: 5.6.*
phpunit: ~7.0
# Laravel 5.7
- php: 7.1
laravel: 5.7.*
phpunit: ~7.5
- php: 7.2
laravel: 5.7.*
phpunit: ~7.5
- php: 7.3
laravel: 5.7.*
phpunit: ~7.5
# Laravel 5.8
- php: 7.1
laravel: 5.8.*
phpunit: ~7.5
- php: 7.2
laravel: 5.8.*
phpunit: ~8.0
- php: 7.3
laravel: 5.8.*
phpunit: ~8.0
# Laravel 6.x
- php: 7.2
laravel: 6.*
phpunit: ~8.0
- php: 7.3
laravel: 6.*
phpunit: ~8.0
# Laravel 7.x
- php: 7.3
laravel: 7.*
phpunit: ~9.0
- php: 7.4
laravel: 7.*
phpunit: ~9.0
# Laravel 8.x
- php: 7.3
laravel: 8.*
phpunit: ~9.0
- php: 7.4
laravel: 8.*
phpunit: ~9.0
- php: 8.0
laravel: 8.*
phpunit: ~9.0
# Laravel 9.x
- php: 8.0
laravel: 9.*
phpunit: ~9.0
# Laravel 10.x
- php: 8.1
laravel: 10.*
phpunit: ~9.0
# Laravel 11.x
- php: 8.2
laravel: 11.*
phpunit: ~10.5
- php: 8.3
laravel: 11.*
phpunit: ~10.5
name: Laravel${{ matrix.laravel }}-PHP${{ matrix.php }}
steps:
@ -122,8 +71,13 @@ jobs:
composer install --prefer-dist --no-progress --no-suggest
- name: Run test suite
if: matrix.laravel != '11.*'
run: ./vendor/bin/phpunit -v
- name: Run test suite laravel 11
if: matrix.laravel == '11.*'
run: ./vendor/bin/phpunit -c phpunit.10.xml
- name: Run Coveralls
env:
COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@ -148,9 +102,9 @@ jobs:
needs: [ test, upload-coverage ]
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
- uses: actions/setup-node@v2
with:
node-version: '12'
node-version: 'lts/*'
- name: Run semantic-release
env:

22
README.md
View File

@ -8,7 +8,7 @@
<p align="center">
<a href="https://github.com/php-casbin/laravel-authz/actions">
<img src="https://github.com/php-casbin/laravel-authz/workflows/build/badge.svg?branch=master" alt="Build Status">
<img src="https://github.com/php-casbin/laravel-authz/actions/workflows/build.yml/badge.svg?branch=master" alt="Build Status">
</a>
<a href="https://coveralls.io/github/php-casbin/laravel-authz">
<img src="https://coveralls.io/repos/github/php-casbin/laravel-authz/badge.svg" alt="Coverage Status">
@ -35,6 +35,7 @@ All you need to learn to use `Casbin` first.
* [Using a middleware](#using-a-middleware)
* [basic Enforcer Middleware](#basic-enforcer-middleware)
* [HTTP Request Middleware ( RESTful is also supported )](#http-request-middleware--restful-is-also-supported-)
* [Using Gates](#using-gates)
* [Multiple enforcers](#multiple-enforcers)
* [Using artisan commands](#using-artisan-commands)
* [Cache](#using-cache)
@ -105,7 +106,7 @@ use Enforcer;
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// adds a role for a user.
Enforcer::addRoleForUser('eve', 'writer');
// adds permissions to a rule
// adds permissions to a role
Enforcer::addPolicy('writer', 'articles','edit');
```
@ -222,7 +223,7 @@ Determines whether a user has a permission.
Enforcer::hasPermissionForUser('eve', 'articles', 'read'); // true or false
```
See [Casbin API](https://casbin.org/docs/en/management-api) for more APIs.
See [Casbin API](https://casbin.org/docs/management-api#reference) for more APIs.
### Using a middleware
@ -277,6 +278,19 @@ Route::group(['middleware' => ['http_request']], function () {
});
```
### Using Gates
You can use Laravel Gates to check if a user has a permission, provided that you have set an existing user instance as the currently authenticated user.
```php
$user->can('articles,read');
// For multiple enforcers
$user->can('articles,read', 'second');
// The methods cant, cannot, canAny, etc. also work
```
If you require custom Laravel Gates, you can disable the automatic registration by setting `enabled_register_at_gates` to `false` in the lauthz file. After that, you can use `Gates::before` or `Gates::after` in your ServiceProvider to register custom Gates. See [Gates](https://laravel.com/docs/11.x/authorization#gates) for more details.
### Multiple enforcers
If you need multiple permission controls in your project, you can configure multiple enforcers.
@ -335,6 +349,8 @@ Adds a role for a user:
```bash
php artisan role:assign eve writer
# Specify the ptype of the role assignment by using the --ptype option.
php artisan role:assign eve writer --ptype=g2
```
### Using cache

20
composer.json
View File

@ -20,16 +20,17 @@
],
"license": "Apache-2.0",
"require": {
"php": ">=7.1.0",
"laravel/framework": "~5.5|~6.0|~7.0|~8.0",
"casbin/casbin": "~3.1",
"casbin/psr3-bridge": "^1.1"
"php": ">=8.0",
"illuminate/support": "~8.0|~9.0|~10.0|~11.0",
"illuminate/database": "~8.0|~9.0|~10.0|~11.0",
"illuminate/console": "~8.0|~9.0|~10.0|~11.0",
"casbin/casbin": "~4.0"
},
"require-dev": {
"phpunit/phpunit": "~7.0|~8.0|~9.0",
"php-coveralls/php-coveralls": "^2.4",
"phpunit/phpunit": "~9.0|~10.5",
"php-coveralls/php-coveralls": "^2.7",
"mockery/mockery": "^1.0",
"laravel/laravel": "~5.5|~6.0|~7.0|~8.0"
"laravel/laravel": "~9.0|~10.0|~11.0"
},
"autoload": {
"psr-4": {
@ -50,5 +51,10 @@
"Enforcer": "Lauthz\\Facades\\Enforcer"
}
}
},
"config": {
"allow-plugins": {
"kylekatarnls/update-helper": true
}
}
}

14
config/lauthz.php
View File

@ -6,17 +6,27 @@ return [
*/
'default' => 'basic',
/*
* Lauthz Localizer
*/
'localizer' => [
// changes whether enforcer will register at gates.
'enabled_register_at_gates' => true
],
'basic' => [
/*
* Casbin model setting.
