From 8896cdb897ec75396b525afc0f574d5dea4137d4 Mon Sep 17 00:00:00 2001 From: Shiva953 Date: Sun, 5 Nov 2023 20:26:20 +0530 Subject: [PATCH 1/2] (feat) : Add support for JSON request parsing in Enforcer Signed-off-by: Shiva953 --- src/enforcer.ts | 10 ++++++++++ test/enforcer.test.ts | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/src/enforcer.ts b/src/enforcer.ts index 832aa7f..4ae929b 100644 --- a/src/enforcer.ts +++ b/src/enforcer.ts @@ -23,6 +23,7 @@ import { FieldIndex } from './constants'; * Enforcer = ManagementEnforcer + RBAC API. */ export class Enforcer extends ManagementEnforcer { + private acceptJsonRequest = false; /** * initWithFile initializes an enforcer with a model file and a policy file. * @param modelPath model file path @@ -439,6 +440,15 @@ export class Enforcer extends ManagementEnforcer { return this.getUsersForRole(name, domain); } + /** + * Enable or disable accepting JSON requests for ABAC. + * @param enable Whether to enable or disable accepting JSON requests. + */ + public enableAcceptJsonRequest(enable: boolean): void { + this.acceptJsonRequest = enable; + } + + /** * getImplicitUsersForPermission gets implicit users for a permission. * For example: diff --git a/test/enforcer.test.ts b/test/enforcer.test.ts index a09c863..23bcd05 100644 --- a/test/enforcer.test.ts +++ b/test/enforcer.test.ts @@ -393,6 +393,38 @@ test('TestInitWithAdapter', async () => { await testEnforce(e, 'bob', 'data2', 'write', true); }); +test('TestEnableAcceptJsonRequest', async () => { + const m = newModel(); + const a = new FileAdapter('examples/keymatch_policy.csv'); + const e = await newEnforcer(m, a); + + // Enable JSON request parsing + e.enableAcceptJsonRequest(true); + + // Testing with JSON request + const requestJson = '{"sub": "alice", "obj": "/alice_data/resource1", "act": "GET"}'; + await testEnforce(e, JSON.parse(requestJson), '/alice_data/resource1', 'GET', true); + await testEnforce(e, JSON.parse(requestJson), '/alice_data/resource1', 'POST', true); + await testEnforce(e, JSON.parse(requestJson), '/alice_data/resource2', 'GET', true); + await testEnforce(e, JSON.parse(requestJson), '/alice_data/resource2', 'POST', false); + await testEnforce(e, JSON.parse(requestJson), '/bob_data/resource1', 'GET', false); + await testEnforce(e, JSON.parse(requestJson), '/bob_data/resource1', 'POST', false); + await testEnforce(e, JSON.parse(requestJson), '/bob_data/resource2', 'GET', false); + await testEnforce(e, JSON.parse(requestJson), '/bob_data/resource2', 'POST', false); + + // Disabling JSON request parsing + e.enableAcceptJsonRequest(false); + + await testEnforce(e, 'alice', '/alice_data/resource1', 'GET', true); + await testEnforce(e, 'alice', '/alice_data/resource1', 'POST', true); + await testEnforce(e, 'alice', '/alice_data/resource2', 'GET', true); + await testEnforce(e, 'alice', '/alice_data/resource2', 'POST', false); + await testEnforce(e, 'alice', '/bob_data/resource1', 'GET', false); + await testEnforce(e, 'alice', '/bob_data/resource1', 'POST', false); + await testEnforce(e, 'alice', '/bob_data/resource2', 'GET', false); + await testEnforce(e, 'alice', '/bob_data/resource2', 'POST', false); +}); + test('TestInitWithStringAdapter', async () => { const policy = readFileSync('examples/basic_policy.csv').toString(); const adapter = new StringAdapter(policy); From 851b4e7bc8c5e48c84a5272a5d84cef1a7a2e55b Mon Sep 17 00:00:00 2001 From: Shiva953 Date: Mon, 6 Nov 2023 09:29:39 +0530 Subject: [PATCH 2/2] fixed CI and linting errors Signed-off-by: Shiva953 --- src/enforcer.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/enforcer.ts b/src/enforcer.ts index 4ae929b..659aea0 100644 --- a/src/enforcer.ts +++ b/src/enforcer.ts @@ -448,7 +448,6 @@ export class Enforcer extends ManagementEnforcer { this.acceptJsonRequest = enable; } - /** * getImplicitUsersForPermission gets implicit users for a permission. * For example: