diff --git a/NetCasbin.UnitTest/ModelTests/ModelTest.cs b/NetCasbin.UnitTest/ModelTests/ModelTest.cs
index fc052ce4..29c83d18 100644
--- a/NetCasbin.UnitTest/ModelTests/ModelTest.cs
+++ b/NetCasbin.UnitTest/ModelTests/ModelTest.cs
@@ -568,7 +568,7 @@ public void TestMultipleTypeModel()
e.BuildRoleLinks();
// Use default types
- EnforceContext context = e.CreatContext();
+ EnforceContext context = e.CreateContext();
Assert.True(e.Enforce(context, "alice", "data1", "read"));
Assert.False(e.Enforce(context, "alice", "data1", "write"));
@@ -577,7 +577,7 @@ public void TestMultipleTypeModel()
Assert.False(e.Enforce(context, "bob", "data2", "write"));
// Use r2 p2 and m2 type
- context = e.CreatContext
+ context = e.CreateContext
(
PermConstants.RequestType2,
PermConstants.PolicyType2,
@@ -592,7 +592,7 @@ public void TestMultipleTypeModel()
Assert.False(e.Enforce(context, "bob", "domain1", "data1", "write"));
// Use r3 p3 and m3 type
- context = e.CreatContext
+ context = e.CreateContext
(
PermConstants.RequestType3,
PermConstants.PolicyType3,
diff --git a/NetCasbin/Abstractions/IEnforcer.cs b/NetCasbin/Abstractions/IEnforcer.cs
index e3338866..f58b7f12 100644
--- a/NetCasbin/Abstractions/IEnforcer.cs
+++ b/NetCasbin/Abstractions/IEnforcer.cs
@@ -46,15 +46,17 @@ public interface IEnforcer
/// Decides whether a "subject" can access a "object" with the operation
/// "action", input parameters are usually: (sub, obj, act).
///
+ ///
/// The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.
/// Whether to allow the request.
public bool Enforce(in EnforceContext context, params object[] requestValues);
-
+
///
/// Decides whether a "subject" can access a "object" with the operation
/// "action", input parameters are usually: (sub, obj, act).
///
+ ///
/// The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.
/// Whether to allow the request.
diff --git a/NetCasbin/EnforceContext.cs b/NetCasbin/EnforceContext.cs
index fa50949b..3fdeb179 100644
--- a/NetCasbin/EnforceContext.cs
+++ b/NetCasbin/EnforceContext.cs
@@ -7,8 +7,7 @@ namespace Casbin
public readonly struct EnforceContext
{
public EnforceContext(
- Assertion requestAssertion, Assertion policyAssertion,
- IReadOnlyList> policies,
+ IReadOnlyAssertion requestAssertion, IReadOnlyAssertion policyAssertion,
string effect, string matcher,
bool hasEval, bool explain)
{
@@ -58,7 +57,6 @@ public static EnforceContext Create(
(
requestAssertion: requestAssertion,
policyAssertion: policyAssertion,
- policies: policyAssertion.Policy,
effect: model.GetRequiredAssertion(PermConstants.Section.PolicyEffectSection, effectType).Value,
matcher: matcher,
hasEval: hasEval,
@@ -66,9 +64,9 @@ public static EnforceContext Create(
);
}
- public static EnforceContext CreatWithMatcher(IEnforcer enforcer, string matcher, bool explain)
+ public static EnforceContext CreateWithMatcher(IEnforcer enforcer, string matcher, bool explain)
{
- return CreatWithMatcher(
+ return CreateWithMatcher(
enforcer,
matcher,
PermConstants.DefaultRequestType,
@@ -77,7 +75,7 @@ public static EnforceContext CreatWithMatcher(IEnforcer enforcer, string matcher