*/
'model' => [
// Available Settings: "file", "text"
// Available Settings: "file", "text", "url"
'config_type' => 'file',
'config_file_path' => config_path('lauthz-rbac-model.conf'),
'config_file_path' => __DIR__ . DIRECTORY_SEPARATOR . 'lauthz-rbac-model.conf',
'config_text' => '',
'config_url' => ''
],
/*

2
database/migrations/2019_03_01_000000_create_rules_table.php
View File

@ -13,7 +13,7 @@ class CreateRulesTable extends Migration
$connection = config('lauthz.basic.database.connection') ?: config('database.default');
Schema::connection($connection)->create(config('lauthz.basic.database.rules_table'), function (Blueprint $table) {
$table->increments('id');
$table->string('p_type')->nullable();
$table->string('ptype')->nullable();
$table->string('v0')->nullable();
$table->string('v1')->nullable();
$table->string('v2')->nullable();

42
phpunit.10.xml Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
backupGlobals="false"
bootstrap="vendor/autoload.php"
colors="true"
processIsolation="false"
stopOnFailure="false"
xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.0/phpunit.xsd">
<testsuites>
<testsuite name="Application Test Suite">
<directory>./tests/</directory>
</testsuite>
</testsuites>
<coverage includeUncoveredFiles="true"
pathCoverage="false"
ignoreDeprecatedCodeUnits="true"
disableCodeCoverageIgnore="true">
<report>
<clover outputFile="build/logs/clover.xml"/>
<html outputDirectory="build/html" lowUpperBound="50" highLowerBound="90"/>
</report>
</coverage>
<source>
<include>
<directory>./src</directory>
</include>
</source>
<php>
<env name="APP_ENV" value="testing"/>
<env name="BCRYPT_ROUNDS" value="4"/>
<env name="CACHE_DRIVER" value="array"/>
<env name="MAIL_DRIVER" value="array"/>
<env name="QUEUE_CONNECTION" value="sync"/>
<env name="SESSION_DRIVER" value="array"/>
<env name="DB_DATABASE" value="lauthz"/>
<env name="DB_USERNAME" value="root"/>
</php>
</phpunit>

72
phpunit.xml
View File

@ -1,36 +1,36 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit backupGlobals="false"
backupStaticAttributes="false"
bootstrap="vendor/autoload.php"
colors="true"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
processIsolation="false"
stopOnFailure="false">
<testsuites>
<testsuite name="Application Test Suite">
<directory>./tests/</directory>
</testsuite>
</testsuites>
<filter>
<whitelist processUncoveredFilesFromWhitelist="true">
<directory suffix=".php">./src</directory>
</whitelist>
</filter>
<logging>
<log type="coverage-clover" target="build/logs/clover.xml"/>
<log type="coverage-html" target="build/html"/>
</logging>
<php>
<env name="APP_ENV" value="testing"/>
<env name="BCRYPT_ROUNDS" value="4"/>
<env name="CACHE_DRIVER" value="array"/>
<env name="MAIL_DRIVER" value="array"/>
<env name="QUEUE_CONNECTION" value="sync"/>
<env name="SESSION_DRIVER" value="array"/>
<env name="DB_DATABASE" value="lauthz"/>
<env name="DB_USERNAME" value="root"/>
</php>
</phpunit>
<?xml version="1.0" encoding="UTF-8"?>
<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
backupGlobals="false"
bootstrap="vendor/autoload.php"
colors="true"
processIsolation="false"
stopOnFailure="false"
xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.0/phpunit.xsd">
<testsuites>
<testsuite name="Application Test Suite">
<directory>./tests/</directory>
</testsuite>
</testsuites>
<filter>
<whitelist processUncoveredFilesFromWhitelist="true">
<directory suffix=".php">./src</directory>
</whitelist>
</filter>
<logging>
<log type="coverage-clover" target="build/logs/clover.xml"/>
<log type="coverage-html" target="build/html"/>
</logging>
<php>
<env name="APP_ENV" value="testing"/>
<env name="BCRYPT_ROUNDS" value="4"/>
<env name="CACHE_DRIVER" value="array"/>
<env name="MAIL_DRIVER" value="array"/>
<env name="QUEUE_CONNECTION" value="sync"/>
<env name="SESSION_DRIVER" value="array"/>
<env name="DB_DATABASE" value="lauthz"/>
<env name="DB_USERNAME" value="root"/>
</php>
</phpunit>

155
src/Adapters/DatabaseAdapter.php
View File

@ -14,6 +14,8 @@ use Casbin\Model\Model;
use Casbin\Persist\AdapterHelper;
use DateTime;
use Casbin\Exceptions\InvalidFilterTypeException;
use Illuminate\Support\Facades\DB;
/**
* DatabaseAdapter.
*
@ -45,6 +47,26 @@ class DatabaseAdapter implements DatabaseAdapterContract, BatchDatabaseAdapterCo
$this->eloquent = $eloquent;
}
/**
* Filter the rule.
*
* @param array $rule
* @return array
*/
public function filterRule(array $rule): array
{
$rule = array_values($rule);
$i = count($rule) - 1;
for (; $i >= 0; $i--) {
if ($rule[$i] != '' && !is_null($rule[$i])) {
break;
}
}
return array_slice($rule, 0, $i + 1);
}
/**
* savePolicyLine function.
*
@ -53,7 +75,7 @@ class DatabaseAdapter implements DatabaseAdapterContract, BatchDatabaseAdapterCo
*/
public function savePolicyLine(string $ptype, array $rule): void
{
$col['p_type'] = $ptype;
$col['ptype'] = $ptype;
foreach ($rule as $key => $value) {
$col['v'.strval($key)] = $value;
}
@ -71,10 +93,7 @@ class DatabaseAdapter implements DatabaseAdapterContract, BatchDatabaseAdapterCo
$rows = $this->eloquent->getAllFromCache();
foreach ($rows as $row) {
$line = implode(', ', array_filter($row, function ($val) {
return '' != $val && !is_null($val);
}));
$this->loadPolicyLine(trim($line), $model);
$this->loadPolicyArray($this->filterRule($row), $model);
}
}
@ -125,7 +144,7 @@ class DatabaseAdapter implements DatabaseAdapterContract, BatchDatabaseAdapterCo
$i = 0;
foreach($rules as $rule) {
$temp['p_type'] = $ptype;
$temp['ptype'] = $ptype;
$temp['created_at'] = new DateTime();
$temp['updated_at'] = $temp['created_at'];
foreach ($rule as $key => $value) {
@ -135,6 +154,7 @@ class DatabaseAdapter implements DatabaseAdapterContract, BatchDatabaseAdapterCo
$temp = [];
}
$this->eloquent->insert($cols);
Rule::fireModelEvent('saved');
}
/**
@ -146,15 +166,14 @@ class DatabaseAdapter implements DatabaseAdapterContract, BatchDatabaseAdapterCo
*/
public function removePolicy(string $sec, string $ptype, array $rule): void
{
$count = 0;
$instance = $this->eloquent->where('p_type', $ptype);
$instance = $this->eloquent->where('ptype', $ptype);
foreach ($rule as $key => $value) {
$instance->where('v'.strval($key), $value);
}
$instance->delete();
Rule::fireModelEvent('deleted');
}
/**
@ -167,46 +186,59 @@ class DatabaseAdapter implements DatabaseAdapterContract, BatchDatabaseAdapterCo
*/
public function removePolicies(string $sec, string $ptype, array $rules): void
{
$count = 0;
$instance = $this->eloquent->where('p_type', $ptype);
foreach($rules as $rule)
{
foreach ($rule as $key => $value) {
$keys[] = 'v'.strval($key);
$con['v'.strval($key)][] = $value;
$this->eloquent->getConnection()->transaction(function () use ($sec, $rules, $ptype) {
foreach ($rules as $rule) {
$this->removePolicy($sec, $ptype, $rule);
}
});
}
/**
* @param string $sec
* @param string $ptype
* @param int $fieldIndex
* @param string|null ...$fieldValues
* @return array
* @throws Throwable
*/
public function _removeFilteredPolicy(string $sec, string $ptype, int $fieldIndex, ?string ...$fieldValues): array
{
$removedRules = [];
$instance = $this->eloquent->where('ptype', $ptype);
foreach (range(0, 5) as $value) {
if ($fieldIndex <= $value && $value < $fieldIndex + count($fieldValues)) {
if ('' != $fieldValues[$value - $fieldIndex]) {
$instance->where('v' . strval($value), $fieldValues[$value - $fieldIndex]);
}
}
}
$keys = array_unique($keys);
foreach($keys as $key){
$instance->whereIn($key, $con[$key]);
$oldP = $instance->get()->makeHidden(['created_at','updated_at', 'id', 'ptype'])->toArray();
foreach ($oldP as &$item) {
$item = $this->filterRule($item);
$removedRules[] = $item;
}
$num = $instance->delete();
$count += $num;
$instance->delete();
Rule::fireModelEvent('deleted');
return $removedRules;
}
/**
* RemoveFilteredPolicy removes policy rules that match the filter from the storage.
