def enforce(self, *rvals): """decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). """ if not self.enabled: return False functions = self.fm.get_functions() if "g" in self.model.model.keys(): for key, ast in self.model.model["g"].items(): rm = ast.rm functions[key] = generate_g_function(rm) if "m" not in self.model.model.keys(): raise RuntimeError("model is undefined") if "m" not in self.model.model["m"].keys(): raise RuntimeError("model is undefined") r_tokens = self.model.model["r"]["r"].tokens p_tokens = self.model.model["p"]["p"].tokens if len(r_tokens) != len(rvals): raise RuntimeError("invalid request size") exp_string = self.model.model["m"]["m"].value has_eval = util.has_eval(exp_string) if not has_eval: expression = self._get_expression(exp_string, functions) policy_effects = set() matcher_results = set() r_parameters = dict(zip(r_tokens, rvals)) policy_len = len(self.model.model["p"]["p"].policy) if not 0 == policy_len: for i, pvals in enumerate(self.model.model["p"]["p"].policy): if len(p_tokens) != len(pvals): raise RuntimeError("invalid policy size") p_parameters = dict(zip(p_tokens, pvals)) parameters = dict(r_parameters, **p_parameters) if util.has_eval(exp_string): rule_names = util.get_eval_value(exp_string) rules = [util.escape_assertion(p_parameters[rule_name]) for rule_name in rule_names] exp_with_rule = util.replace_eval(exp_string, rules) expression = self._get_expression(exp_with_rule, functions) result = expression.eval(parameters) if isinstance(result, bool): if not result: policy_effects.add(Effector.INDETERMINATE) continue elif isinstance(result, float): if 0 == result: policy_effects.add(Effector.INDETERMINATE) continue else: matcher_results.add(result) else: raise RuntimeError("matcher result should be bool, int or float") if "p_eft" in parameters.keys(): eft = parameters["p_eft"] if "allow" == eft: policy_effects.add(Effector.ALLOW) elif "deny" == eft: policy_effects.add(Effector.DENY) else: policy_effects.add(Effector.INDETERMINATE) else: policy_effects.add(Effector.ALLOW) if "priority(p_eft) || deny" == self.model.model["e"]["e"].value: break else: if has_eval: raise RuntimeError("please make sure rule exists in policy when using eval() in matcher") parameters = r_parameters.copy() for token in self.model.model["p"]["p"].tokens: parameters[token] = "" result = expression.eval(parameters) if result: policy_effects.add(Effector.ALLOW) else: policy_effects.add(Effector.INDETERMINATE) result = self.eft.merge_effects(self.model.model["e"]["e"].value, policy_effects, matcher_results) # Log request. if log.get_logger().is_enabled(): req_str = "Request: " req_str = req_str + ", ".join([str(v) for v in rvals]) req_str = req_str + " ---> %s" % result log.log_print(req_str) return result
def enable_log(self, enable): """changes whether Casbin will log messages to the Logger.""" log.get_logger().enable_log(enable)
import casbin import os from unittest import TestCase import time from casbin import log log.get_logger().enable_log(True) def get_examples(path): examples_path = os.path.split( os.path.realpath(__file__))[0] + "/../examples/" return os.path.abspath(examples_path + path) class TestSub(): def __init__(self, name, age): self.name = name self.age = age class TestCaseBase(TestCase): def get_enforcer(self, model=None, adapter=None, enable_log=False): return casbin.Enforcer( model, adapter, enable_log, ) class TestConfig(TestCaseBase):
def enforce(self, *rvals): """decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act). """ if not self.enabled: return False functions = {} for key, val in self.fm.get_functions().items(): functions[key] = val if "g" in self.model.model.keys(): for key, ast in self.model.model["g"].items(): rm = ast.rm functions[key] = generate_g_function(rm) if "m" not in self.model.model.keys(): return RuntimeError("model is undefined") if "m" not in self.model.model["m"].keys(): return RuntimeError("model is undefined") exp_string = self.model.model["m"]["m"].value policy_effects = [] matcher_results = [] policy_len = len(self.model.model["p"]["p"].policy) if not 0 == policy_len: for i, pvals in enumerate(self.model.model["p"]["p"].policy): parameters = dict() for j, token in enumerate(self.model.model["r"]["r"].tokens): parameters[token] = rvals[j] for j, token in enumerate(self.model.model["p"]["p"].tokens): parameters[token] = pvals[j] result = expression.evaluate(exp_string, parameters, functions) if isinstance(result, bool): if not result: policy_effects.append(Effector.INDETERMINATE) continue elif isinstance(result, float): if 0 == result: policy_effects.append(Effector.INDETERMINATE) continue else: matcher_results.append(result) else: raise RuntimeError( "matcher result should be bool, int or float") if "p_eft" in parameters.keys(): eft = parameters["p_eft"] if "allow" == eft: policy_effects.append(Effector.ALLOW) elif "deny" == eft: policy_effects.append(Effector.DENY) else: policy_effects.append(Effector.INDETERMINATE) else: policy_effects.append(Effector.ALLOW) if "priority(p_eft) || deny" == self.model.model["e"][ "e"].value: break else: parameters = dict() for j, token in enumerate(self.model.model["r"]["r"].tokens): parameters[token] = rvals[j] for token in self.model.model["p"]["p"].tokens: parameters[token] = "" result = expression.evaluate(exp_string, parameters, functions) if result: policy_effects.append(Effector.ALLOW) else: policy_effects.append(Effector.INDETERMINATE) result = self.eft.merge_effects(self.model.model["e"]["e"].value, policy_effects, matcher_results) # Log request. if log.get_logger().is_enabled(): req_str = "Request: " req_str = req_str + ", ".join([str(v) for v in rvals]) req_str = req_str + " ---> %s" % result log.log_print(req_str) return result
def test_log(self): log.get_logger().enable_log(True) log.log_print("test log", "print") log.log_printf("test log %s", "print") self.assertTrue(log.get_logger().is_enabled())