explain);
}
- public static EnforceContext CreatWithMatcher(
+ public static EnforceContext CreateWithMatcher(
IEnforcer enforcer,
string matcher,
string requestType = PermConstants.DefaultRequestType,
@@ -94,7 +92,6 @@ public static EnforceContext CreatWithMatcher(
(
requestAssertion: requestAssertion,
policyAssertion: policyAssertion,
- policies: policyAssertion.Policy,
effect: model.GetRequiredAssertion(PermConstants.Section.PolicyEffectSection, effectType).Value,
matcher: matcher,
hasEval: hasEval,
diff --git a/NetCasbin/EnforceSession.cs b/NetCasbin/EnforceSession.cs
index 1d7f578b..2a65ad87 100644
--- a/NetCasbin/EnforceSession.cs
+++ b/NetCasbin/EnforceSession.cs
@@ -23,7 +23,7 @@ internal struct EnforceSession
internal bool ExpressionResult { get; set; }
internal bool IsChainEffector { get; set; }
- internal IEffectChain effectChain { get; set; }
+ internal IEffectChain EffectChain { get; set; }
internal bool HasPriority { get; set; }
internal int PriorityIndex { get; set; }
diff --git a/NetCasbin/Enforcer.cs b/NetCasbin/Enforcer.cs
index 3e8c891e..49740926 100644
--- a/NetCasbin/Enforcer.cs
+++ b/NetCasbin/Enforcer.cs
@@ -75,7 +75,7 @@ public IReadOnlyAdapter Adapter
}
public IWatcher Watcher { get; set; }
public IRoleManager RoleManager { get; set; } = new DefaultRoleManager(10);
- public IEnforceCache EnforceCache { get; set; }
+ public IEnforceCache EnforceCache { get; set; } = new ReaderWriterEnforceCache(new ReaderWriterEnforceCacheOptions());
public IExpressionHandler ExpressionHandler { get; set; }
#if !NET45
public ILogger Logger { get; set; }
@@ -86,11 +86,11 @@ public IReadOnlyAdapter Adapter
public bool IsFiltered => Adapter is IFilteredAdapter {IsFiltered: true};
#region Enforce method
-
///
/// Decides whether a "subject" can access a "object" with the operation
/// "action", input parameters are usually: (sub, obj, act).
///
+ /// Enforce context include all status on enforcing
/// The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.
/// Whether to allow the request.
@@ -112,7 +112,6 @@ public bool Enforce(in EnforceContext context, params object[] requestValues)
}
string key = string.Join("$$", requestValues);
- EnforceCache ??= new ReaderWriterEnforceCache(new ReaderWriterEnforceCacheOptions());
if (EnforceCache.TryGetResult(requestValues, key, out bool cachedResult))
{
#if !NET45
@@ -122,9 +121,7 @@ public bool Enforce(in EnforceContext context, params object[] requestValues)
}
bool result = InternalEnforce(context, PolicyManager, requestValues);
- EnforceCache ??= new ReaderWriterEnforceCache(new ReaderWriterEnforceCacheOptions());
EnforceCache.TrySetResult(requestValues, key, result);
-
#if !NET45
LogEnforceResult(context, requestValues, result);
#endif
@@ -135,6 +132,7 @@ public bool Enforce(in EnforceContext context, params object[] requestValues)
/// Decides whether a "subject" can access a "object" with the operation
/// "action", input parameters are usually: (sub, obj, act).
///
+ /// Enforce context
/// The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.
/// Whether to allow the request.
