feat: Update to latest node-casbin version and improve API support (#169

) * Updates to latest node-casbin version Improves Casbin API support * fix typos in JSDoc comments
node-casbin · Jul 3, 2024 · a3ab9d3 · a3ab9d3
1 parent 44f9626
commit a3ab9d3
Show file tree

Hide file tree

Showing 4 changed files with 1,857 additions and 1,390 deletions.
diff --git a/jest.config.js b/jest.config.js
@@ -68,7 +68,9 @@ module.exports = {
   moduleFileExtensions: ['ts', 'tsx', 'js'],
 
   // A map from regular expressions to module names that allow to stub out resources with a single module
-  // moduleNameMapper: {},
+  moduleNameMapper: {
+    'csv-parse': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs',
+  },
 
   // An array of regexp pattern strings, matched against all module paths before considered 'visible' to the module loader
   // modulePathIgnorePatterns: [],

diff --git a/package.json b/package.json
@@ -27,7 +27,7 @@
   "author": "dreamdevil00",
   "license": "MIT",
   "dependencies": {
-    "casbin": "^5.11.1"
+    "casbin": "^5.30.0"
   },
   "devDependencies": {
     "@nestjs/common": "^9.0.3",

diff --git a/src/services/authz-management.service.ts b/src/services/authz-management.service.ts
@@ -12,6 +12,66 @@ export class AuthZManagementService {
     public readonly enforcer: casbin.Enforcer
   ) {}
 
+  /**
+   * enforce decides whether a "subject" can access a "object" with the operation "action"
+   *
+   * @param params the request parameters, usually (sub, obj, act)
+   *
+   * @return whether or not the request is allowed
+   */
+  enforce(...params: string[]): Promise<boolean> {
+    return this.enforcer.enforce(params);
+  }
+
+  /**
+   * enforceWithMatcher uses a custom matcher to decides whether a "subject" can access a "object" with the operation "action"
+   *
+   * @param matcher the matcher statement to use
+   * @param params the request parameters, usually (sub, obj, act)
+   *
+   * @return whether or not the request is allowed
+   */
+  enforceWithMatcher(matcher: string, ...params: string[]): Promise<boolean> {
+    return this.enforcer.enforceWithMatcher(matcher, params);
+  }
+
+  /**
+   * enforceEx explains enforcement by returning matched rules.
+   *
+   * @param params the request parameters, usually (sub, obj, act)
+   *
+   * @return whether or not the request is allowed, and what policy caused that decision
+   */
+  enforceEx(...params: string[]): Promise<[boolean, string[]]> {
+    return this.enforcer.enforceEx(params);
+  }
+
+  /**
+   * enforceExWithMatcher uses a custom matcher and explains enforcement by returning matched rules.
+   *
+   * @param matcher the matcher statement to use
+   * @param params the request parameters, usually (sub, obj, act)
+   *
+   * @return whether or not the request is allowed, and what policy caused that decision
+   */
+  enforceExWithMatcher(
+    matcher: string,
+    ...params: string[]
+  ): Promise<[boolean, string[]]> {
+    return this.enforcer.enforceExWithMatcher(matcher, params);
+  }
+
+  /**
+   * batchEnforce enforces each request and returns result in a bool array
+   *
+   * @param params the request parameters, usually (sub, obj, act)
+   *
+   * @return an array with the enforcement results for each given request
+   */
+  batchEnforce(params: string[][]): Promise<boolean[]> {
+    return this.enforcer.batchEnforce(params);
+  }
+
   /**
    * getAllSubjects gets the list of subjects that show up in the current policy.
    *
@@ -537,4 +597,35 @@ export class AuthZManagementService {
   loadPolicy(): Promise<void> {
     return this.enforcer.loadPolicy();
   }
+
+  /**
+   * updateGroupingPolicy updates a role inheritance rule from the current policy.
+   * If the rule not exists, the function returns false.
+   * Otherwise the function returns true by changing it to the new rule.
+   *
+   * @param oldRule the role inheritance rule will be remove
+   * @param newRule the role inheritance rule will be added
+   * @return succeeds or not.
+   */
+  updateGroupingPolicy(oldRule: string[], newRule: string[]): Promise<boolean> {
+    return this.enforcer.updateGroupingPolicy(oldRule, newRule);
+  }
+
+  /**
+   * updateNamedGroupingPolicy updates a named role inheritance rule from the current policy.
+   * If the rule not exists, the function returns false.
+   * Otherwise the function returns true by changing it to the new rule.
+   *
+   * @param ptype the policy type, can be "g", "g2", "g3", ..
+   * @param oldRule the role inheritance rule will be remove
+   * @param newRule the role inheritance rule will be added
+   * @return succeeds or not.
+   */
+  updateNamedGroupingPolicy(
+    ptype: string,
+    oldRule: string[],
+    newRule: string[]
+  ): Promise<boolean> {
+    return this.enforcer.updateNamedGroupingPolicy(ptype, oldRule, newRule);
+  }
 }