* This is part of the Auto-Save feature.
*
* @param string $sec
* @param string $ptype
* @param int $fieldIndex
* @param string ...$fieldValues
* @param string $sec
* @param string $ptype
* @param int $fieldIndex
* @param string|null ...$fieldValues
* @return void
*/
public function removeFilteredPolicy(string $sec, string $ptype, int $fieldIndex, string ...$fieldValues): void
public function removeFilteredPolicy(string $sec, string $ptype, int $fieldIndex, ?string ...$fieldValues): void
{
$count = 0;
$instance = $this->eloquent->where('p_type', $ptype);
foreach (range(0, 5) as $value) {
if ($fieldIndex <= $value && $value < $fieldIndex + count($fieldValues)) {
if ('' != $fieldValues[$value - $fieldIndex]) {
$instance->where('v'.strval($value), $fieldValues[$value - $fieldIndex]);
}
}
}
$instance->delete();
$this->_removeFilteredPolicy($sec, $ptype, $fieldIndex, ...$fieldValues);
}
/**
@ -220,16 +252,59 @@ class DatabaseAdapter implements DatabaseAdapterContract, BatchDatabaseAdapterCo
*/
public function updatePolicy(string $sec, string $ptype, array $oldRule, array $newPolicy): void
{
$instance = $this->eloquent->where('p_type', $ptype);
$instance = $this->eloquent->where('ptype', $ptype);
foreach($oldRule as $k => $v) {
$instance->where('v' . $k, $v);
}
$instance->first();
$instance = $instance->first();
if (!$instance) {
return;
}
$update = [];
foreach($newPolicy as $k => $v) {
$update['v' . $k] = $v;
}
$instance->update($update);
Rule::fireModelEvent('saved');
}
/**
* UpdatePolicies updates some policy rules to storage, like db, redis.
*
* @param string $sec
* @param string $ptype
* @param string[][] $oldRules
* @param string[][] $newRules
* @return void
*/
public function updatePolicies(string $sec, string $ptype, array $oldRules, array $newRules): void
{
$this->eloquent->getConnection()->transaction(function () use ($sec, $ptype, $oldRules, $newRules) {
foreach ($oldRules as $i => $oldRule) {
$this->updatePolicy($sec, $ptype, $oldRule, $newRules[$i]);
}
});
}
/**
* UpdateFilteredPolicies deletes old rules and adds new rules.
*
* @param string $sec
* @param string $ptype
* @param array $newPolicies
* @param integer $fieldIndex
* @param string ...$fieldValues
* @return array
*/
public function updateFilteredPolicies(string $sec, string $ptype, array $newPolicies, int $fieldIndex, string ...$fieldValues): array
{
$oldRules = [];
$this->eloquent->getConnection()->transaction(function () use ($sec, $ptype, $fieldIndex, $fieldValues, $newPolicies, &$oldRules) {
$oldRules = $this->_removeFilteredPolicy($sec, $ptype, $fieldIndex, ...$fieldValues);
$this->addPolicies($sec, $ptype, $newPolicies);
});
return $oldRules;
}
/**

6
src/Commands/RoleAssign.php
View File

@ -17,7 +17,8 @@ class RoleAssign extends Command
*/
protected $signature = 'role:assign
{user : the identifier of user}
{role : the name of role}';
{role : the name of role}
{--ptype= : the ptype of role}';
/**
* The console command description.
@ -35,8 +36,9 @@ class RoleAssign extends Command
{
$user = $this->argument('user');
$role = $this->argument('role');
$ptype = $this->option('ptype') ?: 'g';
$ret = Enforcer::addRoleForUser($user, $role);
$ret = Enforcer::addNamedGroupingPolicy($ptype, $user, $role);
if ($ret) {
$this->info('Added `'.$role.'` role to `'.$user.'` successfully');
} else {

17
src/Contracts/ModelLoader.php Normal file
View File

@ -0,0 +1,17 @@
<?php
namespace Lauthz\Contracts;
use Casbin\Model\Model;
interface ModelLoader
{
/**
* Loads model definitions into the provided model object.
*
* @param Model $model
* @return void
*/
function loadModel(Model $model): void;
}

61
src/EnforcerLocalizer.php Normal file
View File

@ -0,0 +1,61 @@
<?php
namespace Lauthz;
use Illuminate\Contracts\Auth\Access\Authorizable;
use Illuminate\Contracts\Auth\Access\Gate;
use Lauthz\Facades\Enforcer;
class EnforcerLocalizer
{
/**
* The application instance.
*
* @var \Illuminate\Foundation\Application
*/
protected $app;
/**
* Create a new localizer instance.
*
* @param \Illuminate\Foundation\Application $app
*/
public function __construct($app)
{
$this->app = $app;
}
/**
* Register the localizer based on the configuration.
*/
public function register()
{
if ($this->app->config->get('lauthz.localizer.enabled_register_at_gates')) {
$this->registerAtGate();
}
}
/**
* Register the localizer at the gate.
*/
protected function registerAtGate()
{
$this->app->make(Gate::class)->before(function (Authorizable $user, string $ability, array $guards) {
/** @var \Illuminate\Contracts\Auth\Authenticatable $user */
$identifier = $user->getAuthIdentifier();
if (method_exists($user, 'getAuthzIdentifier')) {
/** @var \Lauthz\Tests\Models\User $user */
$identifier = $user->getAuthzIdentifier();
}
$identifier = strval($identifier);
$ability = explode(',', $ability);
if (empty($guards)) {
return Enforcer::enforce($identifier, ...$ability);
}
foreach ($guards as $guard) {
return Enforcer::guard($guard)->enforce($identifier, ...$ability);
}
});
}
}

19
src/EnforcerManager.php
View File

@ -2,14 +2,15 @@
namespace Lauthz;
use Casbin\Bridge\Logger\LoggerBridge;
use Casbin\Enforcer;
use Casbin\Model\Model;
use Casbin\Log\Log;
use Casbin\Log\Logger\DefaultLogger;
use Lauthz\Contracts\Factory;
use Lauthz\Models\Rule;
use Illuminate\Support\Arr;
use InvalidArgumentException;
use Lauthz\Loaders\ModelLoaderManager;
/**
* @mixin \Casbin\Enforcer
@ -79,19 +80,17 @@ class EnforcerManager implements Factory
if ($logger = Arr::get($config, 'log.logger')) {
if (is_string($logger)) {
$logger = $this->app->make($logger);
$logger = new DefaultLogger($this->app->make($logger));
}
Log::setLogger(new LoggerBridge($logger));
Log::setLogger($logger);
}
$model = new Model();
$configType = Arr::get($config, 'model.config_type');
if ('file' == $configType) {
$model->loadModel(Arr::get($config, 'model.config_file_path', ''));
} elseif ('text' == $configType) {
$model->loadModelFromText(Arr::get($config, 'model.config_text', ''));
}
$loader = $this->app->make(ModelLoaderManager::class);
$loader->initFromConfig($config);
$loader->loadModel($model);
$adapter = Arr::get($config, 'adapter');
if (!is_null($adapter)) {
$adapter = $this->app->make($adapter, [
@ -99,7 +98,7 @@ class EnforcerManager implements Factory
]);
}
return new Enforcer($model, $adapter, Arr::get($config, 'log.enabled', false));
return new Enforcer($model, $adapter, $logger, Arr::get($config, 'log.enabled', false));
}
/**

30
src/Facades/Enforcer.php
View File

@ -6,6 +6,36 @@ use Illuminate\Support\Facades\Facade;
/**
* @see \Casbin\Enforcer
* @method static string[] getRolesForUser(string $name, string ...$domain)
* @method static string[] getUsersForRole(string $name, string ...$domain)
* @method static bool hasRoleForUser(string $name, string $role, string ...$domain)
* @method static bool addRoleForUser(string $user, string $role, string ...$domain)
* @method static bool addRolesForUser(string $user, array $roles, string ...$domain)
* @method static bool deleteRoleForUser(string $user, string $role, string ...$domain)
* @method static bool deleteRolesForUser(string $user, string ...$domain)
* @method static bool deleteUser(string $user)
* @method static bool deleteRole(string $role)
* @method static bool deletePermission(string ...$permission)
* @method static bool addPermissionForUser(string $user, string ...$permission)
* @method static bool addPermissionsForUser(string $user, array ...$permissions)
* @method static bool deletePermissionForUser(string $user, string ...$permission)
* @method static bool deletePermissionsForUser(string $user)
* @method static array getPermissionsForUser(string $user, string ...$domain)
* @method static bool hasPermissionForUser(string $user, string ...$permission)
* @method static array getImplicitRolesForUser(string $name, string ...$domain)
* @method static array getImplicitUsersForRole(string $name, string ...$domain)
* @method static array getImplicitResourcesForUser(string $user, string ...$domain)
* @method static array getImplicitPermissionsForUser(string $user, string ...$domain)
* @method static array getImplicitUsersForPermission(string ...$permission)
* @method static string[] getAllUsersByDomain(string $domain)
* @method static array getUsersForRoleInDomain(string $name, string $domain)
* @method static array getRolesForUserInDomain(string $name, string $domain)
* @method static array getPermissionsForUserInDomain(string $name, string $domain)
* @method static bool addRoleForUserInDomain(string $user, string $role, string $domain)
* @method static bool deleteRoleForUserInDomain(string $user, string $role, string $domain)
* @method static bool deleteRolesForUserInDomain(string $user, string $domain)
* @method static bool deleteAllUsersByDomain(string $domain)
* @method static bool deleteDomains(string ...$domains)
*/
class Enforcer extends Facade
{

28
src/LauthzServiceProvider.php
View File

@ -3,6 +3,8 @@
namespace Lauthz;
use Illuminate\Support\ServiceProvider;
use Lauthz\EnforcerLocalizer;
use Lauthz\Loaders\ModelLoaderManager;
use Lauthz\Models\Rule;
use Lauthz\Observers\RuleObserver;
@ -15,8 +17,10 @@ class LauthzServiceProvider extends ServiceProvider
{
if ($this->app->runningInConsole()) {
$this->publishes([__DIR__ . '/../database/migrations' => database_path('migrations')], 'laravel-lauthz-migrations');
$this->publishes([__DIR__ . '/../config/lauthz-rbac-model.conf' => config_path('lauthz-rbac-model.conf')], 'laravel-lauthz-config');
$this->publishes([__DIR__ . '/../config/lauthz.php' => config_path('lauthz.php')], 'laravel-lauthz-config');
$this->publishes([
__DIR__ . '/../config/lauthz-rbac-model.conf' => $this->app->basePath() . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . ('lauthz-rbac-model.conf'),
__DIR__ . '/../config/lauthz.php' => $this->app->basePath() . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . ('lauthz.php'),
], 'laravel-lauthz-config');
$this->commands([
Commands\GroupAdd::class,
@ -28,6 +32,8 @@ class LauthzServiceProvider extends ServiceProvider
$this->mergeConfigFrom(__DIR__ . '/../config/lauthz.php', 'lauthz');
$this->bootObserver();
$this->registerLocalizer();
}
/**
@ -48,5 +54,23 @@ class LauthzServiceProvider extends ServiceProvider
$this->app->singleton('enforcer', function ($app) {
return new EnforcerManager($app);
});
$this->app->singleton(ModelLoaderManager::class, function ($app) {
return new ModelLoaderManager($app);
});
$this->app->singleton(EnforcerLocalizer::class, function ($app) {
return new EnforcerLocalizer($app);
});
}
/**
* Register a gate that allows users to use Laravel's built-in Gate to call Enforcer.
*
* @return void
*/
protected function registerLocalizer()
{
$this->app->make(EnforcerLocalizer::class)->register();
}
}

39
src/Loaders/FileLoader.php Normal file
View File

@ -0,0 +1,39 @@
<?php
namespace Lauthz\Loaders;
use Casbin\Model\Model;
use Illuminate\Support\Arr;
use Lauthz\Contracts\ModelLoader;
class FileLoader implements ModelLoader
{
/**
* The path to the model file.
*
* @var string
*/
private $filePath;
/**
* Constructor to initialize the file path.
*
* @param array $config
*/
public function __construct(array $config)
{
$this->filePath = Arr::get($config, 'model.config_file_path', '');
}
/**
* Loads model from file.
*
* @param Model $model
* @return void
* @throws \Casbin\Exceptions\CasbinException
*/
public function loadModel(Model $model): void
{
$model->loadModel($this->filePath);
}
}

108
src/Loaders/ModelLoaderManager.php Normal file
View File

@ -0,0 +1,108 @@
<?php
namespace Lauthz\Loaders;
use Illuminate\Support\Arr;
use Illuminate\Support\Str;
use Illuminate\Support\Manager;
use InvalidArgumentException;
/**
* The model loader manager.
*
* A model loader is responsible for a loading model from an arbitrary source.
* Developers can customize loading behavior by implementing
* and register the custom loader in AppServiceProvider through `app(LoaderManager::class)->extend()`.
*
* Built-in loader implementations include:
* - FileLoader: For loading model from file.
* - TextLoader: Suitable for model defined as a multi-line string.
* - UrlLoader: Handles model loading from URL.
*
* To utilize a built-in or custom loader, set 'model.config_type' in the configuration to match one of the above types.
*/
class ModelLoaderManager extends Manager
{
/**
* The array of the lauthz driver configuration.
*
* @var array
*/
protected $config;
/**
* Initialize configuration for the loader manager instance.
*
* @param array $config the lauthz driver configuration.
*/
public function initFromConfig(array $config)
{
$this->config = $config;
}
/**
* Get the default driver from the configuration.