@@ -262,14 +260,14 @@ private ref EnforceSession HandleInitialRequest(in EnforceContext context, ref E
if (session.IsChainEffector)
{
- session.effectChain = chainEffector.CreateChain(context.Effect);
+ session.EffectChain = chainEffector.CreateChain(context.Effect);
}
else
{
session.PolicyEffects = new PolicyEffect[session.PolicyCount];
}
- session.EffectExpressionType = session.effectChain?.EffectExpressionType ?? DefaultEffector.ParseEffectExpressionType(session.ExpressionString);
+ session.EffectExpressionType = session.EffectChain?.EffectExpressionType ?? DefaultEffector.ParseEffectExpressionType(session.ExpressionString);
session.HasPriority = context.PolicyAssertion.TryGetTokenIndex("priority", out int priorityIndex);
session.PriorityIndex = priorityIndex;
return ref session;
@@ -277,7 +275,7 @@ private ref EnforceSession HandleInitialRequest(in EnforceContext context, ref E
private ref EnforceSession HandleBeforeExpression(in EnforceContext context, ref EnforceSession session)
{
- IEffectChain effectChain = session.effectChain;
+ IEffectChain effectChain = session.EffectChain;
int policyTokenCount = context.PolicyAssertion.Tokens.Count;
if (session.PolicyCount is 0)
@@ -373,13 +371,12 @@ private static ref EnforceSession HandleExpressionResult(in EnforceContext conte
private static ref EnforceSession HandleExpressionResult(in EnforceContext context, ref EnforceSession session)
{
- IEffectChain effectChain = session.effectChain;
+ IEffectChain effectChain = session.EffectChain;
PolicyEffect nowEffect;
if (session.PolicyCount is 0)
{
nowEffect = GetEffect(session.ExpressionResult);
-
if (effectChain.TryChain(nowEffect))
{
session.DetermineResult(effectChain.Result);
diff --git a/NetCasbin/Extensions/Enforcer/EnforcerExtension.cs b/NetCasbin/Extensions/Enforcer/EnforcerExtension.cs
index bedd0f3a..c00aecdb 100644
--- a/NetCasbin/Extensions/Enforcer/EnforcerExtension.cs
+++ b/NetCasbin/Extensions/Enforcer/EnforcerExtension.cs
@@ -405,12 +405,12 @@ public static Enforcer AddNamedDomainMatchingFunc(this Enforcer enforcer, string
#endregion
#region Enforce Cotext
- public static EnforceContext CreatContext(this IEnforcer enforcer, bool explain)
+ public static EnforceContext CreateContext(this IEnforcer enforcer, bool explain)
{
return EnforceContext.Create(enforcer, explain);
}
- public static EnforceContext CreatContext(this IEnforcer enforcer,
+ public static EnforceContext CreateContext(this IEnforcer enforcer,
string requestType = PermConstants.DefaultRequestType,
string policyType = PermConstants.DefaultPolicyType,
string effectType = PermConstants.DefaultPolicyEffectType,
@@ -420,50 +420,54 @@ public static EnforceContext CreatContext(this IEnforcer enforcer,
return EnforceContext.Create(enforcer, requestType, policyType, effectType, matcherType, explain);
}
- public static EnforceContext CreatContextWithMatcher(this IEnforcer enforcer, string matcher, bool explain)
+ public static EnforceContext CreateContextWithMatcher(this IEnforcer enforcer, string matcher, bool explain)
{
- return EnforceContext.CreatWithMatcher(enforcer, matcher, explain);
+ return EnforceContext.CreateWithMatcher(enforcer, matcher, explain);
}
- public static EnforceContext CreatContextWithMatcher(this IEnforcer enforcer,
+ public static EnforceContext CreateContextWithMatcher(this IEnforcer enforcer,
string matcher,
string requestType = PermConstants.DefaultRequestType,
string policyType = PermConstants.DefaultPolicyType,
string effectType = PermConstants.DefaultPolicyEffectType,
bool explain = false)
{
- return EnforceContext.CreatWithMatcher(enforcer, matcher, requestType, policyType, effectType, explain);
+ return EnforceContext.CreateWithMatcher(enforcer, matcher, requestType, policyType, effectType, explain);
}
#endregion
#region Enforce extensions
+
///
/// Explains enforcement by informing matched rules
///
+ /// The enforce instance
/// The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.
/// Whether to allow the request and explains.
public static bool Enforce(this IEnforcer enforcer, params object[] requestValues)
{
- EnforceContext context = enforcer.CreatContext();
+ EnforceContext context = enforcer.CreateContext();
return enforcer.Enforce(context, requestValues);
}
///
/// Explains enforcement by informing matched rules
///
+ /// The enforce instance
/// The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.
