src/model/assertion.rs - casbin-rs - Git at Google

 use crate::{
     error::{ModelError, PolicyError},
     rbac::{DefaultRoleManager, RoleManager},
     Result,
 };

 #[cfg(feature = "incremental")]
 use crate::emitter::EventData;

 use hashlink::{LinkedHashMap, LinkedHashSet};
 use parking_lot::RwLock;

 use std::sync::Arc;

 pub type AssertionMap = LinkedHashMap<String, Assertion>;

 #[derive(Clone)]
 pub struct Assertion {
     pub key: String,
     pub value: String,
     pub tokens: Vec<String>,
     pub policy: LinkedHashSet<Vec<String>>,
     pub rm: Arc<RwLock<dyn RoleManager>>,
 }

 impl Default for Assertion {
     fn default() -> Self {
         Assertion {
             key: String::new(),
             value: String::new(),
             tokens: vec![],
             policy: LinkedHashSet::new(),
             rm: Arc::new(RwLock::new(DefaultRoleManager::new(0))),
         }
     }
 }

 impl Assertion {
     #[inline]
     pub fn get_policy(&self) -> &LinkedHashSet<Vec<String>> {
         &self.policy
     }

     #[inline]
     pub fn get_mut_policy(&mut self) -> &mut LinkedHashSet<Vec<String>> {
         &mut self.policy
     }

     pub fn build_role_links(
         &mut self,
         rm: Arc<RwLock<dyn RoleManager>>,
     ) -> Result<()> {
         let count = self.value.matches('_').count();
         if count < 2 {
             return Err(ModelError::P(
                 r#"the number of "_" in role definition should be at least 2"#
                     .to_owned(),
             )
             .into());
         }
         for rule in &self.policy {
             if rule.len() < count {
                 return Err(PolicyError::UnmatchPolicyDefinition(
                     count,
                     rule.len(),
                 )
                 .into());
             }
             if count == 2 {
                 rm.write().add_link(&rule[0], &rule[1], None);
             } else if count == 3 {
                 rm.write().add_link(&rule[0], &rule[1], Some(&rule[2]));
             } else if count >= 4 {
                 return Err(ModelError::P(
                     "Multiple domains are not supported".to_owned(),
                 )
                 .into());
             }
         }
         self.rm = Arc::clone(&rm);
         Ok(())
     }

     #[cfg(feature = "incremental")]
     pub fn build_incremental_role_links(
         &mut self,
         rm: Arc<RwLock<dyn RoleManager>>,
         d: EventData,
     ) -> Result<()> {
         let count = self.value.matches('_').count();
         if count < 2 {
             return Err(ModelError::P(
                 r#"the number of "_" in role definition should be at least 2"#
                     .to_owned(),
             )
             .into());
         }

         if let Some((insert, rules)) = match d {
             EventData::AddPolicy(_, _, rule) => Some((true, vec![rule])),
             EventData::AddPolicies(_, _, rules) => Some((true, rules)),
             EventData::RemovePolicy(_, _, rule) => Some((false, vec![rule])),
             EventData::RemovePolicies(_, _, rules) => Some((false, rules)),
             EventData::RemoveFilteredPolicy(_, _, rules) => {
                 Some((false, rules))
             }
             _ => None,
         } {
             for rule in rules {
                 if rule.len() < count {
                     return Err(PolicyError::UnmatchPolicyDefinition(
                         count,
                         rule.len(),
                     )
                     .into());
                 }
                 if count == 2 {
                     if insert {
                         rm.write().add_link(&rule[0], &rule[1], None);
                     } else {
                         rm.write().delete_link(&rule[0], &rule[1], None)?;
                     }
                 } else if count == 3 {
                     if insert {
                         rm.write().add_link(&rule[0], &rule[1], Some(&rule[2]));
                     } else {
                         rm.write().delete_link(
                             &rule[0],
                             &rule[1],
                             Some(&rule[2]),
                         )?;
                     }
                 } else if count >= 4 {
                     return Err(ModelError::P(
                         "Multiple domains are not supported".to_owned(),
                     )
                     .into());
                 }
             }

             self.rm = Arc::clone(&rm);
         }

         Ok(())
     }
 }
	use crate::{
	error::{ModelError, PolicyError},
	rbac::{DefaultRoleManager, RoleManager},
	Result,
	};