*
* @return string The default driver name.
*/
public function getDefaultDriver()
{
return Arr::get($this->config, 'model.config_type', '');
}
/**
* Create a new TextLoader instance.
*
* @return TextLoader
*/
public function createTextDriver()
{
return new TextLoader($this->config);
}
/**
* Create a new UrlLoader instance.
*
* @return UrlLoader
*/
public function createUrlDriver()
{
return new UrlLoader($this->config);
}
/**
* Create a new FileLoader instance.
*
* @return FileLoader
*/
public function createFileDriver()
{
return new FileLoader($this->config);
}
/**
* Create a new driver instance.
*
* @param string $driver
* @return mixed
*
* @throws \InvalidArgumentException
*/
protected function createDriver($driver)
{
if(empty($driver)) {
throw new InvalidArgumentException('Unsupported empty model loader type.');
}
if (isset($this->customCreators[$driver])) {
return $this->callCustomCreator($driver);
}
$method = 'create' . Str::studly($driver) . 'Driver';
if (method_exists($this, $method)) {
return $this->$method();
}
throw new InvalidArgumentException("Unsupported model loader type: {$driver}.");
}
}

39
src/Loaders/TextLoader.php Normal file
View File

@ -0,0 +1,39 @@
<?php
namespace Lauthz\Loaders;
use Casbin\Model\Model;
use Illuminate\Support\Arr;
use Lauthz\Contracts\ModelLoader;
class TextLoader implements ModelLoader
{
/**
* Model text.
*
* @var string
*/
private $text;
/**
* Constructor to initialize the model text.
*
* @param array $config
*/
public function __construct(array $config)
{
$this->text = Arr::get($config, 'model.config_text', '');
}
/**
* Loads model from text.
*
* @param Model $model
* @return void
* @throws \Casbin\Exceptions\CasbinException
*/
public function loadModel(Model $model): void
{
$model->loadModelFromText($this->text);
}
}

58
src/Loaders/UrlLoader.php Normal file
View File

@ -0,0 +1,58 @@
<?php
namespace Lauthz\Loaders;
use Casbin\Model\Model;
use Illuminate\Support\Arr;
use Lauthz\Contracts\ModelLoader;
use RuntimeException;
class UrlLoader implements ModelLoader
{
/**
* The url to fetch the remote model string.
*
* @var string
*/
private $url;
/**
* Constructor to initialize the url path.
*
* @param array $config
*/
public function __construct(array $config)
{
$this->url = Arr::get($config, 'model.config_url', '');
}
/**
* Loads model from remote url.
*
* @param Model $model
* @return void
* @throws \Casbin\Exceptions\CasbinException
* @throws RuntimeException
*/
public function loadModel(Model $model): void
{
$contextOptions = [
'http' => [
'method' => 'GET',
'header' => "Accept: text/plain\r\n",
'timeout' => 3
]
];
$context = stream_context_create($contextOptions);
$response = @file_get_contents($this->url, false, $context);
if ($response === false) {
$error = error_get_last();
throw new RuntimeException(
"Failed to fetch remote model " . $this->url . ": " . $error['message']
);
}
$model->loadModelFromText($response);
}
}

2
src/Middlewares/EnforcerMiddleware.php
View File

@ -31,8 +31,10 @@ class EnforcerMiddleware
$user = Auth::user();
$identifier = $user->getAuthIdentifier();
if (method_exists($user, 'getAuthzIdentifier')) {
/** @var \Lauthz\Tests\Models\User $user */
$identifier = $user->getAuthzIdentifier();
}
$identifier = strval($identifier);
if (!Enforcer::enforce($identifier, ...$args)) {
throw new UnauthorizedException();

1
src/Middlewares/RequestMiddleware.php
View File

@ -48,6 +48,7 @@ class RequestMiddleware
if (method_exists($user, 'getAuthzIdentifier')) {
$identifier = $user->getAuthzIdentifier();
}
$identifier = strval($identifier);
if (empty($guards)) {
if (Enforcer::enforce($identifier, $request->getPathInfo(), $request->method())) {

4
src/Models/Rule.php
View File

@ -29,7 +29,7 @@ class Rule extends Model
*
* @var array
*/
protected $fillable = ['p_type', 'v0', 'v1', 'v2', 'v3', 'v4', 'v5'];
protected $fillable = ['ptype', 'v0', 'v1', 'v2', 'v3', 'v4', 'v5'];
/**
* Create a new Eloquent model instance.
@ -62,7 +62,7 @@ class Rule extends Model
public function getAllFromCache()
{
$get = function () {
return $this->select('p_type', 'v0', 'v1', 'v2', 'v3', 'v4', 'v5')->get()->toArray();
return $this->select('ptype', 'v0', 'v1', 'v2', 'v3', 'v4', 'v5')->get()->toArray();
};
if (!$this->config('cache.enabled', false)) {
return $get();

17
tests/Commands/RoleAssignTest.php
View File

@ -2,6 +2,7 @@
namespace Lauthz\Tests\Commands;
use Casbin\Model\Model;
use Lauthz\Facades\Enforcer;
use Lauthz\Tests\TestCase;
use Illuminate\Foundation\Testing\DatabaseMigrations;
@ -19,5 +20,21 @@ class RoleAssignTest extends TestCase
$exitCode = Artisan::call('role:assign', ['user' => 'eve', 'role' => 'writer']);
$this->assertFalse(0 === $exitCode);
$this->assertTrue(Enforcer::hasRoleForUser('eve', 'writer'));
$model = Model::newModel();
$model->addDef('r', 'r', 'sub, obj, act');
$model->addDef('p', 'p', 'sub, obj, act');
$model->addDef('g', 'g', '_, _');
$model->addDef('g', 'g2', '_, _');
$model->addDef('e', 'e', 'some(where (p.eft == allow))');
$model->addDef('m', 'm', 'g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act');
Enforcer::setModel($model);
Enforcer::loadPolicy();
$this->assertFalse(Enforcer::hasNamedGroupingPolicy('g2', 'eve', 'writer'));
$exitCode = Artisan::call('role:assign', ['user' => 'eve', 'role' => 'writer', '--ptype' => 'g2']);
$this->assertTrue(0 === $exitCode);
$exitCode = Artisan::call('role:assign', ['user' => 'eve', 'role' => 'writer', '--ptype' => 'g2']);
$this->assertFalse(0 === $exitCode);
$this->assertTrue(Enforcer::hasNamedGroupingPolicy('g2', 'eve', 'writer'));
}
}

147
tests/DatabaseAdapterForCacheTest.php Normal file
View File

@ -0,0 +1,147 @@
<?php
namespace Lauthz\Tests;
use Lauthz\Models\Rule;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use Lauthz\Facades\Enforcer;
class DatabaseAdapterForCacheTest extends TestCase
{
use DatabaseMigrations;
public function testAddPolicy()
{
$this->enableCache();
$this->assertFalse(Enforcer::enforce('eve', 'data3', 'read'));
Enforcer::addPermissionForUser('eve', 'data3', 'read');
$this->refreshPolicies();
$this->assertTrue(Enforcer::enforce('eve', 'data3', 'read'));
}
public function testAddPolicies()
{
$this->enableCache();
$policies = [
['u1', 'd1', 'read'],
['u2', 'd2', 'read'],
['u3', 'd3', 'read'],