/// Whether to allow the request and explains.
public static Task EnforceAsync(this IEnforcer enforcer, params object[] requestValues)
{
- EnforceContext context = enforcer.CreatContext();
+ EnforceContext context = enforcer.CreateContext();
return enforcer.EnforceAsync(context, requestValues);
}
///
/// Explains enforcement by informing matched rules
///
+ /// The enforce instance
/// The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.
/// Whether to allow the request and explains.
@@ -471,14 +475,14 @@ public static Task EnforceAsync(this IEnforcer enforcer, params object[] r
public static (bool Result, IEnumerable> Explains)
EnforceEx(this IEnforcer enforcer, params object[] requestValues)
{
- EnforceContext context = enforcer.CreatContext(true);
+ EnforceContext context = enforcer.CreateContext(true);
return (enforcer.Enforce(context, requestValues), context.Explanations);
}
#else
public static Tuple>>
EnforceEx(this IEnforcer enforcer, params object[] requestValues)
{
- EnforceContext context = enforcer.CreatContext(true);
+ EnforceContext context = enforcer.CreateContext(true);
bool result = enforcer.Enforce(context, requestValues);
return new Tuple>>(result, context.Explanations);
}
@@ -487,21 +491,22 @@ public static Tuple>>
///
/// Explains enforcement by informing matched rules
///
+ /// The enforce instance
/// The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.
/// Whether to allow the request and explains.
#if !NET45
- public async static Task<(bool Result, IEnumerable> Explains)>
+ public static async Task<(bool Result, IEnumerable> Explains)>
EnforceExAsync(this IEnforcer enforcer, params object[] requestValues)
{
- EnforceContext context = enforcer.CreatContext(true);
+ EnforceContext context = enforcer.CreateContext(true);
return (await enforcer.EnforceAsync(context, requestValues), context.Explanations);
}
#else
- public async static Task>>>
+ public static async Task>>>
EnforceExAsync(this IEnforcer enforcer, params object[] requestValues)
{
- EnforceContext context = enforcer.CreatContext(true);
+ EnforceContext context = enforcer.CreateContext(true);
bool result = await enforcer.EnforceAsync(context, requestValues);
return new Tuple>>(result, context.Explanations);
}
@@ -511,13 +516,14 @@ public async static Task>>>
/// Decides whether a "subject" can access a "object" with the operation
/// "action", input parameters are usually: (sub, obj, act).
///
+ /// The enforce instance
/// The custom matcher.
/// The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.
/// Whether to allow the request.
public static bool EnforceWithMatcher(this IEnforcer enforcer, string matcher, params object[] requestValues)
{
- EnforceContext context = enforcer.CreatContextWithMatcher(matcher);
+ EnforceContext context = enforcer.CreateContextWithMatcher(matcher);
return enforcer.Enforce(context, requestValues);
}
@@ -525,19 +531,21 @@ public static bool EnforceWithMatcher(this IEnforcer enforcer, string matcher, p
/// Decides whether a "subject" can access a "object" with the operation
/// "action", input parameters are usually: (sub, obj, act).
///
+ /// The enforce instance
/// The custom matcher.
/// The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.
/// Whether to allow the request.
public static Task EnforceWithMatcherAsync(this IEnforcer enforcer, string matcher, params object[] requestValues)
{
- EnforceContext context = enforcer.CreatContextWithMatcher(matcher);
+ EnforceContext context = enforcer.CreateContextWithMatcher(matcher);
return enforcer.EnforceAsync(context, requestValues);
}
///
/// Explains enforcement by informing matched rules
///
+ /// The enforce instance
/// The custom matcher.
/// The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.