	#[cfg(feature = "incremental")]
	use crate::emitter::EventData;

	use hashlink::{LinkedHashMap, LinkedHashSet};
	use parking_lot::RwLock;

	use std::sync::Arc;

	pub type AssertionMap = LinkedHashMap<String, Assertion>;

	#[derive(Clone)]
	pub struct Assertion {
	pub key: String,
	pub value: String,
	pub tokens: Vec<String>,
	pub policy: LinkedHashSet<Vec<String>>,
	pub rm: Arc<RwLock<dyn RoleManager>>,
	}

	impl Default for Assertion {
	fn default() -> Self {
	Assertion {
	key: String::new(),
	value: String::new(),
	tokens: vec![],
	policy: LinkedHashSet::new(),
	rm: Arc::new(RwLock::new(DefaultRoleManager::new(0))),
	}
	}
	}

	impl Assertion {
	#[inline]
	pub fn get_policy(&self) -> &LinkedHashSet<Vec<String>> {
	&self.policy
	}

	#[inline]
	pub fn get_mut_policy(&mut self) -> &mut LinkedHashSet<Vec<String>> {
	&mut self.policy
	}

	pub fn build_role_links(
	&mut self,
	rm: Arc<RwLock<dyn RoleManager>>,
	) -> Result<()> {
	let count = self.value.matches('_').count();
	if count < 2 {
	return Err(ModelError::P(
	r#"the number of "_" in role definition should be at least 2"#
	.to_owned(),
	)
	.into());
	}
	for rule in &self.policy {
	if rule.len() < count {
	return Err(PolicyError::UnmatchPolicyDefinition(
	count,
	rule.len(),
	)
	.into());
	}
	if count == 2 {
	rm.write().add_link(&rule[0], &rule[1], None);
	} else if count == 3 {
	rm.write().add_link(&rule[0], &rule[1], Some(&rule[2]));
	} else if count >= 4 {
	return Err(ModelError::P(
	"Multiple domains are not supported".to_owned(),
	)
	.into());
	}
	}
	self.rm = Arc::clone(&rm);
	Ok(())
	}

	#[cfg(feature = "incremental")]
	pub fn build_incremental_role_links(
	&mut self,
	rm: Arc<RwLock<dyn RoleManager>>,
	d: EventData,
	) -> Result<()> {
	let count = self.value.matches('_').count();
	if count < 2 {
	return Err(ModelError::P(
	r#"the number of "_" in role definition should be at least 2"#
	.to_owned(),
	)
	.into());
	}

	if let Some((insert, rules)) = match d {
	EventData::AddPolicy(_, _, rule) => Some((true, vec![rule])),
	EventData::AddPolicies(_, _, rules) => Some((true, rules)),
	EventData::RemovePolicy(_, _, rule) => Some((false, vec![rule])),
	EventData::RemovePolicies(_, _, rules) => Some((false, rules)),
	EventData::RemoveFilteredPolicy(_, _, rules) => {
	Some((false, rules))
	}
	_ => None,
	} {
	for rule in rules {
	if rule.len() < count {
	return Err(PolicyError::UnmatchPolicyDefinition(
	count,
	rule.len(),
	)
	.into());
	}
	if count == 2 {
	if insert {
	rm.write().add_link(&rule[0], &rule[1], None);
	} else {
	rm.write().delete_link(&rule[0], &rule[1], None)?;
	}
	} else if count == 3 {
	if insert {
	rm.write().add_link(&rule[0], &rule[1], Some(&rule[2]));
	} else {
	rm.write().delete_link(
	&rule[0],
	&rule[1],
	Some(&rule[2]),
	)?;
	}
	} else if count >= 4 {
	return Err(ModelError::P(
	"Multiple domains are not supported".to_owned(),
	)
	.into());
	}
	}

	self.rm = Arc::clone(&rm);
	}

	Ok(())
	}
	}