feat: Added logging, file logging and interfaces for watcher and disp…

…atcher (#54) * feat: Added logging for requests and file logging functionality Signed-off-by: Rushikesh Tote <[email protected]> * feat: Added enforceEx function and explain result functionality Signed-off-by: Rushikesh Tote <[email protected]> * feat: Added Dispatcher and Watcher interfaces with tests for it Signed-off-by: Rushikesh Tote <[email protected]> * fix: default result value in DefaultEffector and remove fileLogger Signed-off-by: Rushikesh Tote <[email protected]>
casbin · Jun 27, 2021 · e1e9283 · e1e9283
1 parent 90b47cf
commit e1e9283
Show file tree

Hide file tree

Showing 13 changed files with 460 additions and 26 deletions.
diff --git a/src/effect/DefaultEffector.lua b/src/effect/DefaultEffector.lua
@@ -24,51 +24,56 @@ function DefaultEffector:new()
     return o
 end
 
-function DefaultEffector:mergeEffects(expr, effects, results)
+function DefaultEffector:mergeEffects(expr, effects)
 
-    local result = true
+    local result = false
+    local explainIndex = -1
 
     if expr == "some(where (p_eft == allow))" then
         result = false
-        for _, eft in pairs(effects) do
+        for i, eft in pairs(effects) do
             if eft == self.Effect.ALLOW then
                 result = true
+                explainIndex = i
                 break
             end 
         end
     elseif expr == "!some(where (p_eft == deny))" then
         result = true
-        for _, eft in pairs(effects) do
+        for i, eft in pairs(effects) do
             if eft == self.Effect.DENY then
                 result = false
+                explainIndex = i
                 break
             end 
         end
     elseif expr == "some(where (p_eft == allow)) && !some(where (p_eft == deny))" then
         result = false
-        for _, eft in pairs(effects) do
+        for i, eft in pairs(effects) do
             if eft == self.Effect.ALLOW then
                 result = true
             elseif eft == self.Effect.DENY then
                 result = false
+                explainIndex = i
                 break
             end
         end
     elseif expr == "priority(p_eft) || deny" then
         result = false
-        for _, eft in pairs(effects) do
+        for i, eft in pairs(effects) do
             if eft ~= self.Effect.INDETERMINATE then
                 if eft == self.Effect.ALLOW then
                     result = true
                 else
                     result = false
                 end
+                explainIndex = i
                 break
             end
         end
     else
         error("unsupported effect")
     end
 
-    return result
+    return result, explainIndex
 end
diff --git a/src/main/CoreEnforcer.lua b/src/main/CoreEnforcer.lua
@@ -71,6 +71,7 @@ function CoreEnforcer:initWithModelAndAdapter(m, adapter)
 
     self.adapter = adapter
     self.model = m
+    self.model.logger = self.logger
     self.model:printModel()
 
     self:initialize()
@@ -241,7 +242,19 @@ end
      * Casbin API) back to file/database.
 ]]
 function CoreEnforcer:savePolicy()
+    if self:isFiltered() then
+        error("cannot save a filtered policy")
+    end
+
+    self.adapter:savePolicy(self.model)
 
+    if self.watcher then
+        if Util.isInstance(self.watcher, WatcherEx) then
+            self.watcher:updateForSavePolicy(self.model)
+        else
+            self.watcher:update()
+        end
+    end
 end
 
 --[[
@@ -254,13 +267,27 @@ function CoreEnforcer:enableEnforce(enable)
     self.enable = enable
 end
 
+-- setLogger changes the current enforcer's logger.
+function CoreEnforcer:setLogger(logger)
+    self.logger = logger
+    self.model.logger = logger
+    for _, rm in pairs(self.rmMap) do
+        rm.logger = logger
+    end
+end
+
 --[[
      * enableLog changes whether to print Casbin log to the standard output.
      *
      * @param enable whether to enable Casbin's log.
 ]]
 function CoreEnforcer:enableLog(enable)
+    self.logger.enabled = enable
+end
 
+-- returns the current logger's enabled status
+function CoreEnforcer:isLogEnabled()
+    return self.logger.enabled
 end
 
