casbin
Version:
An authorization library that supports access control models like ACL, RBAC, ABAC in Node.JS
596 lines (595 loc) • 25.4 kB
JavaScript
"use strict";
// Copyright 2020 The Casbin Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.newSyncedEnforcer = exports.SyncedEnforcer = void 0;
const enforcer_1 = require("./enforcer");
const await_lock_1 = require("await-lock");
// SyncedEnforcer wraps Enforcer and provides synchronized access
class SyncedEnforcer extends enforcer_1.Enforcer {
constructor() {
super(...arguments);
this.lock = new await_lock_1.default();
}
/**
* setWatcher sets the current watcher.
*
* @param watcher the watcher.
*/
setWatcher(watcher) {
this.watcher = watcher;
this.watcher.setUpdateCallback(() => this.loadPolicy());
}
/**
* loadPolicy reloads the policy from file/database.
*/
loadPolicy() {
const _super = Object.create(null, {
loadPolicy: { get: () => super.loadPolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.loadPolicy.call(this).finally(() => this.lock.release());
});
}
/**
* clearPolicy clears all policy.
*/
clearPolicy() {
this.lock
.acquireAsync()
.then(() => super.clearPolicy())
.finally(() => this.lock.release());
}
/**
* savePolicy saves the current policy (usually after changed with Casbin API) back to file/database.
*/
savePolicy() {
const _super = Object.create(null, {
savePolicy: { get: () => super.savePolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.savePolicy.call(this).finally(() => this.lock.release());
});
}
/**
* buildRoleLinks manually rebuild the role inheritance relations.
*/
buildRoleLinks() {
const _super = Object.create(null, {
buildRoleLinks: { get: () => super.buildRoleLinks }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.buildRoleLinks.call(this).finally(() => this.lock.release());
});
}
/**
* If the matchers does not contain an asynchronous method, call it faster.
*
* enforceWithSyncCompile decides whether a "subject" can access a "object" with
* the operation "action", input parameters are usually: (sub, obj, act).
*
* @param rvals the request needs to be mediated, usually an array
* of strings, can be class instances if ABAC is used.
* @return whether to allow the request.
*/
enforceWithSyncCompile(...rvals) {
const _super = Object.create(null, {
enforceWithSyncCompile: { get: () => super.enforceWithSyncCompile }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.enforceWithSyncCompile.call(this, ...rvals).finally(() => this.lock.release());
});
}
/**
* enforce decides whether a "subject" can access a "object" with
* the operation "action", input parameters are usually: (sub, obj, act).
*
* @param rvals the request needs to be mediated, usually an array
* of strings, can be class instances if ABAC is used.
* @return whether to allow the request.
*/
enforce(...rvals) {
const _super = Object.create(null, {
enforce: { get: () => super.enforce }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.enforce.call(this, ...rvals).finally(() => this.lock.release());
});
}
/**
* getAllSubjects gets the list of subjects that show up in the current policy.
*
* @return all the subjects in "p" policy rules. It actually collects the
* 0-index elements of "p" policy rules. So make sure your subject
* is the 0-index element, like (sub, obj, act). Duplicates are removed.
*/
getAllSubjects() {
return __awaiter(this, void 0, void 0, function* () {
return this.getAllNamedSubjects('p');
});
}
/**
* getAllNamedSubjects gets the list of subjects that show up in the currentnamed policy.
*
* @param ptype the policy type, can be "p", "p2", "p3", ..
* @return all the subjects in policy rules of the ptype type. It actually
* collects the 0-index elements of the policy rules. So make sure
* your subject is the 0-index element, like (sub, obj, act).
* Duplicates are removed.
*/
getAllNamedSubjects(ptype) {
const _super = Object.create(null, {
getAllNamedSubjects: { get: () => super.getAllNamedSubjects }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.getAllNamedSubjects.call(this, ptype).finally(() => this.lock.release());
});
}
/**
* getAllObjects gets the list of objects that show up in the current policy.
*
* @return all the objects in "p" policy rules. It actually collects the
* 1-index elements of "p" policy rules. So make sure your object
* is the 1-index element, like (sub, obj, act).
* Duplicates are removed.
*/
getAllObjects() {
return __awaiter(this, void 0, void 0, function* () {
return this.getAllNamedObjects('p');
});
}
/**
* getAllNamedObjects gets the list of objects that show up in the current named policy.
*
* @param ptype the policy type, can be "p", "p2", "p3", ..
* @return all the objects in policy rules of the ptype type. It actually
* collects the 1-index elements of the policy rules. So make sure
* your object is the 1-index element, like (sub, obj, act).
