Skip to content

Commit

Permalink
fix: get_implicit_users_for_permission() (#168)
Browse files Browse the repository at this point in the history
ci: upgrade node.js version

test: addded more comprehensive tests for get_implicit_users_for_permission()

Signed-off-by: ffyuanda <[email protected]>
  • Loading branch information
ffyuanda authored Jun 16, 2021
1 parent fbbc600 commit 92e1110
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 8 deletions.
6 changes: 4 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,9 @@ jobs:
fetch-depth: 0

- name: Setup Node.js
uses: actions/setup-node@v1
uses: actions/setup-node@v2
with:
node-version: '16'

- name: Setup
run: npm install -g semantic-release @semantic-release/github @semantic-release/changelog @semantic-release/commit-analyzer @semantic-release/git @semantic-release/release-notes-generator semantic-release-pypi
Expand All @@ -98,4 +100,4 @@ jobs:
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
run: npx semantic-release
run: npx semantic-release
14 changes: 8 additions & 6 deletions casbin/enforcer.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
from casbin.management_enforcer import ManagementEnforcer
from casbin.util import join_slice, set_subtract
from casbin.util import join_slice, array_remove_duplicates, set_subtract


class Enforcer(ManagementEnforcer):
Expand Down Expand Up @@ -174,13 +174,15 @@ def get_implicit_users_for_permission(self, *permission):
get_implicit_users_for_permission("data1", "read") will get: ["alice", "bob"].
Note: only users will be returned, roles (2nd arg in "g") will be excluded.
"""
subjects = self.get_all_subjects()
roles = self.get_all_roles()

users = set_subtract(subjects, roles)
p_subjects = self.get_all_subjects()
g_inherit = self.model.get_values_for_field_in_policy("g", "g", 1)
g_subjects = self.model.get_values_for_field_in_policy("g", "g", 0)
subjects = array_remove_duplicates(g_subjects + p_subjects)

res = list()
for user in users:
subjects = set_subtract(subjects, g_inherit)

for user in subjects:
req = join_slice(user, *permission)
allowed = self.enforce(*req)

Expand Down
9 changes: 9 additions & 0 deletions tests/test_rbac_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,15 @@ def test_implicit_user_api(self):
["alice", "bob"], e.get_implicit_users_for_permission("data2", "write")
)

e.clear_policy()
e.add_policy("admin", "data1", "read")
e.add_policy("bob", "data1", "read")
e.add_grouping_policy("alice", "admin")

self.assertEqual(
["alice", "bob"], e.get_implicit_users_for_permission("data1", "read")
)


class TestRbacApiSynced(TestRbacApi):
def get_enforcer(self, model=None, adapter=None):
Expand Down

0 comments on commit 92e1110

Please sign in to comment.