 --[[
@@ -303,7 +330,7 @@ end
      *              of strings, can be class instances if ABAC is used.
      * @return whether to allow the request.
 ]]
-function CoreEnforcer:enforce(...)
+function CoreEnforcer:enforceEx(...)
     local rvals = {...}
     if type(rvals[1]) == "table" and #rvals == 1 then
         rvals = rvals[1]
@@ -380,7 +407,7 @@ function CoreEnforcer:enforce(...)
                     c = false
                 end
             else
-                error("matcher result should be boolean or integer")
+                error("matcher result should be boolean or number")
             end
 
             if context["p_eft"] and c then
@@ -423,8 +450,38 @@ function CoreEnforcer:enforce(...)
         end
     end
 
-    local finalResult = DefaultEffector:mergeEffects(self.model.model["e"]["e"].value, policyEffects)
-    return finalResult
+    local finalResult, explainIndex = DefaultEffector:mergeEffects(self.model.model["e"]["e"].value, policyEffects)
+
+    local explainPolicy = {}
+
+    -- Logging request
+    if self.logger.enabled then
+        local req = "Request: "
+        for _, v in pairs(rvals) do
+            if type(v)=="table" then
+                req = req .. Util.printTable(v) .. ", "
+            else
+                req = req .. tostring(v) .. ", "
+            end
+        end
+        req = string.sub(req, 1, -3)
+        req = req .. " ---> " .. tostring(finalResult) .. "\n"
+        if explainIndex~=-1 and #self.model.model["p"]["p"].policy>=explainIndex then
+            req = req .. "Hit Policy: "
+            req = req .. Util.printTable(self.model.model["p"]["p"].policy[explainIndex])
+
+            explainPolicy = Util.tableDeepCopy(self.model.model["p"]["p"].policy[explainIndex])
+        end
+
+        self.logger:info(req)
+    end
+
+    return finalResult, explainPolicy
+end
+
+function CoreEnforcer:enforce(...)
+    local res, _ =  self:enforceEx(...)
+    return res
 end
 
 function CoreEnforcer:isAutoNotifyWatcher()

diff --git a/src/main/InternalEnforcer.lua b/src/main/InternalEnforcer.lua
@@ -16,6 +16,9 @@ require "src/main/CoreEnforcer"
 require "src/model/Model"
 require "src/persist/BatchAdapter"
 require "src/persist/FilteredAdapter"
+require "src/persist/Watcher"
+require "src/persist/WatcherEx"
+require "src/persist/WatcherUpdatable"
 require "src/util/Util"
 
 -- InternalEnforcer = CoreEnforcer + Internal API.
@@ -49,8 +52,15 @@ function InternalEnforcer:addPolicy(sec, ptype, rule)
         self:buildIncrementalRoleLinks(self.model.PolicyOperations.POLICY_ADD, ptype, rules)
     end
 
+    if self.watcher and self.autoNotifyWatcher then
+        if Util.isInstance(self.watcher, WatcherEx) then
+            self.watcher:updateForAddPolicy(sec, ptype, rule)
+        else
+            self.watcher:update()
+        end
+    end
+
     return true
-    --TODO: update watcher, add logger
 end
 
 --[[
@@ -81,8 +91,11 @@ function InternalEnforcer:addPolicies(sec, ptype, rules)
         self:buildIncrementalRoleLinks(self.model.PolicyOperations.POLICY_ADD, ptype, rules)
     end
 
+    if self.watcher and self.autoNotifyWatcher then
+        self.watcher:update()
+    end
+
     return true
-    --TODO: update watcher, add logger
 end
 
 --[[
@@ -121,8 +134,15 @@ function InternalEnforcer:removePolicy(sec, ptype, rule)
         self:buildIncrementalRoleLinks(self.model.PolicyOperations.POLICY_REMOVE, ptype, rules)
     end
 
+    if self.watcher and self.autoNotifyWatcher then
+        if Util.isInstance(self.watcher, WatcherEx) then
+            self.watcher:updateForRemovePolicy(sec, ptype, rule)
+        else
+            self.watcher:update()
+        end
+    end
+
     return true
-    -- TODO: update watcher, add logger
 end
 
 --[[
@@ -176,8 +196,15 @@ function InternalEnforcer:updatePolicy(sec, ptype, oldRule, newRule)
         end
     end
 