* Duplicates are removed.
*/
getAllNamedObjects(ptype) {
const _super = Object.create(null, {
getAllNamedObjects: { get: () => super.getAllNamedObjects }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.getAllNamedObjects.call(this, ptype).finally(() => this.lock.release());
});
}
/**
* getAllActions gets the list of actions that show up in the current policy.
*
* @return all the actions in "p" policy rules. It actually collects
* the 2-index elements of "p" policy rules. So make sure your action
* is the 2-index element, like (sub, obj, act).
* Duplicates are removed.
*/
getAllActions() {
return __awaiter(this, void 0, void 0, function* () {
return this.getAllNamedActions('p');
});
}
/**
* GetAllNamedActions gets the list of actions that show up in the current named policy.
*
* @param ptype the policy type, can be "p", "p2", "p3", ..
* @return all the actions in policy rules of the ptype type. It actually
* collects the 2-index elements of the policy rules. So make sure
* your action is the 2-index element, like (sub, obj, act).
* Duplicates are removed.
*/
getAllNamedActions(ptype) {
const _super = Object.create(null, {
getAllNamedActions: { get: () => super.getAllNamedActions }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.getAllNamedActions.call(this, ptype).finally(() => this.lock.release());
});
}
/**
* getAllRoles gets the list of roles that show up in the current policy.
*
* @return all the roles in "g" policy rules. It actually collects
* the 1-index elements of "g" policy rules. So make sure your
* role is the 1-index element, like (sub, role).
* Duplicates are removed.
*/
getAllRoles() {
return __awaiter(this, void 0, void 0, function* () {
return this.getAllNamedRoles('g');
});
}
/**
* getAllNamedRoles gets the list of roles that show up in the current named policy.
*
* @param ptype the policy type, can be "g", "g2", "g3", ..
* @return all the subjects in policy rules of the ptype type. It actually
* collects the 0-index elements of the policy rules. So make
* sure your subject is the 0-index element, like (sub, obj, act).
* Duplicates are removed.
*/
getAllNamedRoles(ptype) {
const _super = Object.create(null, {
getAllNamedRoles: { get: () => super.getAllNamedRoles }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.getAllNamedRoles.call(this, ptype).finally(() => this.lock.release());
});
}
/**
* getPolicy gets all the authorization rules in the policy.
*
* @return all the "p" policy rules.
*/
getPolicy() {
return __awaiter(this, void 0, void 0, function* () {
return this.getNamedPolicy('p');
});
}
/**
* getFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.
*
* @param fieldIndex the policy rule's start index to be matched.
* @param fieldValues the field values to be matched, value ""
* means not to match this field.
* @return the filtered "p" policy rules.
*/
getFilteredPolicy(fieldIndex, ...fieldValues) {
return __awaiter(this, void 0, void 0, function* () {
return this.getFilteredNamedPolicy('p', fieldIndex, ...fieldValues);
});
}
/**
* getNamedPolicy gets all the authorization rules in the named policy.
*
* @param ptype the policy type, can be "p", "p2", "p3", ..
* @return the "p" policy rules of the specified ptype.
*/
getNamedPolicy(ptype) {
const _super = Object.create(null, {
getNamedPolicy: { get: () => super.getNamedPolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.getNamedPolicy.call(this, ptype).finally(() => this.lock.release());
});
}
/**
* getFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.
*
* @param ptype the policy type, can be "p", "p2", "p3", ..
* @param fieldIndex the policy rule's start index to be matched.
* @param fieldValues the field values to be matched, value ""
* means not to match this field.
* @return the filtered "p" policy rules of the specified ptype.
*/
getFilteredNamedPolicy(ptype, fieldIndex, ...fieldValues) {
const _super = Object.create(null, {
getFilteredNamedPolicy: { get: () => super.getFilteredNamedPolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.getFilteredNamedPolicy.call(this, ptype, fieldIndex, ...fieldValues).finally(() => this.lock.release());
});
}
/**
* getGroupingPolicy gets all the role inheritance rules in the policy.
*
* @return all the "g" policy rules.
*/
getGroupingPolicy() {
return __awaiter(this, void 0, void 0, function* () {
return this.getNamedGroupingPolicy('g');
});
}
/**
* getFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
*
* @param fieldIndex the policy rule's start index to be matched.
* @param fieldValues the field values to be matched, value "" means not to match this field.
* @return the filtered "g" policy rules.
*/
getFilteredGroupingPolicy(fieldIndex, ...fieldValues) {
return __awaiter(this, void 0, void 0, function* () {
return this.getFilteredNamedGroupingPolicy('g', fieldIndex, ...fieldValues);
});
}
/**
* getNamedGroupingPolicy gets all the role inheritance rules in the policy.
