feat: loading policy with priority explicitly

Signed-off-by: Rushikesh Tote <[email protected]>
casbin · May 21, 2021 · 77a115f · 77a115f
1 parent 0b8e7da
commit 77a115f
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 1 deletion.
diff --git a/spec/main/enforcer_spec.lua b/spec/main/enforcer_spec.lua
@@ -93,4 +93,33 @@ describe("Enforcer tests", function ()
         assert.is.True(e:enforce("bob", "data2", "read"))
         assert.is.True(e:enforce("bob", "data2", "write"))
     end)
+
+    it("explicit priority test", function ()
+        local model  = path .. "/examples/priority_model_explicit.conf"
+        local policy  = path .. "/examples/priority_policy_explicit.csv"
+
+        local e = Enforcer:new(model, policy)
+        assert.is.True(e:enforce("alice", "data1", "write"))
+        assert.is.True(e:enforce("alice", "data1", "read"))
+        assert.is.False(e:enforce("bob", "data2", "read"))
+        assert.is.True(e:enforce("bob", "data2", "write"))
+        assert.is.False(e:enforce("data1_deny_group", "data1", "read"))
+        assert.is.False(e:enforce("data1_deny_group", "data1", "write"))
+        assert.is.True(e:enforce("data2_allow_group", "data2", "read"))
+        assert.is.True(e:enforce("data2_allow_group", "data2", "write"))
+
+        local rule = {"1", "bob", "data2", "write", "deny"}
+        e.model:addPolicy("p", "p", rule)
+        e.model:sortPoliciesByPriority()
+        e.model:printPolicy()
+
+        assert.is.True(e:enforce("alice", "data1", "write"))
+        assert.is.True(e:enforce("alice", "data1", "read"))
+        assert.is.False(e:enforce("bob", "data2", "read"))
+        assert.is.False(e:enforce("bob", "data2", "write"))
+        assert.is.False(e:enforce("data1_deny_group", "data1", "read"))
+        assert.is.False(e:enforce("data1_deny_group", "data1", "write"))
+        assert.is.True(e:enforce("data2_allow_group", "data2", "read"))
+        assert.is.True(e:enforce("data2_allow_group", "data2", "write"))
+    end)
 end)
diff --git a/src/main/CoreEnforcer.lua b/src/main/CoreEnforcer.lua
@@ -208,8 +208,11 @@ end
 ]]
 function CoreEnforcer:loadPolicy()
     self.model:clearPolicy()
-    self.adapter:loadPolicy(self.model);
+    self.adapter:loadPolicy(self.model)
+
+    self.model:sortPoliciesByPriority()
     self.model:printPolicy()
+
     if self.autoBuildRoleLinks then
         self:buildRoleLinks()
     end

diff --git a/src/model/Model.lua b/src/model/Model.lua
@@ -182,4 +182,26 @@ function Model:printModel()
     end
 end
 
+-- sortPoliciesByPriority sorts policies by their priorities if 'priority' token exists
+function Model:sortPoliciesByPriority()
+     if not self.model["p"] then return end
+
+     for ptype, ast in pairs(self.model["p"]) do
+          local priorityIndex = 0
+          for inx, token in pairs(ast.tokens) do
+               if token == ptype .. "_priority" then
+                    priorityIndex = inx
+                    break
+               end
+          end
+          if priorityIndex == 0 then
+               return
+          end
+
+          table.sort(ast.policy, function (a, b)
+               return a[priorityIndex] < b[priorityIndex]
+          end)
+     end
+end
+
 return Model