+    if self.watcher and self.autoNotifyWatcher then
+        if Util.isInstance(self.watcher, WatcherUpdatable) then
+            self.watcher:updateForUpdatePolicy(sec, ptype, oldRule, newRule)
+        else
+            self.watcher:update()
+        end
+    end
+
     return true
-    -- TODO: update watcher, add logger
 end
 
 --[[
@@ -212,8 +239,11 @@ function InternalEnforcer:removePolicies(sec, ptype, rules)
         self:buildIncrementalRoleLinks(self.model.PolicyOperations.POLICY_REMOVE, ptype, rules)
     end
 
+    if self.watcher and self.autoNotifyWatcher then
+        self.watcher:update()
+    end
+
     return true
-    -- TODO: update watcher, add logger
 end
 
 --[[
@@ -244,8 +274,15 @@ function InternalEnforcer:removeFilteredPolicy(sec, ptype, fieldIndex, fieldValu
         self:buildIncrementalRoleLinks(self.model.PolicyOperations.POLICY_REMOVE, ptype, effects)
     end
 
+    if self.watcher and self.autoNotifyWatcher then
+        if Util.isInstance(self.watcher, WatcherEx) then
+            self.watcher:updateForRemoveFilteredPolicy(sec, ptype, fieldIndex, fieldValues)
+        else
+            self.watcher:update()
+        end
+    end
+
     return true
-    -- TODO: update watcher, add logger
 end
 
 function InternalEnforcer:getDomainIndex(ptype)

diff --git a/src/persist/Dispatcher.lua b/src/persist/Dispatcher.lua
@@ -0,0 +1,42 @@
+--Copyright 2021 The casbin Authors. All Rights Reserved.
+--
+--Licensed under the Apache License, Version 2.0 (the "License");
+--you may not use this file except in compliance with the License.
+--You may obtain a copy of the License at
+--
+--    http://www.apache.org/licenses/LICENSE-2.0
+--
+--Unless required by applicable law or agreed to in writing, software
+--distributed under the License is distributed on an "AS IS" BASIS,
+--WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+--See the License for the specific language governing permissions and
+--limitations under the License.
+
+-- Dispatcher is the interface for Casbin dispatcher
+Dispatcher = {}
+Dispatcher.__index = Dispatcher
+
+-- addPolicies adds policies rule to all instances.
+function Dispatcher:addPolicies(sec, ptype, rules)
+
+end
+
+-- removePolicies removes policies rule from all instances.
+function Dispatcher:removePolicies(sec, ptype, rules)
+
+end
+
+-- removeFilteredPolicies removes policy rules that match the filter from all instances.
+function Dispatcher:removeFilteredPolicies(sec, ptype, fieldIndex, ...)
+
+end
+
+-- clearPolicy clears all current policy in all instances.
+function Dispatcher:clearPolicy()
+
+end
+
+-- updatePolicy updates policy rule from all instances.
+function Dispatcher:updatePolicy(sec, ptype, oldRule, newRule)
+
+end
diff --git a/src/persist/Watcher.lua b/src/persist/Watcher.lua
@@ -0,0 +1,35 @@
+--Copyright 2021 The casbin Authors. All Rights Reserved.
+--
+--Licensed under the Apache License, Version 2.0 (the "License");
+--you may not use this file except in compliance with the License.
+--You may obtain a copy of the License at
+--
+--    http://www.apache.org/licenses/LICENSE-2.0
+--
+--Unless required by applicable law or agreed to in writing, software
+--distributed under the License is distributed on an "AS IS" BASIS,
+--WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+--See the License for the specific language governing permissions and
+--limitations under the License.
+
+Watcher = {}
+Watcher.__index = Watcher
+
+-- setUpdateCallback sets the callback function that the watcher will call
+-- when the policy in DB has been changed by other instances.
+-- A classic callback is Enforcer:loadPolicy().
+function Watcher:setUpdateCallback(func)
+
+end
+
+-- update calls the update callback of other instances to synchronize their policy.
+-- It is usually called after changing the policy in DB, like Enforcer:savePolicy(),
+-- Enforcer:AddPolicy(), Enforcer:RemovePolicy(), etc.
+function Watcher:update()
+
+end
+
+-- close stops and releases the watcher, the callback function will not be called any more.
+function Watcher:close()
+
+end