*
* @param ptype the policy type, can be "g", "g2", "g3", ..
* @return the "g" policy rules of the specified ptype.
*/
getNamedGroupingPolicy(ptype) {
const _super = Object.create(null, {
getNamedGroupingPolicy: { get: () => super.getNamedGroupingPolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.getNamedGroupingPolicy.call(this, ptype).finally(() => this.lock.release());
});
}
/**
* getFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
*
* @param ptype the policy type, can be "g", "g2", "g3", ..
* @param fieldIndex the policy rule's start index to be matched.
* @param fieldValues the field values to be matched, value ""
* means not to match this field.
* @return the filtered "g" policy rules of the specified ptype.
*/
getFilteredNamedGroupingPolicy(ptype, fieldIndex, ...fieldValues) {
const _super = Object.create(null, {
getFilteredNamedGroupingPolicy: { get: () => super.getFilteredNamedGroupingPolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.getFilteredNamedGroupingPolicy.call(this, ptype, fieldIndex, ...fieldValues).finally(() => this.lock.release());
});
}
/**
* hasPolicy determines whether an authorization rule exists.
*
* @param params the "p" policy rule, ptype "p" is implicitly used.
* @return whether the rule exists.
*/
hasPolicy(...params) {
return __awaiter(this, void 0, void 0, function* () {
return this.hasNamedPolicy('p', ...params);
});
}
/**
* hasNamedPolicy determines whether a named authorization rule exists.
*
* @param ptype the policy type, can be "p", "p2", "p3", ..
* @param params the "p" policy rule.
* @return whether the rule exists.
*/
hasNamedPolicy(ptype, ...params) {
const _super = Object.create(null, {
hasNamedPolicy: { get: () => super.hasNamedPolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.hasNamedPolicy.call(this, ptype, ...params).finally(() => this.lock.release());
});
}
/**
* addPolicy adds an authorization rule to the current policy.
* If the rule already exists, the function returns false and the rule will not be added.
* Otherwise the function returns true by adding the new rule.
*
* @param params the "p" policy rule, ptype "p" is implicitly used.
* @return succeeds or not.
*/
addPolicy(...params) {
return __awaiter(this, void 0, void 0, function* () {
return this.addNamedPolicy('p', ...params);
});
}
/**
* addNamedPolicy adds an authorization rule to the current named policy.
* If the rule already exists, the function returns false and the rule will not be added.
* Otherwise the function returns true by adding the new rule.
*
* @param ptype the policy type, can be "p", "p2", "p3", ..
* @param params the "p" policy rule.
* @return succeeds or not.
*/
addNamedPolicy(ptype, ...params) {
const _super = Object.create(null, {
addNamedPolicy: { get: () => super.addNamedPolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.addNamedPolicy.call(this, ptype, ...params).finally(() => this.lock.release());
});
}
/**
* removePolicy removes an authorization rule from the current policy.
*
* @param params the "p" policy rule, ptype "p" is implicitly used.
* @return succeeds or not.
*/
removePolicy(...params) {
return __awaiter(this, void 0, void 0, function* () {
return this.removeNamedPolicy('p', ...params);
});
}
/**
* removeFilteredPolicy removes an authorization rule from the current policy, field filters can be specified.
*
* @param fieldIndex the policy rule's start index to be matched.
* @param fieldValues the field values to be matched, value ""
* means not to match this field.
* @return succeeds or not.
*/
removeFilteredPolicy(fieldIndex, ...fieldValues) {
return __awaiter(this, void 0, void 0, function* () {
return this.removeFilteredNamedPolicy('p', fieldIndex, ...fieldValues);
});
}
/**
* removeNamedPolicy removes an authorization rule from the current named policy.
*
* @param ptype the policy type, can be "p", "p2", "p3", ..
* @param params the "p" policy rule.
* @return succeeds or not.
*/
removeNamedPolicy(ptype, ...params) {
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return this.removePolicyInternal('p', ptype, params).finally(() => this.lock.release());
});
}
/**
* removeFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.
*
* @param ptype the policy type, can be "p", "p2", "p3", ..
* @param fieldIndex the policy rule's start index to be matched.
* @param fieldValues the field values to be matched, value ""
* means not to match this field.
* @return succeeds or not.
