|
1 | 1 | use casbin::prelude::*;
|
2 |
| -use clap::Parser; |
| 2 | +use clap::{CommandFactory, Parser, Subcommand}; |
3 | 3 | use serde_json::json;
|
4 | 4 |
|
5 |
| -#[derive(Parser, Debug)] |
| 5 | +#[derive(Parser, Debug, Clone)] |
6 | 6 | #[command(author, version, about, long_about)]
|
7 | 7 | struct Args {
|
8 | 8 | /// The command to execute
|
9 |
| - #[arg(value_enum)] |
| 9 | + #[command(subcommand)] |
10 | 10 | command: Cmd,
|
11 |
| - |
12 |
| - /// The path of the model file or model text |
13 |
| - #[arg(short, long)] |
14 |
| - model: String, |
15 |
| - |
16 |
| - /// The path of the policy file or policy text |
17 |
| - #[arg(short, long)] |
18 |
| - policy: String, |
19 |
| - |
20 |
| - /// The arguments for the enforcer |
21 |
| - command_args: Vec<String>, |
22 | 11 | }
|
23 | 12 |
|
24 |
| -#[derive(Debug, Clone, clap::ValueEnum)] |
| 13 | +#[derive(Subcommand, Debug, Clone)] |
25 | 14 | #[clap(rename_all = "camelCase")]
|
26 | 15 | pub enum Cmd {
|
| 16 | + /// Generate the autocompletion script for the specified shell |
| 17 | + Completion { |
| 18 | + /// The shell to generate the completions for |
| 19 | + #[arg(value_enum)] |
| 20 | + shell: clap_complete_command::Shell, |
| 21 | + }, |
27 | 22 | /// Check permissions
|
28 |
| - Enforce, |
29 |
| - // /// Check permissions and get which policy it is |
30 |
| - // EnforceEx, |
| 23 | + Enforce { |
| 24 | + /// The path of the model file or model text |
| 25 | + #[arg(short, long)] |
| 26 | + model: String, |
| 27 | + |
| 28 | + /// The path of the policy file or policy text |
| 29 | + #[arg(short, long)] |
| 30 | + policy: String, |
| 31 | + |
| 32 | + /// The arguments for the enforcer |
| 33 | + command_args: Vec<String>, |
| 34 | + }, |
| 35 | + /// Check permissions and get which policy it is |
| 36 | + EnforceEx { |
| 37 | + /// The path of the model file or model text |
| 38 | + #[arg(short, long)] |
| 39 | + model: String, |
| 40 | + |
| 41 | + /// The path of the policy file or policy text |
| 42 | + #[arg(short, long)] |
| 43 | + policy: String, |
| 44 | + |
| 45 | + /// The arguments for the enforcer |
| 46 | + command_args: Vec<String>, |
| 47 | + }, |
31 | 48 | }
|
32 | 49 |
|
33 | 50 | #[tokio::main]
|
34 | 51 | async fn main() {
|
35 | 52 | let args = Args::parse();
|
36 | 53 |
|
37 |
| - let model = DefaultModel::from_file(args.model) |
| 54 | + match args.command { |
| 55 | + Cmd::Enforce { |
| 56 | + model, |
| 57 | + policy, |
| 58 | + command_args, |
| 59 | + } => { |
| 60 | + let model = DefaultModel::from_file(model) |
| 61 | + .await |
| 62 | + .expect("failed to load model"); |
| 63 | + let adapter = FileAdapter::new(policy); |
| 64 | + |
| 65 | + let e = Enforcer::new(model, adapter) |
| 66 | + .await |
| 67 | + .expect("failed to create enforcer"); |
| 68 | + |
| 69 | + let allow = e.enforce(command_args).expect("failed to enforce"); |
| 70 | + |
| 71 | + let response = json!({ |
| 72 | + "allow": allow, |
| 73 | + "explain": Vec::<String>::new(), |
| 74 | + }); |
| 75 | + |
| 76 | + println!("{}", response); |
| 77 | + } |
| 78 | + Cmd::EnforceEx { |
| 79 | + model, |
| 80 | + policy, |
| 81 | + command_args, |
| 82 | + } => { |
| 83 | + let model = DefaultModel::from_file(model) |