];
$this->refreshPolicies();
Rule::truncate();
Enforcer::addPolicies($policies);
$this->refreshPolicies();
$this->assertEquals($policies, Enforcer::getPolicy());
}
public function testSavePolicy()
{
$this->enableCache();
$this->assertFalse(Enforcer::enforce('alice', 'data4', 'read'));
$model = Enforcer::getModel();
$model->clearPolicy();
$model->addPolicy('p', 'p', ['alice', 'data4', 'read']);
$adapter = Enforcer::getAdapter();
$adapter->savePolicy($model);
$this->refreshPolicies();
$this->assertTrue(Enforcer::enforce('alice', 'data4', 'read'));
}
public function testRemovePolicy()
{
$this->enableCache();
$this->assertFalse(Enforcer::enforce('alice', 'data5', 'read'));
Enforcer::addPermissionForUser('alice', 'data5', 'read');
$this->refreshPolicies();
$this->assertTrue(Enforcer::enforce('alice', 'data5', 'read'));
Enforcer::deletePermissionForUser('alice', 'data5', 'read');
$this->refreshPolicies();
$this->assertFalse(Enforcer::enforce('alice', 'data5', 'read'));
}
public function testRemovePolicies()
{
$this->enableCache();
$this->assertEquals([
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
], Enforcer::getPolicy());
Enforcer::removePolicies([
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
]);
$this->refreshPolicies();
$this->assertEquals([
['alice', 'data1', 'read'],
['bob', 'data2', 'write']
], Enforcer::getPolicy());
}
public function testRemoveFilteredPolicy()
{
$this->enableCache();
$this->assertTrue(Enforcer::enforce('alice', 'data1', 'read'));
Enforcer::removeFilteredPolicy(1, 'data1');
$this->refreshPolicies();
$this->assertFalse(Enforcer::enforce('alice', 'data1', 'read'));
$this->assertTrue(Enforcer::enforce('bob', 'data2', 'write'));
$this->assertTrue(Enforcer::enforce('alice', 'data2', 'read'));
$this->assertTrue(Enforcer::enforce('alice', 'data2', 'write'));
Enforcer::removeFilteredPolicy(1, 'data2', 'read');
$this->refreshPolicies();
$this->assertTrue(Enforcer::enforce('bob', 'data2', 'write'));
$this->assertFalse(Enforcer::enforce('alice', 'data2', 'read'));
$this->assertTrue(Enforcer::enforce('alice', 'data2', 'write'));
Enforcer::removeFilteredPolicy(2, 'write');
$this->refreshPolicies();
$this->assertFalse(Enforcer::enforce('bob', 'data2', 'write'));
$this->assertFalse(Enforcer::enforce('alice', 'data2', 'write'));
}
public function testUpdatePolicy()
{
$this->enableCache();
$this->assertEquals([
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
], Enforcer::getPolicy());
Enforcer::updatePolicy(
['alice', 'data1', 'read'],
['alice', 'data1', 'write']
);
Enforcer::updatePolicy(
['bob', 'data2', 'write'],
['bob', 'data2', 'read']
);
$this->refreshPolicies();
$this->assertEquals([
['alice', 'data1', 'write'],
['bob', 'data2', 'read'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
], Enforcer::getPolicy());
}
protected function refreshPolicies()
{
Enforcer::loadPolicy();
}
protected function enableCache()
{
$this->app['config']->set('lauthz.basic.cache.enabled', true);
}
}

157
tests/DatabaseAdapterTest.php
View File

@ -2,10 +2,10 @@
namespace Lauthz\Tests;
use Enforcer;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use Casbin\Persist\Adapters\Filter;
use Casbin\Exceptions\InvalidFilterTypeException;
use Lauthz\Facades\Enforcer;
class DatabaseAdapterTest extends TestCase
{
@ -131,6 +131,159 @@ class DatabaseAdapterTest extends TestCase
], Enforcer::getPolicy());
}
public function testUpdatePolicies()
{
$this->assertEquals([
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
], Enforcer::getPolicy());
$oldPolicies = [
['alice', 'data1', 'read'],
['bob', 'data2', 'write']
];
$newPolicies = [
['alice', 'data1', 'write'],
['bob', 'data2', 'read']
];
Enforcer::updatePolicies($oldPolicies, $newPolicies);
$this->assertEquals([
['alice', 'data1', 'write'],
['bob', 'data2', 'read'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
], Enforcer::getPolicy());
}
public function arrayEqualsWithoutOrder(array $expected, array $actual)
{
if (method_exists($this, 'assertEqualsCanonicalizing')) {
$this->assertEqualsCanonicalizing($expected, $actual);
} else {
array_multisort($expected);
array_multisort($actual);
$this->assertEquals($expected, $actual);
}
}
public function testUpdateFilteredPolicies()
{
$this->assertEquals([
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
], Enforcer::getPolicy());
Enforcer::updateFilteredPolicies([["alice", "data1", "write"]], 0, "alice", "data1", "read");
Enforcer::updateFilteredPolicies([["bob", "data2", "read"]], 0, "bob", "data2", "write");
$policies = [
['alice', 'data1', 'write'],
['bob', 'data2', 'read'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write']
];
$this->arrayEqualsWithoutOrder($policies, Enforcer::getPolicy());
// test use updateFilteredPolicies to update all policies of a user
$this->initTable();
Enforcer::loadPolicy();
$policies = [
['alice', 'data2', 'write'],
['bob', 'data1', 'read']
];
Enforcer::addPolicies($policies);
$this->arrayEqualsWithoutOrder([
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
['alice', 'data2', 'write'],
['bob', 'data1', 'read']
], Enforcer::getPolicy());
Enforcer::updateFilteredPolicies([['alice', 'data1', 'write'], ['alice', 'data2', 'read']], 0, 'alice');
Enforcer::updateFilteredPolicies([['bob', 'data1', 'write'], ["bob", "data2", "read"]], 0, 'bob');
$policies = [
['alice', 'data1', 'write'],
['alice', 'data2', 'read'],
['bob', 'data1', 'write'],
['bob', 'data2', 'read'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write']
];
$this->arrayEqualsWithoutOrder($policies, Enforcer::getPolicy());
// test if $fieldValues contains empty string
$this->initTable();
Enforcer::loadPolicy();
$policies = [
['alice', 'data2', 'write'],
['bob', 'data1', 'read']
];
Enforcer::addPolicies($policies);
$this->assertEquals([
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
['alice', 'data2', 'write'],
['bob', 'data1', 'read']
], Enforcer::getPolicy());
Enforcer::updateFilteredPolicies([['alice', 'data1', 'write'], ['alice', 'data2', 'read']], 0, 'alice', '', '');
Enforcer::updateFilteredPolicies([['bob', 'data1', 'write'], ["bob", "data2", "read"]], 0, 'bob', '', '');
$policies = [
['alice', 'data1', 'write'],
['alice', 'data2', 'read'],
['bob', 'data1', 'write'],
