enforce use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "".
(matcher string, explains *[]string, rvals ...interface{})
| 681 | |
| 682 | // enforce use a custom matcher to decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "". |
| 683 | func (e *Enforcer) enforce(matcher string, explains *[]string, rvals ...interface{}) (ok bool, err error) { //nolint:funlen,cyclop,gocyclo // TODO: reduce function complexity |
| 684 | logEntry := e.onLogBeforeEventInEnforce(rvals) |
| 685 | |
| 686 | defer func() { |
| 687 | if r := recover(); r != nil { |
| 688 | err = fmt.Errorf("panic: %v\n%s", r, debug.Stack()) |
| 689 | if e.logger != nil && logEntry != nil { |
| 690 | logEntry.Error = err |
| 691 | } |
| 692 | } |
| 693 | e.onLogAfterEventInEnforce(logEntry, ok) |
| 694 | }() |
| 695 | |
| 696 | if !e.enabled { |
| 697 | return true, nil |
| 698 | } |
| 699 | |
| 700 | functions := e.fm.GetFunctions() |
| 701 | if _, ok := e.model["g"]; ok { |
| 702 | for key, ast := range e.model["g"] { |
| 703 | // g must be a normal role definition (ast.RM != nil) |
| 704 | // or a conditional role definition (ast.CondRM != nil) |
| 705 | // ast.RM and ast.CondRM shouldn't be nil at the same time |
| 706 | if ast.RM != nil { |
| 707 | functions[key] = util.GenerateGFunction(ast.RM) |
| 708 | } |
| 709 | if ast.CondRM != nil { |
| 710 | functions[key] = util.GenerateConditionalGFunction(ast.CondRM) |
| 711 | } |
| 712 | } |
| 713 | } |
| 714 | |
| 715 | var ( |
| 716 | rType = "r" |
| 717 | pType = "p" |
| 718 | eType = "e" |
| 719 | mType = "m" |
| 720 | ) |
| 721 | if len(rvals) != 0 { |
| 722 | switch rvals[0].(type) { |
| 723 | case EnforceContext: |
| 724 | enforceContext := rvals[0].(EnforceContext) |
| 725 | rType = enforceContext.RType |
| 726 | pType = enforceContext.PType |
| 727 | eType = enforceContext.EType |
| 728 | mType = enforceContext.MType |
| 729 | rvals = rvals[1:] |
| 730 | default: |
| 731 | break |
| 732 | } |
| 733 | } |
| 734 | |
| 735 | var expString string |
| 736 | if matcher == "" { |
| 737 | expString = e.model["m"][mType].Value |
| 738 | } else { |
| 739 | // For custom matchers provided at runtime, escape backslashes in string literals |
| 740 | expString = util.EscapeStringLiterals(util.RemoveComments(util.EscapeAssertion(matcher))) |
no test coverage detected