MCPcopy
hub / github.com/apache/casbin / enforce

Method enforce

enforcer.go:683–907  ·  view source on GitHub ↗

enforce use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "".

(matcher string, explains *[]string, rvals ...interface{})

Source from the content-addressed store, hash-verified

681
682// enforce use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "".
683func (e *Enforcer) enforce(matcher string, explains *[]string, rvals ...interface{}) (ok bool, err error) { //nolint:funlen,cyclop,gocyclo // TODO: reduce function complexity
684 logEntry := e.onLogBeforeEventInEnforce(rvals)
685
686 defer func() {
687 if r := recover(); r != nil {
688 err = fmt.Errorf("panic: %v\n%s", r, debug.Stack())
689 if e.logger != nil && logEntry != nil {
690 logEntry.Error = err
691 }
692 }
693 e.onLogAfterEventInEnforce(logEntry, ok)
694 }()
695
696 if !e.enabled {
697 return true, nil
698 }
699
700 functions := e.fm.GetFunctions()
701 if _, ok := e.model["g"]; ok {
702 for key, ast := range e.model["g"] {
703 // g must be a normal role definition (ast.RM != nil)
704 // or a conditional role definition (ast.CondRM != nil)
705 // ast.RM and ast.CondRM shouldn't be nil at the same time
706 if ast.RM != nil {
707 functions[key] = util.GenerateGFunction(ast.RM)
708 }
709 if ast.CondRM != nil {
710 functions[key] = util.GenerateConditionalGFunction(ast.CondRM)
711 }
712 }
713 }
714
715 var (
716 rType = "r"
717 pType = "p"
718 eType = "e"
719 mType = "m"
720 )
721 if len(rvals) != 0 {
722 switch rvals[0].(type) {
723 case EnforceContext:
724 enforceContext := rvals[0].(EnforceContext)
725 rType = enforceContext.RType
726 pType = enforceContext.PType
727 eType = enforceContext.EType
728 mType = enforceContext.MType
729 rvals = rvals[1:]
730 default:
731 break
732 }
733 }
734
735 var expString string
736 if matcher == "" {
737 expString = e.model["m"][mType].Value
738 } else {
739 // For custom matchers provided at runtime, escape backslashes in string literals
740 expString = util.EscapeStringLiterals(util.RemoveComments(util.EscapeAssertion(matcher)))

Callers 6

EnforceMethod · 0.95
EnforceWithMatcherMethod · 0.95
EnforceExMethod · 0.95
EnforceExWithMatcherMethod · 0.95
BatchEnforceMethod · 0.95

Calls 13

GenerateGFunctionFunction · 0.92
EscapeStringLiteralsFunction · 0.92
RemoveCommentsFunction · 0.92
EscapeAssertionFunction · 0.92
JsonToMapFunction · 0.92
HasEvalFunction · 0.92
generateEvalFunctionFunction · 0.85
GetFunctionsMethod · 0.80

Tested by

no test coverage detected