Comments (13)
Your matcher is not correct. From your function's code, it has three arguments: AviatorObject arg1, AviatorObject arg2, AviatorObject arg3
. BTW, I didn't see you are using the 2nd arg.
So your matcher should be: isIn(arg1, arg2, arg3)
instead of r.obj.branch isIn(r.sub.branch)
.
from jcasbin.
@M-Razavi Aviator needs to release a new version before jCasbin can import it. You can ask its author to release one and I will release a new version jCasbin based on it.
from jcasbin.
@M-Razavi jCasbin 1.2.0
has been released to Maven, may need some time for cache: https://mvnrepository.com/artifact/org.casbin/jcasbin
from jcasbin.
What you did now is correct, just call Enforcer.addFunction()
:
jcasbin/src/main/java/org/casbin/jcasbin/main/ManagementEnforcer.java
Lines 547 to 556 in e621f73
It's very similar to Golang's Casbin, which is documented here: https://casbin.org/docs/en/syntax-for-models#how-to-add-a-customized-function
from jcasbin.
I've used enforcer.addFunction() but got an error:
com.googlecode.aviator.exception.ExpressionSyntaxErrorException: Syntax error:Unexpect token 'isIn' at 32, current token: [type='variable',lexeme='isIn',index=32]. Parsing expression: r_act == "View" && r_obj.branch isIn^^
from jcasbin.
Can you paste all your code here? including Enforcer setup, enforce() call, model text, policy text.
from jcasbin.
This is set up and call :
enforcer = new Enforcer("role.conf", "policy.csv");
enforcer.addFunction(InCollectionFunc.getNameStatic(),new InCollectionFunc());
enforcer.addFunction(TimeValidityFunc.getNameStatic(),new TimeValidityFunc());
if (enforcer.enforce("cathy", "order1", "view")) {
System.out.println("ok");
}
And this is model:
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.act == "View" && r.obj.branch isIn(r.sub.branch) || g(r.sub, "Manager") && r.act == "View" || isValidTimeForUser(r.sub) || g(r.sub, "Manager") && (r.act == "Confirm" || r.act == "Reject") || g(r.sub, "Operator") && (r.act == "Create" || r.act == "Edit") || g(r.sub, "Reviewer") && r.obj.status== "confirmed"
Policy file is empty.
from jcasbin.
Time function:
import com.googlecode.aviator.runtime.function.AbstractFunction;
import com.googlecode.aviator.runtime.function.FunctionUtils;
import com.googlecode.aviator.runtime.type.AviatorBoolean;
import com.googlecode.aviator.runtime.type.AviatorObject;
import java.time.LocalTime;
import java.util.Map;
/**
* Created by Mahdi Razavi on 1/22/19-4:06 PM
*/
public class TimeValidityFunc extends AbstractFunction {
public TimeValidityFunc() {
}
public AviatorObject call(Map<String, Object> env, AviatorObject arg1, AviatorObject arg2, AviatorObject arg3) {
String actionTime = FunctionUtils.getStringValue(arg1, env);
String validityTimeStart = FunctionUtils.getStringValue(arg2, env);
String validityTimeEnd = FunctionUtils.getStringValue(arg3, env);
return AviatorBoolean.valueOf(isTimeMatch(actionTime, validityTimeStart, validityTimeEnd));
// return AviatorBoolean.valueOf(BuiltInFunctions.keyMatch(key1, key2));
}
private boolean isTimeMatch(String actionTime, String validityTimeStart, String validityTimeEnd) {
LocalTime actTime = LocalTime.parse(actionTime);
LocalTime tStart = LocalTime.parse(validityTimeStart);
LocalTime tEnd = LocalTime.parse(validityTimeEnd);
return actTime.compareTo(tStart) >= 0 && actTime.compareTo(tEnd) <= 0;
}
private boolean isValidTimeForUser(String userName) {
System.out.println("User:" + userName + " wants to do action");
return true;
}
public String getName() {
return getNameStatic();
}
public static String getNameStatic() {
return "isValidTimeForUser";
}
}
and isIn
function
import com.googlecode.aviator.runtime.function.AbstractFunction;
import com.googlecode.aviator.runtime.function.FunctionUtils;
import com.googlecode.aviator.runtime.type.AviatorBoolean;
import com.googlecode.aviator.runtime.type.AviatorObject;
import java.time.LocalTime;
import java.util.Map;
/**
* Created by Mahdi Razavi on 1/22/19-4:06 PM
*/
public class InCollectionFunc extends AbstractFunction {
public InCollectionFunc() {
}
public AviatorObject call(Map<String, Object> env, AviatorObject arg1, AviatorObject arg2, AviatorObject arg3) {
String value = FunctionUtils.getStringValue(arg1, env);
String collection = FunctionUtils.getStringValue(arg3, env);
return AviatorBoolean.valueOf(isInCollection(value, collection));
}
private boolean isInCollection(String value,String collection) {
System.out.println("value:" + value + " isIn collection:" + collection);
return true;
}
public String getName() {
return getNameStatic();
}
public static String getNameStatic() {
return "isIn";
}
}
from jcasbin.
@hsluoyz Many Thanks
from jcasbin.
I got this error:
Could not find variable r_obj.branch
@hsluoyz How should I set the field of request variable?
from jcasbin.
I think this is a bug in aviator which I fixed it
killme2008/aviatorscript#106
from jcasbin.
What does that PR mean? I'm not a Java expert and didn't quite understand it.
BTW, I already asked Aviator's author to review your PR :)
from jcasbin.
It seems that recent commit merged in Aviator and it needed to use the latest version of it in JCasbin dependency.
from jcasbin.
Related Issues (20)
- Policy Enforce explain not logging for model with RBAC with deny override HOT 3
- [Bug] Implicit role doesn't work in java lib 'jcasbin' but work in casbin editor HOT 2
- [Feature] Implement WatcherEx HOT 2
- get 'define class error' for first enforcement HOT 4
- Casbin with Graalvm native breaks since 1.32.0 HOT 2
- High risk vulnerability. HOT 2
- [Bug] Java SDK Bug of keyMatch4 HOT 2
- CSV values escaped using \ HOT 4
- [Bug] ConcurrentModificationException breaks Enforcer when calling Enforce() HOT 3
- NPE when loading model of RBAC with domain and keyMatch HOT 2
- [feature] support map in ABAC HOT 1
- Sync all test cases from Go to Java HOT 1
- The automated release is failing 🚨 HOT 1
- Enforcer unable to load policy from DB. HOT 5
- Update com.github.seancfoley:ipaddress to 5.4.1+ to fix CVE-2023-50570 HOT 1
- The automated release is failing 🚨 HOT 1
- Does Jcasbin support rbac-with-conditions? HOT 1
- The automated release is failing 🚨 HOT 2
- When using transactions, is it possible to provide an appending method instead? HOT 4
- jcasbin EnableAcceptJsonRequest HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jcasbin.