From 561c2d1f169b305ab65a9307dd45ba7cbd5a3131 Mon Sep 17 00:00:00 2001 From: Zixuan Liu Date: Mon, 21 Sep 2020 17:34:25 +0800 Subject: [PATCH] fix: compatible with Model of v2 Signed-off-by: Zixuan Liu --- enforcer.go | 12 +- enforcer_interface.go | 6 +- internal/internal.go | 4 +- model/model.go | 89 ++++++--------- model/policy.go | 134 +++++++++-------------- persist/adapter.go | 6 +- persist/adapter_filtered.go | 2 +- persist/file-adapter/adapter.go | 6 +- persist/file-adapter/adapter_filtered.go | 8 +- persist/file-adapter/adapter_mock.go | 6 +- persist/watcher_ex.go | 2 +- 11 files changed, 109 insertions(+), 166 deletions(-) diff --git a/enforcer.go b/enforcer.go index 016da676..6c1964ef 100644 --- a/enforcer.go +++ b/enforcer.go @@ -36,7 +36,7 @@ import ( // Enforcer is the main interface for authorization enforcement and policy management. type Enforcer struct { modelPath string - model *model.Model + model model.Model fm model.FunctionMap eft effect.Effector @@ -101,7 +101,7 @@ func NewEnforcer(params ...interface{}) (*Enforcer, error) { case string: return nil, errors.New("invalid parameters for enforcer") default: - err := e.InitWithModelAndAdapter(p0.(*model.Model), params[1].(persist.Adapter)) + err := e.InitWithModelAndAdapter(p0.(model.Model), params[1].(persist.Adapter)) if err != nil { return nil, err } @@ -115,7 +115,7 @@ func NewEnforcer(params ...interface{}) (*Enforcer, error) { return nil, err } default: - err := e.InitWithModelAndAdapter(p0.(*model.Model), nil) + err := e.InitWithModelAndAdapter(p0.(model.Model), nil) if err != nil { return nil, err } @@ -152,7 +152,7 @@ func (e *Enforcer) InitWithAdapter(modelPath string, adapter persist.Adapter) er } // InitWithModelAndAdapter initializes an enforcer with a model and a database adapter. -func (e *Enforcer) InitWithModelAndAdapter(m *model.Model, adapter persist.Adapter) error { +func (e *Enforcer) InitWithModelAndAdapter(m model.Model, adapter persist.Adapter) error { e.adapter = adapter e.model = m @@ -201,12 +201,12 @@ func (e *Enforcer) LoadModel() error { } // GetModel gets the current model. -func (e *Enforcer) GetModel() *model.Model { +func (e *Enforcer) GetModel() model.Model { return e.model } // SetModel sets the current model. -func (e *Enforcer) SetModel(m *model.Model) { +func (e *Enforcer) SetModel(m model.Model) { e.model = m e.fm = model.LoadFunctionMap() e.internal = internal.NewPolicyManager(m, e.adapter, e.rm) diff --git a/enforcer_interface.go b/enforcer_interface.go index 75493f04..e4805a75 100644 --- a/enforcer_interface.go +++ b/enforcer_interface.go @@ -112,10 +112,10 @@ type IEnforcer interface { /* Enforcer API */ InitWithFile(modelPath string, policyPath string) error InitWithAdapter(modelPath string, adapter persist.Adapter) error - InitWithModelAndAdapter(m *model.Model, adapter persist.Adapter) error + InitWithModelAndAdapter(m model.Model, adapter persist.Adapter) error LoadModel() error - GetModel() *model.Model - SetModel(m *model.Model) + GetModel() model.Model + SetModel(m model.Model) GetAdapter() persist.Adapter SetAdapter(adapter persist.Adapter) SetWatcher(watcher persist.Watcher) error diff --git a/internal/internal.go b/internal/internal.go index e2da5b2f..7516d3a0 100644 --- a/internal/internal.go +++ b/internal/internal.go @@ -31,7 +31,7 @@ type PolicyManager interface { } type policyManager struct { - model *model.Model + model model.Model adapter persist.Adapter rm rbac.RoleManager } @@ -41,7 +41,7 @@ const ( ) // NewPolicyManager is the constructor for PolicyManager -func NewPolicyManager(model *model.Model, adapter persist.Adapter, rm rbac.RoleManager) PolicyManager { +func NewPolicyManager(model model.Model, adapter persist.Adapter, rm rbac.RoleManager) PolicyManager { return &policyManager{ model: model, adapter: adapter, diff --git a/model/model.go b/model/model.go index ea5ec895..5a23ef0c 100644 --- a/model/model.go +++ b/model/model.go @@ -18,7 +18,6 @@ import ( "fmt" "strconv" "strings" - "sync" "github.com/Knetic/govaluate" "github.com/casbin/casbin/v3/rbac" @@ -29,10 +28,7 @@ import ( ) // Model represents the whole access control model. -type Model struct { - data map[string]AssertionMap - mutex sync.RWMutex -} +type Model map[string]AssertionMap // AssertionMap is the collection of assertions, can be "r", "p", "g", "e", "m". type AssertionMap map[string]*Assertion @@ -48,19 +44,17 @@ var sectionNameMap = map[string]string{ // Minimal required sections for a model to be valid var requiredSections = []string{"r", "p", "e", "m"} -func loadAssertion(model *Model, cfg config.ConfigInterface, sec string, key string) bool { +func loadAssertion(model Model, cfg config.ConfigInterface, sec string, key string) bool { value := cfg.String(sectionNameMap[sec] + "::" + key) return model.addDef(sec, key, value) } // AddDef adds an assertion to the model. -func (model *Model) AddDef(sec string, key string, value string) bool { - model.mutex.Lock() - defer model.mutex.Unlock() +func (model Model) AddDef(sec string, key string, value string) bool { return model.addDef(sec, key, value) } -func (model *Model) addDef(sec string, key string, value string) bool { +func (model Model) addDef(sec string, key string, value string) bool { if value == "" { return false } @@ -79,12 +73,12 @@ func (model *Model) addDef(sec string, key string, value string) bool { ast.Value = util.RemoveComments(util.EscapeAssertion(ast.Value)) } - _, ok := model.data[sec] + _, ok := model[sec] if !ok { - model.data[sec] = make(AssertionMap) + model[sec] = make(AssertionMap) } - model.data[sec][key] = &ast + model[sec][key] = &ast return true } @@ -96,7 +90,7 @@ func getKeySuffix(i int) string { return strconv.Itoa(i) } -func loadSection(model *Model, cfg config.ConfigInterface, sec string) { +func loadSection(model Model, cfg config.ConfigInterface, sec string) { i := 1 for { if !loadAssertion(model, cfg, sec, sec+getKeySuffix(i)) { @@ -108,14 +102,13 @@ func loadSection(model *Model, cfg config.ConfigInterface, sec string) { } // NewModel creates an empty model. -func NewModel() *Model { - m := new(Model) - m.data = make(map[string]AssertionMap) +func NewModel() Model { + m := make(Model) return m } // NewModelFromFile creates a model from a .CONF file. -func NewModelFromFile(path string) (*Model, error) { +func NewModelFromFile(path string) (Model, error) { m := NewModel() err := m.LoadModel(path) @@ -127,7 +120,7 @@ func NewModelFromFile(path string) (*Model, error) { } // NewModelFromString creates a model from a string which contains model text. -func NewModelFromString(text string) (*Model, error) { +func NewModelFromString(text string) (Model, error) { m := NewModel() err := m.LoadModelFromText(text) @@ -139,7 +132,7 @@ func NewModelFromString(text string) (*Model, error) { } // LoadModel loads the model from model CONF file. -func (model *Model) LoadModel(path string) error { +func (model Model) LoadModel(path string) error { cfg, err := config.NewConfig(path) if err != nil { return err @@ -149,7 +142,7 @@ func (model *Model) LoadModel(path string) error { } // LoadModelFromText loads the model from the text. -func (model *Model) LoadModelFromText(text string) error { +func (model Model) LoadModelFromText(text string) error { cfg, err := config.NewConfigFromText(text) if err != nil { return err @@ -158,9 +151,7 @@ func (model *Model) LoadModelFromText(text string) error { return model.loadModelFromConfig(cfg) } -func (model *Model) loadModelFromConfig(cfg config.ConfigInterface) error { - model.mutex.Lock() - defer model.mutex.Unlock() +func (model Model) loadModelFromConfig(cfg config.ConfigInterface) error { for s := range sectionNameMap { loadSection(model, cfg, s) } @@ -176,17 +167,15 @@ func (model *Model) loadModelFromConfig(cfg config.ConfigInterface) error { return nil } -func (model *Model) hasSection(sec string) bool { - section := model.data[sec] +func (model Model) hasSection(sec string) bool { + section := model[sec] return section != nil } // PrintModel prints the model to the log. -func (model *Model) PrintModel() { - model.mutex.RLock() - defer model.mutex.RUnlock() +func (model Model) PrintModel() { log.LogPrint("Model:") - for k, v := range model.data { + for k, v := range model { for i, j := range v { log.LogPrintf("%s.%s: %s", k, i, j.Value) } @@ -194,32 +183,24 @@ func (model *Model) PrintModel() { } // GetMatcher gets the matcher. -func (model *Model) GetMatcher() string { - model.mutex.RLock() - defer model.mutex.RUnlock() - return model.data["m"]["m"].Value +func (model Model) GetMatcher() string { + return model["m"]["m"].Value } // GetEffectExpression gets the effect expression. -func (model *Model) GetEffectExpression() string { - model.mutex.RLock() - defer model.mutex.RUnlock() - return model.data["e"]["e"].Value +func (model Model) GetEffectExpression() string { + return model["e"]["e"].Value } // GetRoleManager gets the current role manager used in ptype. -func (model *Model) GetRoleManager(sec string, ptype string) rbac.RoleManager { - model.mutex.RLock() - defer model.mutex.RUnlock() - return model.data[sec][ptype].RM +func (model Model) GetRoleManager(sec string, ptype string) rbac.RoleManager { + return model[sec][ptype].RM } // GetTokens returns a map with all the tokens -func (model *Model) GetTokens(sec string, ptype string) map[string]int { - model.mutex.RLock() - defer model.mutex.RUnlock() - tokens := make(map[string]int, len(model.data[sec][ptype].Tokens)) - for i, token := range model.data[sec][ptype].Tokens { +func (model Model) GetTokens(sec string, ptype string) map[string]int { + tokens := make(map[string]int, len(model[sec][ptype].Tokens)) + for i, token := range model[sec][ptype].Tokens { tokens[token] = i } @@ -227,24 +208,20 @@ func (model *Model) GetTokens(sec string, ptype string) map[string]int { } // GetPtypes returns a slice for all ptype -func (model *Model) GetPtypes(sec string) []string { - model.mutex.RLock() - defer model.mutex.RUnlock() +func (model Model) GetPtypes(sec string) []string { var res []string - for k := range model.data[sec] { + for k := range model[sec] { res = append(res, k) } return res } // GenerateFunctions return a map with all the functions -func (model *Model) GenerateFunctions(fm FunctionMap) map[string]govaluate.ExpressionFunction { - model.mutex.RLock() - defer model.mutex.RUnlock() +func (model Model) GenerateFunctions(fm FunctionMap) map[string]govaluate.ExpressionFunction { functions := fm.GetFunctions() - if _, ok := model.data["g"]; ok { - for key, ast := range model.data["g"] { + if _, ok := model["g"]; ok { + for key, ast := range model["g"] { rm := ast.RM functions[key] = util.GenerateGFunction(rm) } diff --git