GetFilteredNamedPolicyWithMatcher gets rules based on matcher from the policy.
(ptype string, matcher string)
| 135 | |
| 136 | // GetFilteredNamedPolicyWithMatcher gets rules based on matcher from the policy. |
| 137 | func (e *Enforcer) GetFilteredNamedPolicyWithMatcher(ptype string, matcher string) ([][]string, error) { |
| 138 | var res [][]string |
| 139 | var err error |
| 140 | |
| 141 | functions := e.fm.GetFunctions() |
| 142 | if _, ok := e.model["g"]; ok { |
| 143 | for key, ast := range e.model["g"] { |
| 144 | // g must be a normal role definition (ast.RM != nil) |
| 145 | // or a conditional role definition (ast.CondRM != nil) |
| 146 | // ast.RM and ast.CondRM shouldn't be nil at the same time |
| 147 | if ast.RM != nil { |
| 148 | functions[key] = util.GenerateGFunction(ast.RM) |
| 149 | } |
| 150 | if ast.CondRM != nil { |
| 151 | functions[key] = util.GenerateConditionalGFunction(ast.CondRM) |
| 152 | } |
| 153 | } |
| 154 | } |
| 155 | |
| 156 | var expString string |
| 157 | if matcher == "" { |
| 158 | return res, fmt.Errorf("matcher is empty") |
| 159 | } else { |
| 160 | expString = util.RemoveComments(util.EscapeAssertion(matcher)) |
| 161 | } |
| 162 | |
| 163 | var expression *govaluate.EvaluableExpression |
| 164 | |
| 165 | expression, err = govaluate.NewEvaluableExpressionWithFunctions(expString, functions) |
| 166 | if err != nil { |
| 167 | return res, err |
| 168 | } |
| 169 | |
| 170 | pTokens := make(map[string]int, len(e.model["p"][ptype].Tokens)) |
| 171 | for i, token := range e.model["p"][ptype].Tokens { |
| 172 | pTokens[token] = i |
| 173 | } |
| 174 | |
| 175 | parameters := enforceParameters{ |
| 176 | pTokens: pTokens, |
| 177 | } |
| 178 | |
| 179 | if policyLen := len(e.model["p"][ptype].Policy); policyLen != 0 && strings.Contains(expString, ptype+"_") { |
| 180 | for _, pvals := range e.model["p"][ptype].Policy { |
| 181 | if len(e.model["p"][ptype].Tokens) != len(pvals) { |
| 182 | return res, fmt.Errorf( |
| 183 | "invalid policy size: expected %d, got %d, pvals: %v", |
| 184 | len(e.model["p"][ptype].Tokens), |
| 185 | len(pvals), |
| 186 | pvals) |
| 187 | } |
| 188 | |
| 189 | parameters.pVals = pvals |
| 190 | |
| 191 | result, err := expression.Eval(parameters) |
| 192 | |
| 193 | if err != nil { |
| 194 | return res, err |