['bob', 'data2', 'read'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write']
];
$this->arrayEqualsWithoutOrder($policies, Enforcer::getPolicy());
// test if $fieldIndex is not zero
$this->initTable();
Enforcer::loadPolicy();
$policies = [
['alice', 'data2', 'write'],
['bob', 'data1', 'read']
];
Enforcer::addPolicies($policies);
$this->assertEquals([
['alice', 'data1', 'read'],
['bob', 'data2', 'write'],
['data2_admin', 'data2', 'read'],
['data2_admin', 'data2', 'write'],
['alice', 'data2', 'write'],
['bob', 'data1', 'read']
], Enforcer::getPolicy());
Enforcer::updateFilteredPolicies([['alice', 'data1', 'write'], ['bob', 'data1', 'write']], 2, 'read');
Enforcer::updateFilteredPolicies([['alice', 'data2', 'read'], ["bob", "data2", "read"]], 2, 'write');
$policies = [
['alice', 'data2', 'read'],
['bob', 'data2', 'read'],
];
$this->arrayEqualsWithoutOrder($policies, Enforcer::getPolicy());
}
public function testLoadFilteredPolicy()
{
$this->initTable();
@ -156,7 +309,7 @@ class DatabaseAdapterTest extends TestCase
$this->assertEquals([
['bob', 'data2', 'write']
], Enforcer::getPolicy());
// Filter
$filter = new Filter(['v2'], ['read']);
Enforcer::loadFilteredPolicy($filter);

40
tests/EnforcerCustomLocalizerTest.php Normal file
View File

@ -0,0 +1,40 @@
<?php
use Illuminate\Contracts\Auth\Access\Gate;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use Lauthz\Tests\TestCase;
class EnforcerCustomLocalizerTest extends TestCase
{
use DatabaseMigrations;
public function testCustomRegisterAtGatesBefore()
{
$user = $this->user("alice");
$this->assertFalse($user->can('data3,read'));
app(Gate::class)->before(function () {
return true;
});
$this->assertTrue($user->can('data3,read'));
}
public function testCustomRegisterAtGatesDefine()
{
$user = $this->user("alice");
$this->assertFalse($user->can('data3,read'));
app(Gate::class)->define('data3,read', function () {
return true;
});
$this->assertTrue($user->can('data3,read'));
}
public function initConfig()
{
parent::initConfig();
$this->app['config']->set('lauthz.localizer.enabled_register_at_gates', false);
}
}

69
tests/EnforcerLocalizerTest.php Normal file
View File

@ -0,0 +1,69 @@
<?php
use Illuminate\Contracts\Auth\Access\Gate;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use Lauthz\Facades\Enforcer;
use Lauthz\Tests\TestCase;
class EnforcerLocalizerTest extends TestCase
{
use DatabaseMigrations;
public function testRegisterAtGates()
{
$user = $this->user('alice');
$this->assertTrue($user->can('data1,read'));
$this->assertFalse($user->can('data1,write'));
$this->assertFalse($user->cannot('data2,read'));
Enforcer::guard('second')->addPolicy('alice', 'data1', 'read');
$this->assertTrue($user->can('data1,read', 'second'));
$this->assertFalse($user->can('data3,read', 'second'));
}
public function testNotLogin()
{
$this->assertFalse(app(Gate::class)->allows('data1,read'));
$this->assertTrue(app(Gate::class)->forUser($this->user('alice'))->allows('data1,read'));
$this->assertFalse(app(Gate::class)->forUser($this->user('bob'))->allows('data1,read'));
}
public function testAfterLogin()
{
$this->login('alice');
$this->assertTrue(app(Gate::class)->allows('data1,read'));
$this->assertTrue(app(Gate::class)->allows('data2,read'));
$this->assertTrue(app(Gate::class)->allows('data2,write'));
$this->login('bob');
$this->assertFalse(app(Gate::class)->allows('data1,read'));
$this->assertTrue(app(Gate::class)->allows('data2,write'));
}
public function initConfig()
{
parent::initConfig();
$this->app['config']->set('lauthz.second.model.config_type', 'text');
$this->app['config']->set(
'lauthz.second.model.config_text',
$this->getModelText()
);
}
protected function getModelText(): string
{
return <<<EOT
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
EOT;
}
}

138
tests/ModelLoaderTest.php Normal file
View File

@ -0,0 +1,138 @@
<?php
namespace Lauthz\Tests;
use Lauthz\Facades\Enforcer;
use Lauthz\Loaders\ModelLoaderManager;
use InvalidArgumentException;
use RuntimeException;
class ModelLoaderTest extends TestCase
{
public function testUrlLoader(): void
{
$this->initUrlConfig();
$this->assertFalse(Enforcer::enforce('alice', 'data', 'read'));
Enforcer::addPolicy('data_admin', 'data', 'read');
Enforcer::addRoleForUser('alice', 'data_admin');
$this->assertTrue(Enforcer::enforce('alice', 'data', 'read'));
}
public function testTextLoader(): void
{
$this->initTextConfig();
Enforcer::addPolicy('data_admin', 'data', 'read');
$this->assertFalse(Enforcer::enforce('alice', 'data', 'read'));
$this->assertTrue(Enforcer::enforce('data_admin', 'data', 'read'));
}
public function testFileLoader(): void
{
$this->assertFalse(Enforcer::enforce('alice', 'data', 'read'));
Enforcer::addPolicy('data_admin', 'data', 'read');
Enforcer::addRoleForUser('alice', 'data_admin');
$this->assertTrue(Enforcer::enforce('alice', 'data', 'read'));
}
public function testCustomLoader(): void
{
$this->initCustomConfig();
Enforcer::guard('second')->addPolicy('data_admin', 'data', 'read');
$this->assertFalse(Enforcer::guard('second')->enforce('alice', 'data', 'read'));
$this->assertTrue(Enforcer::guard('second')->enforce('data_admin', 'data', 'read'));
}
public function testMultipleLoader(): void
{
$this->testFileLoader();
$this->testCustomLoader();
}
public function testEmptyModel(): void
{
Enforcer::shouldUse('third');
$this->expectException(InvalidArgumentException::class);
$this->assertFalse(Enforcer::enforce('alice', 'data', 'read'));
}
public function testEmptyLoaderType(): void
{
$this->app['config']->set('lauthz.basic.model.config_type', '');
$this->expectException(InvalidArgumentException::class);
$this->assertFalse(Enforcer::enforce('alice', 'data', 'read'));
}
public function testNotExistLoaderType(): void
{
$this->app['config']->set('lauthz.basic.model.config_type', 'not_exist');
$this->expectException(InvalidArgumentException::class);
$this->assertFalse(Enforcer::enforce('alice', 'data', 'read'));
}
public function testBadUrlConnection(): void
{
$this->initUrlConfig();
$this->app['config']->set('lauthz.basic.model.config_url', 'http://filenoexists');
$this->expectException(RuntimeException::class);
$this->assertFalse(Enforcer::enforce('alice', 'data', 'read'));
}
protected function initUrlConfig(): void
{
$this->app['config']->set('lauthz.basic.model.config_type', 'url');