a/model/policy.go b/model/policy.go index 5d4ffed7..40233da0 100644 --- a/model/policy.go +++ b/model/policy.go @@ -34,20 +34,16 @@ const ( const DefaultSep = "," // BuildIncrementalRoleLinks provides incremental build the role inheritance relations. -func (model *Model) BuildIncrementalRoleLinks(rm rbac.RoleManager, op PolicyOp, sec string, ptype string, rules [][]string) error { - model.mutex.Lock() - defer model.mutex.Unlock() +func (model Model) BuildIncrementalRoleLinks(rm rbac.RoleManager, op PolicyOp, sec string, ptype string, rules [][]string) error { if sec == "g" { - return model.data[sec][ptype].buildIncrementalRoleLinks(rm, op, rules) + return model[sec][ptype].buildIncrementalRoleLinks(rm, op, rules) } return nil } // BuildRoleLinks initializes the roles in RBAC. -func (model *Model) BuildRoleLinks(rm rbac.RoleManager) error { - model.mutex.Lock() - defer model.mutex.Unlock() - for _, ast := range model.data["g"] { +func (model Model) BuildRoleLinks(rm rbac.RoleManager) error { + for _, ast := range model["g"] { err := ast.buildRoleLinks(rm) if err != nil { return err @@ -58,40 +54,34 @@ func (model *Model) BuildRoleLinks(rm rbac.RoleManager) error { } // PrintPolicy prints the policy to log. -func (model *Model) PrintPolicy() { - model.mutex.RLock() - defer model.mutex.RUnlock() +func (model Model) PrintPolicy() { log.LogPrint("Policy:") - for key, ast := range model.data["p"] { + for key, ast := range model["p"] { log.LogPrint(key, ": ", ast.Value, ": ", ast.Policy) } - for key, ast := range model.data["g"] { + for key, ast := range model["g"] { log.LogPrint(key, ": ", ast.Value, ": ", ast.Policy) } } // ClearPolicy clears all current policy. -func (model *Model) ClearPolicy() { - model.mutex.Lock() - defer model.mutex.Unlock() - for _, ast := range model.data["p"] { +func (model Model) ClearPolicy() { + for _, ast := range model["p"] { ast.Policy = nil ast.PolicyMap = map[string]int{} } - for _, ast := range model.data["g"] { + for _, ast := range model["g"] { ast.Policy = nil ast.PolicyMap = map[string]int{} } } // GetPolicy gets all rules in a policy. -func (model *Model) GetPolicy(sec string, ptype string) [][]string { - model.mutex.RLock() - defer model.mutex.RUnlock() +func (model Model) GetPolicy(sec string, ptype string) [][]string { var res [][]string - for _, v := range model.data[sec][ptype].Policy { + for _, v := range model[sec][ptype].Policy { temp := make([]string, len(v)) copy(temp, v) res = append(res, temp) @@ -100,12 +90,10 @@ func (model *Model) GetPolicy(sec string, ptype string) [][]string { } // GetFilteredPolicy gets rules based on field filters from a policy. -func (model *Model) GetFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) [][]string { - model.mutex.RLock() - defer model.mutex.RUnlock() +func (model Model) GetFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) [][]string { res := [][]string{} - for _, rule := range model.data[sec][ptype].Policy { + for _, rule := range model[sec][ptype].Policy { matched := true for i, fieldValue := range fieldValues { if fieldValue != "" && rule[fieldIndex+i] != fieldValue { @@ -123,17 +111,13 @@ func (model *Model) GetFilteredPolicy(sec string, ptype string, fieldIndex int, } // HasPolicy determines whether a model has the specified policy rule. -func (model *Model) HasPolicy(sec string, ptype string, rule []string) bool { - model.mutex.RLock() - defer model.mutex.RUnlock() - _, ok := model.data[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)] +func (model Model) HasPolicy(sec string, ptype string, rule []string) bool { + _, ok := model[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)] return ok } // HasPolicies determines whether a model has any of the specified policies. If one is found we return false. -func (model *Model) HasPolicies(sec string, ptype string, rules [][]string) bool { - model.mutex.RLock() - defer model.mutex.RUnlock() +func (model Model) HasPolicies(sec string, ptype string, rules [][]string) bool { for i := 0; i < len(rules); i++ { if model.HasPolicy(sec, ptype, rules[i]) { return true @@ -144,69 +128,59 @@ func (model *Model) HasPolicies(sec string, ptype string, rules [][]string) bool } // AddPolicy adds a policy rule to the model. -func (model *Model) AddPolicy(sec string, ptype string, rule []string) { - model.mutex.Lock() - defer model.mutex.Unlock() - model.data[sec][ptype].Policy = append(model.data[sec][ptype].Policy, rule) - model.data[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)] = len(model.data[sec][ptype].Policy) - 1 +func (model Model) AddPolicy(sec string, ptype string, rule []string) { + model[sec][ptype].Policy = append(model[sec][ptype].Policy, rule) + model[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)] = len(model[sec][ptype].Policy) - 1 } // AddPolicies adds policy rules to the model. -func (model *Model) AddPolicies(sec string, ptype string, rules [][]string) { - model.mutex.Lock() - defer model.mutex.Unlock() +func (model Model) AddPolicies(sec string, ptype string, rules [][]string) { for _, rule := range rules { hashKey := strings.Join(rule, DefaultSep) - _, ok := model.data[sec][ptype].PolicyMap[hashKey] + _, ok := model[sec][ptype].PolicyMap[hashKey] if ok { continue } - model.data[sec][ptype].Policy = append(model.data[sec][ptype].Policy, rule) - model.data[sec][ptype].PolicyMap[hashKey] = len(model.data[sec][ptype].Policy) - 1 + model[sec][ptype].Policy = append(model[sec][ptype].Policy, rule) + model[sec][ptype].PolicyMap[hashKey] = len(model[sec][ptype].Policy) - 1 } } // RemovePolicy removes a policy rule from the model. -func (model *Model) RemovePolicy(sec string, ptype string, rule []string) bool { - model.mutex.Lock() - defer model.mutex.Unlock() - index, ok := model.data[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)] +func (model Model) RemovePolicy(sec string, ptype string, rule []string) bool { + index, ok := model[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)] if !ok { return false } - model.data[sec][ptype].Policy = append(model.data[sec][ptype].Policy[:index], model.data[sec][ptype].Policy[index+1:]...) - delete(model.data[sec][ptype].PolicyMap, strings.Join(rule, DefaultSep)) - for i := index; i < len(model.data[sec][ptype].Policy); i++ { - model.data[sec][ptype].PolicyMap[strings.Join(model.data[sec][ptype].Policy[i], DefaultSep)] = i + model[sec][ptype].Policy = append(model[sec][ptype].Policy[:index], model[sec][ptype].Policy[index+1:]...) + delete(model[sec][ptype].PolicyMap, strings.Join(rule, DefaultSep)) + for i := index; i < len(model[sec][ptype].Policy); i++ { + model[sec][ptype].PolicyMap[strings.Join(model[sec][ptype].Policy[i], DefaultSep)] = i } return true } // RemovePolicies removes policy rules from the model. -func (model *Model) RemovePolicies(sec string, ptype string, rules [][]string) bool { - model.mutex.Lock() - defer model.mutex.Unlock() +func (model Model) RemovePolicies(sec string, ptype string, rules [][]string) bool { for _, rule := range rules { - index, ok := model.data[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)] + index, ok := model[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)] if !ok { continue } - model.data[sec][ptype].Policy = append(model.data[sec][ptype].Policy[:index], model.data[sec][ptype].Policy[index+1:]...) - delete(model.data[sec][ptype].PolicyMap, strings.Join(rule, DefaultSep)) - for i := index; i < len(model.data[sec][ptype].Policy); i++ { - model.data[sec][ptype].PolicyMap[strings.Join(model.data[sec][ptype].Policy[i], DefaultSep)] = i + model[sec][ptype].Policy = append(model[sec][ptype].Policy[:index], model[sec][ptype].Policy[index+1:]...) + delete(model[sec][ptype].PolicyMap, strings.Join(rule, DefaultSep)) + for i := index; i < len(model[sec][ptype].Policy); i++ { + model[sec][ptype].PolicyMap[strings.Join(model[sec][ptype].Policy[i], DefaultSep)] = i } } return true } // RemoveFilteredPolicy removes policy rules based on field filters from the model. -func (model *Model) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) (bool, [][]string) { - model.mutex.Lock() - defer model.mutex.Unlock() +func (model Model) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) (bool, [][]string) { var tmp [][]string var effects [][]string res := false @@ -216,7 +190,7 @@ func (model *Model) RemoveFilteredPolicy(sec string, ptype string, fieldIndex in return false, effects } - for index, rule := range model.data[sec][ptype].Policy { + for index, rule := range model[sec][ptype].Policy { matched := true for i, fieldValue := range fieldValues { if fieldValue != "" && rule[fieldIndex+i] != fieldValue { @@ -229,7 +203,7 @@ func (model *Model) RemoveFilteredPolicy(sec string, ptype string, fieldIndex in if firstIndex == -1 { firstIndex = index } - delete(model.data[sec][ptype].PolicyMap, strings.Join(rule, DefaultSep)) + delete(model[sec][ptype].PolicyMap, strings.Join(rule, DefaultSep)) effects = append(effects, rule) res = true } else { @@ -238,9 +212,9 @@ func (model *Model) RemoveFilteredPolicy(sec string, ptype string, fieldIndex in } if firstIndex != -1 { - model.data[sec][ptype].Policy = tmp - for i := firstIndex; i < len(model.data[sec][ptype].Policy); i++ { - model.data[sec][ptype].PolicyMap[strings.Join(model.data[sec][ptype].Policy[i], DefaultSep)] = i + model[sec][ptype].Policy = tmp + for i := firstIndex; i < len(model[sec][ptype].Policy); i++ { + model[sec][ptype].PolicyMap[strings.Join(model[sec][ptype].Policy[i], DefaultSep)] = i } } @@ -248,12 +222,10 @@ func (model *Model) RemoveFilteredPolicy(sec string, ptype string, fieldIndex in } // GetValuesForFieldInPolicy gets all values for a field for all rules in a policy, duplicated values are removed. -func (model *Model) GetValuesForFieldInPolicy(sec string, ptype string, fieldIndex int) []string { - model.mutex.RLock() - defer model.mutex.RUnlock() +func (model Model) GetValuesForFieldInPolicy(sec string, ptype string, fieldIndex int) []string { values := []string{} - for _, rule := range model.data[sec][ptype].Policy { + for _, rule := range model[sec][ptype].Policy { values = append(values, rule[fieldIndex]) } @@ -263,12 +235,10 @@ func (model *Model) GetValuesForFieldInPolicy(sec string, ptype string, fieldInd } // GetValuesForFieldInPolicyAllTypes gets all values for a field for all rules in a policy of all ptypes, duplicated values are removed. -func (model *Model) GetValuesForFieldInPolicyAllTypes(sec string, fieldIndex int) []string { - model.mutex.RLock() - defer model.mutex.RUnlock() +func (model Model) GetValuesForFieldInPolicyAllTypes(sec string, fieldIndex int) []string { values := []string{} - for ptype := range model.data[sec] { + for ptype := range model[sec] { values = append(values, model.GetValuesForFieldInPolicy(sec, ptype, fieldIndex)...) } @@ -278,12 +248,10 @@ func (model *Model) GetValuesForFieldInPolicyAllTypes(sec string, fieldIndex int } // RemoveExistPolicy remove the policy rules already in the model. -func (model *Model) RemoveExistPolicy(sec string, ptype string, rules [][]string) [][]string { - model.mutex.RLock() - defer model.mutex.RUnlock() +func (model Model) RemoveExistPolicy(sec string, ptype string, rules [][]string) [][]string { var res [][]string for _, rule := range rules { - if _, ok := model.data[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)]; !ok { + if _, ok := model[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)]; !ok { res = append(res, rule) } } @@ -292,12 +260,10 @@ func (model *Model) RemoveExistPolicy(sec string, ptype string, rules [][]string } // RemoveNotExistPolicy removes the policy rules not in the model -func (model *Model) RemoveNotExistPolicy(sec string, ptype string, rules [][]string) [][]string { - model.mutex.RLock() - defer model.mutex.RUnlock() +func (model Model) RemoveNotExistPolicy(sec string, ptype string, rules [][]string) [][]string { var res [][]string for _, rule := range rules { - if _, ok := model.data[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)]; ok { + if _, ok := model[sec][ptype].PolicyMap[strings.Join(rule, DefaultSep)]; ok { res = append(res, rule) } } diff --git a/persist/adapter.go b/persist/adapter.go index aa598c95..eed20353 100644 --- a/persist/adapter.go +++ b/persist/adapter.go @@ -22,7 +22,7 @@ import ( ) // LoadPolicyLine loads a text line as a policy rule to model. -func LoadPolicyLine(line string, m *model.Model) { +func LoadPolicyLine(line string, m model.Model) { if line == "" || strings.HasPrefix(line, "#") { return } @@ -45,9 +45,9 @@ func LoadPolicyLine(line string, m *model.Model) { // Adapter is the interface for Casbin adapters. type Adapter interface { // LoadPolicy loads all policy rules from the storage. - LoadPolicy(model *model.Model) error + LoadPolicy(model model.Model) error // SavePolicy saves all policy rules to the storage. - SavePolicy(model *model.Model) error + SavePolicy(model model.Model) error // AddPolicy adds a policy rule to the storage. // This is part of the Auto-Save feature. diff --git a/persist/adapter_filtered.go b/persist/adapter_filtered.go index d3367e36..f4be4a6b 100644 --- a/persist/adapter_filtered.go +++ b/persist/adapter_filtered.go @@ -23,7 +23,7 @@ type FilteredAdapter interface { Adapter // LoadFilteredPolicy loads only policy rules that match the filter. - LoadFilteredPolicy(model *model.Model, filter interface{}) error + LoadFilteredPolicy(model model.Model, filter interface{}) error // IsFiltered returns true if the loaded policy has been filtered. IsFiltered() bool } diff --git a/persist/file-adapter/adapter.go b/persist/file-adapter/adapter.go index 69431431..eeff9f07 100644 --- a/persist/file-adapter/adapter.go +++ b/persist/file-adapter/adapter.go @@ -38,7 +38,7 @@ func NewAdapter(filePath string) *Adapter { } // LoadPolicy loads all policy rules from the storage. -func (a *Adapter) LoadPolicy(model *model.Model) error { +func (a *Adapter) LoadPolicy(model model.Model) error { if a.filePath == "" { return errors.New("invalid file path, file path cannot be empty") } @@ -47,7 +47,7 @@ func (a *Adapter) LoadPolicy(model *model.Model) error { } // SavePolicy saves all policy rules to the storage. -func (a *Adapter) SavePolicy(model *model.Model) error { +func (a *Adapter) SavePolicy(model model.Model) error { if a.filePath == "" { return errors.New("invalid file path, file path cannot be empty") } @@ -74,7 +74,7 @@ func (a *Adapter) SavePolicy(model *model.Model) error { return a.savePolicyFile(strings.TrimRight(tmp.String(), "\n")) } -func (a *Adapter) loadPolicyFile(model *model.Model, handler func(string, *model.Model)) error { +func (a *Adapter) loadPolicyFile(model model.Model, handler func(string, model.Model)) error { f, err := os.Open(a.filePath) if err != nil { return err diff --git a/persist/file-adapter/adapter_filtered.go b/persist/file-adapter/adapter_filtered.go index 773d86ee..8d55e300 100644 --- a/persist/file-adapter/adapter_filtered.go +++ b/persist/file-adapter/adapter_filtered.go @@ -47,13 +47,13 @@ func NewFilteredAdapter(filePath string) *FilteredAdapter { } // LoadPolicy loads all policy rules from the storage. -func (a *FilteredAdapter) LoadPolicy(model *model.Model) error { +func (a *FilteredAdapter) LoadPolicy(model model.Model) error { a.filtered = false return a.Adapter.LoadPolicy(model) } // LoadFilteredPolicy loads only policy rules that match the filter. -func (a *FilteredAdapter) LoadFilteredPolicy(model *model.Model, filter interface{}) error { +func (a *FilteredAdapter) LoadFilteredPolicy(model model.Model, filter interface{}) error { if filter == nil { return a.LoadPolicy(model) } @@ -72,7 +72,7 @@ func (a *FilteredAdapter) LoadFilteredPolicy(model *model.Model, filter interfac return err } -func (a *FilteredAdapter) loadFilteredPolicyFile(model *model.Model, filter *Filter, handler func(string, *model.Model)) error { +func (a *FilteredAdapter) loadFilteredPolicyFile(model model.Model, filter *Filter, handler func(string, model.Model)) error { f, err := os.Open(a.filePath) if err != nil { return err @@ -98,7 +98,7 @@ func (a *FilteredAdapter) IsFiltered() bool { } // SavePolicy saves all policy rules to the storage. -func (a *FilteredAdapter) SavePolicy(model *model.Model) error { +func (a *FilteredAdapter) SavePolicy(model model.Model) error { if a.filtered { return errors.New("cannot save a filtered policy") } diff --git a/persist/file-adapter/adapter_mock.go b/persist/file-adapter/adapter_mock.go index f85112f5..e16742d5 100644 --- a/persist/file-adapter/adapter_mock.go +++ b/persist/file-adapter/adapter_mock.go @@ -40,17 +40,17 @@ func NewAdapterMock(filePath string) *AdapterMock { } // LoadPolicy loads all policy rules from the storage. -func (a *AdapterMock) LoadPolicy(model *model.Model) error { +func (a *AdapterMock) LoadPolicy(model model.Model) error { err := a.loadPolicyFile(model, persist.LoadPolicyLine) return err } // SavePolicy saves all policy rules to the storage. -func (a *AdapterMock) SavePolicy(model *model.Model) error { +func (a *AdapterMock) SavePolicy(model model.Model) error { return nil } -func (a *AdapterMock) loadPolicyFile(model *model.Model, handler func(string, *model.Model)) error { +func (a *AdapterMock) loadPolicyFile(model model.Model, handler func(string, model.Model)) error { f, err := os.Open(a.filePath) if err != nil { return err diff --git a/persist/watcher_ex.go b/persist/watcher_ex.go index e35e68f8..cebaa857 100644 --- a/persist/watcher_ex.go +++ b/persist/watcher_ex.go @@ -30,5 +30,5 @@ type WatcherEx interface { UpdateForRemoveFilteredPolicy(fieldIndex int, fieldValues ...string) error // UpdateForSavePolicy calls the update callback of other instances to synchronize their policy. // It is called after Enforcer.RemoveFilteredNamedGroupingPolicy() - UpdateForSavePolicy(model *model.Model) error + UpdateForSavePolicy(model model.Model) error }