From f914e8e9297a553eb55aa9c68285ab78eaff8636 Mon Sep 17 00:00:00 2001
From: Gucheng Wang <nomeguy@qq.com>
Date: Sun, 7 Aug 2022 23:55:03 +0800
Subject: [PATCH] Add permission_enforcer.go

---
 object/permission.go          | 143 ------------------------------
 object/permission_enforcer.go | 162 ++++++++++++++++++++++++++++++++++
 2 files changed, 162 insertions(+), 143 deletions(-)
 create mode 100644 object/permission_enforcer.go

diff --git a/object/permission.go b/object/permission.go
index 56205181..4cc30513 100644
--- a/object/permission.go
+++ b/object/permission.go
@@ -16,12 +16,7 @@ package object
 
 import (
 	"fmt"
-	"strings"
 
-	"github.com/casbin/casbin/v2"
-	"github.com/casbin/casbin/v2/model"
-	xormadapter "github.com/casbin/xorm-adapter/v2"
-	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
 )
@@ -158,85 +153,6 @@ func (permission *Permission) GetId() string {
 	return fmt.Sprintf("%s/%s", permission.Owner, permission.Name)
 }
 
-func getEnforcer(permission *Permission) *casbin.Enforcer {
-	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	adapter, err := xormadapter.NewAdapterWithTableName(conf.GetConfigString("driverName"), conf.GetBeegoConfDataSourceName()+conf.GetConfigString("dbName"), "permission_rule", tableNamePrefix, true)
-	if err != nil {
-		panic(err)
-	}
-
-	modelText := `
-[request_definition]
-r = sub, obj, act
-
-[policy_definition]
-p = permission, sub, obj, act
-
-[policy_effect]
-e = some(where (p.eft == allow))
-
-[matchers]
-m = r.sub == p.sub && r.obj == p.obj && r.act == p.act`
-	permissionModel := getModel(permission.Owner, permission.Model)
-	if permissionModel != nil {
-		modelText = permissionModel.ModelText
-	}
-	m, err := model.NewModelFromString(modelText)
-	if err != nil {
-		panic(err)
-	}
-
-	enforcer, err := casbin.NewEnforcer(m, adapter)
-	if err != nil {
-		panic(err)
-	}
-
-	err = enforcer.LoadFilteredPolicy(xormadapter.Filter{V0: []string{permission.GetId()}})
-	if err != nil {
-		panic(err)
-	}
-
-	return enforcer
-}
-
-func getPolicies(permission *Permission) [][]string {
-	var policies [][]string
-	for _, user := range permission.Users {
-		for _, resource := range permission.Resources {
-			for _, action := range permission.Actions {
-				policies = append(policies, []string{permission.GetId(), user, resource, strings.ToLower(action)})
-			}
-		}
-	}
-	for _, role := range permission.Roles {
-		for _, resource := range permission.Resources {
-			for _, action := range permission.Actions {
-				policies = append(policies, []string{permission.GetId(), role, resource, strings.ToLower(action)})
-			}
-		}
-	}
-	return policies
-}
-
-func addPolicies(permission *Permission) {
-	enforcer := getEnforcer(permission)
-	policies := getPolicies(permission)
-
-	_, err := enforcer.AddPolicies(policies)
-	if err != nil {
-		panic(err)
-	}
-}
-
-func removePolicies(permission *Permission) {
-	enforcer := getEnforcer(permission)
-
-	_, err := enforcer.RemoveFilteredPolicy(0, permission.GetId())
-	if err != nil {
-		panic(err)
-	}
-}
-
 func GetPermissionsByUser(userId string) []*Permission {
 	permissions := []*Permission{}
 	err := adapter.Engine.Where("users like ?", "%"+userId+"%").Find(&permissions)
@@ -246,62 +162,3 @@ func GetPermissionsByUser(userId string) []*Permission {
 