$this->app['config']->set(
'lauthz.basic.model.config_url',
'https://raw.githubusercontent.com/casbin/casbin/master/examples/rbac_model.conf'
);
}
protected function initTextConfig(): void
{
$this->app['config']->set('lauthz.basic.model.config_type', 'text');
$this->app['config']->set(
'lauthz.basic.model.config_text',
$this->getModelText()
);
}
protected function initCustomConfig(): void
{
$this->app['config']->set('lauthz.second.model.config_type', 'custom');
$this->app['config']->set(
'lauthz.second.model.config_text',
$this->getModelText()
);
$config = $this->app['config']->get('lauthz.second');
$loader = $this->app->make(ModelLoaderManager::class);
$loader->extend('custom', function () use ($config) {
return new \Lauthz\Loaders\TextLoader($config);
});
}
protected function getModelText(): string
{
return <<<EOT
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
EOT;
}
}

27
tests/RequestMiddlewareTest.php
View File

@ -5,6 +5,7 @@ namespace Lauthz\Tests;
use Lauthz\Middlewares\RequestMiddleware;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use Illuminate\Http\Request;
use Lauthz\Facades\Enforcer;
use Lauthz\Models\Rule;
class RequestMiddlewareTest extends TestCase
@ -34,11 +35,19 @@ class RequestMiddlewareTest extends TestCase
$this->assertEquals($this->middleware(Request::create('/foo1/123', 'PUT')), 'Unauthorized Exception');
$this->assertEquals($this->middleware(Request::create('/proxy', 'GET')), 'Unauthorized Exception');
Enforcer::guard('second')->addPolicy('alice', '/foo1/*', '(GET|POST)');
$this->assertEquals($this->middleware(Request::create('/foo1/123', 'GET'), 'second'), 200);
$this->assertEquals($this->middleware(Request::create('/foo1/123', 'POST'), 'second'), 200);
$this->assertEquals($this->middleware(Request::create('/foo1/123', 'PUT'), 'second'), 'Unauthorized Exception');
$this->assertEquals($this->middleware(Request::create('/proxy', 'GET'), 'second'), 'Unauthorized Exception');
}
protected function middleware($request)
protected function middleware($request, ...$guards)
{
return parent::runMiddleware(RequestMiddleware::class, $request);
return parent::runMiddleware(RequestMiddleware::class, $request, ...$guards);
}
protected function initConfig()
@ -62,17 +71,19 @@ e = some(where (p.eft == allow))
m = g(r.sub, p.sub) && r.sub == p.sub && keyMatch2(r.obj, p.obj) && regexMatch(r.act, p.act)
EOT;
$this->app['config']->set('lauthz.basic.model.config_text', $text);
$this->app['config']->set('lauthz.second.model.config_type', 'text');
$this->app['config']->set('lauthz.second.model.config_text', $text);
}
protected function initTable()
{
Rule::truncate();
Rule::create(['p_type' => 'p', 'v0' => 'alice', 'v1' => '/foo', 'v2' => 'GET']);
Rule::create(['p_type' => 'p', 'v0' => 'alice', 'v1' => '/foo/:id', 'v2' => 'GET']);
Rule::create(['p_type' => 'p', 'v0' => 'alice', 'v1' => '/foo', 'v2' => 'POST']);
Rule::create(['p_type' => 'p', 'v0' => 'alice', 'v1' => '/foo/:id', 'v2' => 'PUT']);
Rule::create(['p_type' => 'p', 'v0' => 'alice', 'v1' => '/foo/:id', 'v2' => 'DELETE']);
Rule::create(['p_type' => 'p', 'v0' => 'alice', 'v1' => '/foo1/*', 'v2' => '(GET)|(POST)']);
Rule::create(['ptype' => 'p', 'v0' => 'alice', 'v1' => '/foo', 'v2' => 'GET']);
Rule::create(['ptype' => 'p', 'v0' => 'alice', 'v1' => '/foo/:id', 'v2' => 'GET']);
Rule::create(['ptype' => 'p', 'v0' => 'alice', 'v1' => '/foo', 'v2' => 'POST']);
Rule::create(['ptype' => 'p', 'v0' => 'alice', 'v1' => '/foo/:id', 'v2' => 'PUT']);
Rule::create(['ptype' => 'p', 'v0' => 'alice', 'v1' => '/foo/:id', 'v2' => 'DELETE']);
Rule::create(['ptype' => 'p', 'v0' => 'alice', 'v1' => '/foo1/*', 'v2' => '(GET)|(POST)']);
}
}

4
tests/RuleCacheTest.php
View File

@ -28,7 +28,7 @@ class RuleCacheTest extends TestCase
app(Rule::class)->getAllFromCache();
$this->assertCount(0, DB::getQueryLog());
$rule = Rule::create(['p_type' => 'p', 'v0' => 'alice', 'v1' => 'data1', 'v2' => 'read']);
$rule = Rule::create(['ptype' => 'p', 'v0' => 'alice', 'v1' => 'data1', 'v2' => 'read']);
app(Rule::class)->getAllFromCache();
$this->assertCount(2, DB::getQueryLog());
@ -48,7 +48,7 @@ class RuleCacheTest extends TestCase
app(Rule::class)->getAllFromCache();
$this->assertCount(1, DB::getQueryLog());
$rule = Rule::create(['p_type' => 'p', 'v0' => 'alice', 'v1' => 'data1', 'v2' => 'read']);
$rule = Rule::create(['ptype' => 'p', 'v0' => 'alice', 'v1' => 'data1', 'v2' => 'read']);
app(Rule::class)->getAllFromCache();
$this->assertCount(3, DB::getQueryLog());

13
tests/TestCase.php
View File

@ -27,9 +27,9 @@ abstract class TestCase extends BaseTestCase
});
$this->app->make(Kernel::class)->bootstrap();
$this->initConfig();
$this->app->register(\Lauthz\LauthzServiceProvider::class);
$this->initConfig();
$this->artisan('vendor:publish', ['--provider' => 'Lauthz\LauthzServiceProvider']);
$this->artisan('migrate', ['--force' => true]);
@ -46,6 +46,7 @@ abstract class TestCase extends BaseTestCase
$this->app['config']->set('database.default', 'mysql');
$this->app['config']->set('database.connections.mysql.charset', 'utf8');
$this->app['config']->set('database.connections.mysql.collation', 'utf8_unicode_ci');
$this->app['config']->set('cache.default', 'array');
// $app['config']->set('lauthz.log.enabled', true);
}
@ -53,12 +54,12 @@ abstract class TestCase extends BaseTestCase
{
Rule::truncate();
Rule::create(['p_type' => 'p', 'v0' => 'alice', 'v1' => 'data1', 'v2' => 'read']);
Rule::create(['p_type' => 'p', 'v0' => 'bob', 'v1' => 'data2', 'v2' => 'write']);
Rule::create(['ptype' => 'p', 'v0' => 'alice', 'v1' => 'data1', 'v2' => 'read']);
Rule::create(['ptype' => 'p', 'v0' => 'bob', 'v1' => 'data2', 'v2' => 'write']);
Rule::create(['p_type' => 'p', 'v0' => 'data2_admin', 'v1' => 'data2', 'v2' => 'read']);
Rule::create(['p_type' => 'p', 'v0' => 'data2_admin', 'v1' => 'data2', 'v2' => 'write']);
Rule::create(['p_type' => 'g', 'v0' => 'alice', 'v1' => 'data2_admin']);
Rule::create(['ptype' => 'p', 'v0' => 'data2_admin', 'v1' => 'data2', 'v2' => 'read']);
Rule::create(['ptype' => 'p', 'v0' => 'data2_admin', 'v1' => 'data2', 'v2' => 'write']);
Rule::create(['ptype' => 'g', 'v0' => 'alice', 'v1' => 'data2_admin']);
}
protected function runMiddleware($middleware, $request, ...$args)