@@ -546,14 +554,14 @@ public static Task EnforceWithMatcherAsync(this IEnforcer enforcer, string
public static (bool Result, IEnumerable> Explains)
EnforceExWithMatcher(this IEnforcer enforcer, string matcher, params object[] requestValues)
{
- EnforceContext context = enforcer.CreatContextWithMatcher(matcher, true);
+ EnforceContext context = enforcer.CreateContextWithMatcher(matcher, true);
return (enforcer.Enforce(context, requestValues), context.Explanations);
}
#else
public static Tuple>>
EnforceExWithMatcher(this IEnforcer enforcer, string matcher,params object[] requestValues)
{
- EnforceContext context = enforcer.CreatContextWithMatcher(matcher, true);
+ EnforceContext context = enforcer.CreateContextWithMatcher(matcher, true);
bool result = enforcer.Enforce(context, requestValues);
return new Tuple>>(result, context.Explanations);
}
@@ -562,22 +570,23 @@ public static Tuple>>
///
/// Explains enforcement by informing matched rules
///
+ /// The enforce instance
/// The custom matcher.
/// The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.
/// Whether to allow the request and explains.
#if !NET45
- public async static Task<(bool Result, IEnumerable> Explains)>
+ public static async Task<(bool Result, IEnumerable> Explains)>
EnforceExWithMatcherAsync(this IEnforcer enforcer, string matcher, params object[] requestValues)
{
- EnforceContext context = enforcer.CreatContextWithMatcher(matcher, true);
+ EnforceContext context = enforcer.CreateContextWithMatcher(matcher, true);
return (await enforcer.EnforceAsync(context, requestValues), context.Explanations);
}
#else
- public async static Task>>>
+ public static async Task>>>
EnforceExWithMatcherAsync(this IEnforcer enforcer, string matcher,params object[] requestValues)
{
- EnforceContext context = enforcer.CreatContextWithMatcher(matcher, true);
+ EnforceContext context = enforcer.CreateContextWithMatcher(matcher, true);
bool result = await enforcer.EnforceAsync(context, requestValues);
return new Tuple>>(result, context.Explanations);
}
diff --git a/NetCasbin/Extensions/IPAddressExtension.cs b/NetCasbin/Extensions/IPAddressExtension.cs
index a18cb5df..76b453bc 100644
--- a/NetCasbin/Extensions/IPAddressExtension.cs
+++ b/NetCasbin/Extensions/IPAddressExtension.cs
@@ -4,6 +4,7 @@
namespace Casbin.Extensions
{
+ // ReSharper disable once InconsistentNaming
public static class IPAddressExtension
{
public static bool Match(this IPAddress matchIpAddress, IPAddress ipAddress, byte matchCidr)
diff --git a/NetCasbin/SyncedEnforcer.cs b/NetCasbin/SyncedEnforcer.cs
index 41b25dda..18f817dd 100644
--- a/NetCasbin/SyncedEnforcer.cs
+++ b/NetCasbin/SyncedEnforcer.cs
@@ -8,23 +8,23 @@ namespace Casbin
{
public static class SyncedEnforcer
{
- public static IEnforcer Create(IReadOnlyAdapter adapter = null)
+ public static IEnforcer Create(IReadOnlyAdapter adapter = null, bool lazyLoadPolicy = false)
{
return new Enforcer(SyncedModel.Create(), adapter);
}
- public static IEnforcer Create(string modelPath, string policyPath)
+ public static IEnforcer Create(string modelPath, string policyPath, bool lazyLoadPolicy = false)
{
return Create(modelPath, new FileAdapter(policyPath));
}
- public static IEnforcer Create(string modelPath, IReadOnlyAdapter adapter = null)
+ public static IEnforcer Create(string modelPath, IReadOnlyAdapter adapter = null, bool lazyLoadPolicy = false)
{
IModel model = DefaultModel.CreateFromFile(modelPath);
return Create(model, adapter);
}
- public static IEnforcer Create(IModel model, IReadOnlyAdapter adapter = null)
+ public static IEnforcer Create(IModel model, IReadOnlyAdapter adapter = null, bool lazyLoadPolicy = false)
{
model = model.ReplacePolicyManager(ReaderWriterPolicyManager.Create());
return DefaultEnforcer.Create(model, adapter);