Skip to content

Commit cc34db6

Browse files
Chimou0Chimou0
authored
feat: add add_grouping_policies_ex and add_named_grouping_policies_ex APIs (#392)
1 parent daf3827 commit cc34db6

4 files changed

Lines changed: 64 additions & 0 deletions

File tree

casbin/management_enforcer.py

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -240,6 +240,14 @@ def add_grouping_policies(self, rules):
240240
"""
241241
return self.add_named_grouping_policies("g", rules)
242242

243+
def add_grouping_policies_ex(self, rules):
244+
"""add_grouping_policies_ex adds role inheritance rules to the current policy.
245+
246+
If the rule already exists, the rule will not be added.
247+
But unlike add_grouping_policies, other non-existent rules are added instead of returning false directly.
248+
"""
249+
return self.add_named_grouping_policies_ex("g", rules)
250+
243251
def add_named_grouping_policy(self, ptype, *params):
244252
"""adds a named role inheritance rule to the current policy.
245253
@@ -275,6 +283,18 @@ def add_named_grouping_policies(self, ptype, rules):
275283

276284
return rules_added
277285

286+
def add_named_grouping_policies_ex(self, ptype, rules):
287+
"""add_named_grouping_policies_ex adds role inheritance rules to the current policy.
288+
289+
If the rule already exists, the rule will not be added.
290+
But unlike add_named_grouping_policies, other non-existent rules are added instead of returning false directly.
291+
"""
292+
rules_added = self._add_policies_ex("g", ptype, rules)
293+
if rules_added and self.auto_build_role_links:
294+
self.model.build_incremental_role_links(self.rm_map[ptype], PolicyOp.Policy_add, "g", ptype, rules)
295+
296+
return rules_added
297+
278298
def remove_grouping_policy(self, *params):
279299
"""removes a role inheritance rule from the current policy."""
280300
return self.remove_named_grouping_policy("g", *params)

casbin/persist/adapters/file_adapter.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,9 @@ def add_policy(self, sec, ptype, rule):
7272
def add_policies(self, sec, ptype, rules):
7373
pass
7474

75+
def add_policies_ex(self, sec, ptype, rules):
76+
pass
77+
7578
def remove_policy(self, sec, ptype, rule):
7679
pass
7780

casbin/synced_enforcer.py

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -645,6 +645,15 @@ def add_grouping_policies(self, rules):
645645
with self._wl:
646646
return self._e.add_grouping_policies(rules)
647647

648+
def add_grouping_policies_ex(self, rules):
649+
"""add_grouping_policies_ex adds role inheritance rules to the current policy.
650+
651+
If the rule already exists, the rule will not be added.
652+
But unlike add_grouping_policies, other non-existent rules are added instead of returning false directly.
653+
"""
654+
with self._wl:
655+
return self._e.add_grouping_policies_ex(rules)
656+
648657
def add_named_grouping_policies(self, ptype, rules):
649658
""" "adds named role inheritance rules to the current policy.
650659
@@ -653,6 +662,15 @@ def add_named_grouping_policies(self, ptype, rules):
653662
with self._wl:
654663
return self._e.add_named_grouping_policies(ptype, rules)
655664

665+
def add_named_grouping_policies_ex(self, ptype, rules):
666+
"""add_named_grouping_policies_ex adds role inheritance rules to the current named policy.
667+
668+
If the rule already exists, the rule will not be added.
669+
But unlike add_named_grouping_policies, other non-existent rules are added instead of returning false directly.
670+
"""
671+
with self._wl:
672+
return self._e.add_named_grouping_policies_ex(ptype, rules)
673+
656674
def remove_grouping_policies(self, rules):
657675
"""removes role inheritance rules from the current policy."""
658676
with self._wl:

tests/test_management_api.py

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -336,6 +336,29 @@ def test_modify_policy_api(self):
336336
[["user1", "data1", "read"], ["user2", "data2", "read"], ["user3", "data3", "read"]],
337337
)
338338

339+
def test_modify_grouping_policy_api(self):
340+
e = self.get_enforcer(
341+
get_examples("rbac_model.conf"),
342+
get_examples("rbac_policy.csv"),
343+
# True,
344+
)
345+
e.clear_policy()
346+
e.add_grouping_policies_ex([["user1", "member"]])
347+
self.assertCountEqual(
348+
e.get_users_for_role("member"),
349+
["user1"],
350+
)
351+
e.add_grouping_policies_ex([["user1", "member"], ["user2", "member"]])
352+
self.assertCountEqual(
353+
e.get_users_for_role("member"),
354+
["user1", "user2"],
355+
)
356+
e.add_named_grouping_policies_ex("g", [["user1", "member"], ["user2", "member"], ["user3", "member"]])
357+
self.assertCountEqual(
358+
e.get_users_for_role("member"),
359+
["user1", "user2", "user3"],
360+
)
361+
339362

340363
class TestManagementApiSynced(TestManagementApi):
341364
def get_enforcer(self, model=None, adapter=None):

0 commit comments

Comments
 (0)