*/
removeFilteredNamedPolicy(ptype, fieldIndex, ...fieldValues) {
const _super = Object.create(null, {
removeFilteredNamedPolicy: { get: () => super.removeFilteredNamedPolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.removeFilteredNamedPolicy.call(this, ptype, fieldIndex, ...fieldValues).finally(() => this.lock.release());
});
}
/**
* hasGroupingPolicy determines whether a role inheritance rule exists.
*
* @param params the "g" policy rule, ptype "g" is implicitly used.
* @return whether the rule exists.
*/
hasGroupingPolicy(...params) {
return __awaiter(this, void 0, void 0, function* () {
return this.hasNamedGroupingPolicy('g', ...params);
});
}
/**
* hasNamedGroupingPolicy determines whether a named role inheritance rule exists.
*
* @param ptype the policy type, can be "g", "g2", "g3", ..
* @param params the "g" policy rule.
* @return whether the rule exists.
*/
hasNamedGroupingPolicy(ptype, ...params) {
const _super = Object.create(null, {
hasNamedGroupingPolicy: { get: () => super.hasNamedGroupingPolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.hasNamedGroupingPolicy.call(this, ptype, ...params).finally(() => this.lock.release());
});
}
/**
* addGroupingPolicy adds a role inheritance rule to the current policy.
* If the rule already exists, the function returns false and the rule will not be added.
* Otherwise the function returns true by adding the new rule.
*
* @param params the "g" policy rule, ptype "g" is implicitly used.
* @return succeeds or not.
*/
addGroupingPolicy(...params) {
return __awaiter(this, void 0, void 0, function* () {
return this.addNamedGroupingPolicy('g', ...params);
});
}
/**
* addNamedGroupingPolicy adds a named role inheritance rule to the current policy.
* If the rule already exists, the function returns false and the rule will not be added.
* Otherwise the function returns true by adding the new rule.
*
* @param ptype the policy type, can be "g", "g2", "g3", ..
* @param params the "g" policy rule.
* @return succeeds or not.
*/
addNamedGroupingPolicy(ptype, ...params) {
const _super = Object.create(null, {
addNamedGroupingPolicy: { get: () => super.addNamedGroupingPolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.addNamedGroupingPolicy.call(this, ptype, ...params).finally(() => this.lock.release());
});
}
/**
* removeGroupingPolicy removes a role inheritance rule from the current policy.
*
* @param params the "g" policy rule, ptype "g" is implicitly used.
* @return succeeds or not.
*/
removeGroupingPolicy(...params) {
return __awaiter(this, void 0, void 0, function* () {
return this.removeNamedGroupingPolicy('g', ...params);
});
}
/**
* removeFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.
*
* @param fieldIndex the policy rule's start index to be matched.
* @param fieldValues the field values to be matched, value ""
* means not to match this field.
* @return succeeds or not.
*/
removeFilteredGroupingPolicy(fieldIndex, ...fieldValues) {
return __awaiter(this, void 0, void 0, function* () {
return this.removeFilteredNamedGroupingPolicy('g', fieldIndex, ...fieldValues);
});
}
/**
* removeNamedGroupingPolicy removes a role inheritance rule from the current named policy.
*
* @param ptype the policy type, can be "g", "g2", "g3", ..
* @param params the "g" policy rule.
* @return succeeds or not.
*/
removeNamedGroupingPolicy(ptype, ...params) {
const _super = Object.create(null, {
removeNamedGroupingPolicy: { get: () => super.removeNamedGroupingPolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.removeNamedGroupingPolicy.call(this, ptype, ...params).finally(() => this.lock.release());
});
}
/**
* removeFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.
*
* @param ptype the policy type, can be "g", "g2", "g3", ..
* @param fieldIndex the policy rule's start index to be matched.
* @param fieldValues the field values to be matched, value ""
* means not to match this field.
* @return succeeds or not.
*/
removeFilteredNamedGroupingPolicy(ptype, fieldIndex, ...fieldValues) {
const _super = Object.create(null, {
removeFilteredNamedGroupingPolicy: { get: () => super.removeFilteredNamedGroupingPolicy }
});
return __awaiter(this, void 0, void 0, function* () {
yield this.lock.acquireAsync();
return _super.removeFilteredNamedGroupingPolicy.call(this, ptype, fieldIndex, ...fieldValues).finally(() => this.lock.release());
});
}
}
exports.SyncedEnforcer = SyncedEnforcer;
// newSyncedEnforcer creates a synchronized enforcer via file or DB.
function newSyncedEnforcer(...params) {
return __awaiter(this, void 0, void 0, function* () {
return enforcer_1.newEnforcerWithClass(SyncedEnforcer, ...params);
});
}
exports.newSyncedEnforcer = newSyncedEnforcer;