 	return permissions
 }
-
-func Enforce(userId string, permissionRule *PermissionRule) bool {
-	permission := GetPermission(permissionRule.V0)
-	enforcer := getEnforcer(permission)
-	allow, err := enforcer.Enforce(userId, permissionRule.V2, permissionRule.V3)
-	if err != nil {
-		panic(err)
-	}
-	return allow
-}
-
-func BatchEnforce(userId string, permissionRules []PermissionRule) []bool {
-	var requests [][]interface{}
-	for _, permissionRule := range permissionRules {
-		requests = append(requests, []interface{}{userId, permissionRule.V2, permissionRule.V3})
-	}
-	permission := GetPermission(permissionRules[0].V0)
-	enforcer := getEnforcer(permission)
-	allow, err := enforcer.BatchEnforce(requests)
-	if err != nil {
-		panic(err)
-	}
-	return allow
-}
-
-func getAllValues(userId string, sec string, fieldIndex int) []string {
-	permissions := GetPermissionsByUser(userId)
-	var values []string
-	for _, permission := range permissions {
-		enforcer := getEnforcer(permission)
-		enforcer.ClearPolicy()
-		err := enforcer.LoadFilteredPolicy(xormadapter.Filter{V0: []string{permission.GetId()}, V1: []string{userId}})
-		if err != nil {
-			return nil
-		}
-
-		for _, value := range enforcer.GetModel().GetValuesForFieldInPolicyAllTypes(sec, fieldIndex) {
-			values = append(values, value)
-		}
-	}
-	return values
-}
-
-func GetAllObjects(userId string) []string {
-	return getAllValues(userId, "p", 2)
-}
-
-func GetAllActions(userId string) []string {
-	return getAllValues(userId, "p", 3)
-}
-
-func GetAllRoles(userId string) []string {
-	roles := GetRolesByUser(userId)
-	var res []string
-	for _, role := range roles {
-		res = append(res, role.Name)
-	}
-	return res
-}
diff --git a/object/permission_enforcer.go b/object/permission_enforcer.go
new file mode 100644
index 00000000..e5b36da4
--- /dev/null
+++ b/object/permission_enforcer.go
@@ -0,0 +1,162 @@
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"strings"
+
+	"github.com/casbin/casbin/v2"
+	"github.com/casbin/casbin/v2/model"
+	xormadapter "github.com/casbin/xorm-adapter/v2"
+	"github.com/casdoor/casdoor/conf"
+)
+
+func getEnforcer(permission *Permission) *casbin.Enforcer {
+	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
+	adapter, err := xormadapter.NewAdapterWithTableName(conf.GetConfigString("driverName"), conf.GetBeegoConfDataSourceName()+conf.GetConfigString("dbName"), "permission_rule", tableNamePrefix, true)
+	if err != nil {
+		panic(err)
+	}
+
+	modelText := `
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = permission, sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && r.obj == p.obj && r.act == p.act`
+	permissionModel := getModel(permission.Owner, permission.Model)
+	if permissionModel != nil {
+		modelText = permissionModel.ModelText
+	}
+	m, err := model.NewModelFromString(modelText)
+	if err != nil {
+		panic(err)
+	}
+
+	enforcer, err := casbin.NewEnforcer(m, adapter)
+	if err != nil {
+		panic(err)
+	}
+
+	err = enforcer.LoadFilteredPolicy(xormadapter.Filter{V0: []string{permission.GetId()}})
+	if err != nil {
+		panic(err)
+	}
+
+	return enforcer
+}
+
+func getPolicies(permission *Permission) [][]string {
+	var policies [][]string
+	for _, user := range permission.Users {
+		for _, resource := range permission.Resources {
+			for _, action := range permission.Actions {
+				policies = append(policies, []string{permission.GetId(), user, resource, strings.ToLower(action)})
+			}
+		}
+	}
+	for _, role := range permission.Roles {
+		for _, resource := range permission.Resources {
+			for _, action := range permission.Actions {
+				policies = append(policies, []string{permission.GetId(), role, resource, strings.ToLower(action)})
+			}
+		}
+	}
+	return policies
+}
+
+func addPolicies(permission *Permission) {
+	enforcer := getEnforcer(permission)
+	policies := getPolicies(permission)
+
+	_, err := enforcer.AddPolicies(policies)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func removePolicies(permission *Permission) {
+	enforcer := getEnforcer(permission)
+
+	_, err := enforcer.RemoveFilteredPolicy(0, permission.GetId())
+	if err != nil {
+		panic(err)
+	}
+}
+
+func Enforce(userId string, permissionRule *PermissionRule) bool {
+	permission := GetPermission(permissionRule.V0)
+	enforcer := getEnforcer(permission)
+	allow, err := enforcer.Enforce(userId, permissionRule.V2, permissionRule.V3)
+	if err != nil {
+		panic(err)
+	}
+	return allow
+}
+
+func BatchEnforce(userId string, permissionRules []PermissionRule) []bool {
+	var requests [][]interface{}
+	for _, permissionRule := range permissionRules {
+		requests = append(requests, []interface{}{userId, permissionRule.V2, permissionRule.V3})
+	}
+	permission := GetPermission(permissionRules[0].V0)
+	enforcer := getEnforcer(permission)
+	allow, err := enforcer.BatchEnforce(requests)
+	if err != nil {
+		panic(err)
+	}
+	return allow
+}
+
+func getAllValues(userId string, sec string, fieldIndex int) []string {
+	permissions := GetPermissionsByUser(userId)
+	var values []string
+	for _, permission := range permissions {
+		enforcer := getEnforcer(permission)
+		enforcer.ClearPolicy()
+		err := enforcer.LoadFilteredPolicy(xormadapter.Filter{V0: []string{permission.GetId()}, V1: []string{userId}})
+		if err != nil {
+			return nil
+		}
+
+		for _, value := range enforcer.GetModel().GetValuesForFieldInPolicyAllTypes(sec, fieldIndex) {
+			values = append(values, value)
+		}
+	}
+	return values
+}
+
+func GetAllObjects(userId string) []string {
+	return getAllValues(userId, "p", 2)
+}
+
+func GetAllActions(userId string) []string {
+	return getAllValues(userId, "p", 3)
+}
+
+func GetAllRoles(userId string) []string {
+	roles := GetRolesByUser(userId)
+	var res []string
+	for _, role := range roles {
+		res = append(res, role.Name)
+	}
+	return res
+}