| 84 | + .await |
| 85 | + .expect("failed to load model"); |
| 86 | + let adapter = FileAdapter::new(policy); |
| 87 | + |
| 88 | + let e = Enforcer::new(model, adapter) |
| 89 | + .await |
| 90 | + .expect("failed to create enforcer"); |
| 91 | + |
| 92 | + let (allow, explain) = e.enforce_ex(command_args).expect("failed to enforce"); |
| 93 | + |
| 94 | + let response = json!({ |
| 95 | + "allow": allow, |
| 96 | + "explain": explain.first().unwrap_or(&Vec::<String>::new()), |
| 97 | + }); |
| 98 | + |
| 99 | + println!("{}", response); |
| 100 | + } |
| 101 | + Cmd::Completion { shell } => { |
| 102 | + shell.generate(&mut Args::command(), &mut std::io::stdout()); |
| 103 | + } |
| 104 | + }; |
| 105 | +} |
| 106 | + |
| 107 | +#[tokio::test] |
| 108 | +async fn test_enforce() { |
| 109 | + let model = DefaultModel::from_file("examples/basic_model.conf".to_owned()) |
38 | 110 | .await
|
39 | 111 | .expect("failed to load model");
|
40 |
| - let adapter = FileAdapter::new(args.policy); |
| 112 | + let adapter = FileAdapter::new("examples/basic_policy.csv".to_owned()); |
41 | 113 |
|
42 | 114 | let e = Enforcer::new(model, adapter)
|
43 | 115 | .await
|
44 | 116 | .expect("failed to create enforcer");
|
45 |
| - let allow = e.enforce(args.command_args).expect("failed to enforce"); |
| 117 | + |
| 118 | + let allow = e |
| 119 | + .enforce(vec![ |
| 120 | + "alice".to_owned(), |
| 121 | + "data1".to_owned(), |
| 122 | + "read".to_owned(), |
| 123 | + ]) |
| 124 | + .expect("failed to enforce"); |
46 | 125 |
|
47 | 126 | let response = json!({
|
48 | 127 | "allow": allow,
|
49 | 128 | "explain": Vec::<String>::new(),
|
50 | 129 | });
|
51 | 130 |
|
52 |
| - println!("{}", response); |
| 131 | + let expected = json!({ |
| 132 | + "allow": true, |
| 133 | + "explain": [], |
| 134 | + }); |
| 135 | + |
| 136 | + assert_eq!(response, expected); |
53 | 137 | }
|
54 | 138 |
|
55 | 139 | #[tokio::test]
|
56 |
| -async fn test_enforce() { |
57 |
| - let args = Args { |
58 |
| - command: Cmd::Enforce, |
59 |
| - model: "examples/basic_model.conf".to_owned(), |
60 |
| - policy: "examples/basic_policy.csv".to_owned(), |
61 |
| - command_args: vec!["alice".to_owned(), "data1".to_owned(), "read".to_owned()], |
62 |
| - }; |
63 |
| - |
64 |
| - let model = DefaultModel::from_file(args.model) |
| 140 | +async fn test_enforce_explain() { |
| 141 | + let model = DefaultModel::from_file("examples/basic_model.conf".to_owned()) |
65 | 142 | .await
|
66 | 143 | .expect("failed to load model");
|
67 |
| - let adapter = FileAdapter::new(args.policy); |
| 144 | + let adapter = FileAdapter::new("examples/basic_policy.csv".to_owned()); |
68 | 145 |
|
69 | 146 | let e = Enforcer::new(model, adapter)
|
70 | 147 | .await
|
71 | 148 | .expect("failed to create enforcer");
|
72 |
| - let allow = e.enforce(args.command_args).expect("failed to enforce"); |
| 149 | + |
| 150 | + let (allow, explain) = e |
| 151 | + .enforce_ex(vec![ |
| 152 | + "alice".to_owned(), |
| 153 | + "data1".to_owned(), |
| 154 | + "read".to_owned(), |
| 155 | + ]) |
| 156 | + .expect("failed to enforce"); |
73 | 157 |
|
74 | 158 | let response = json!({
|
75 | 159 | "allow": allow,
|
76 |
| - "explain": Vec::<String>::new(), |
| 160 | + "explain": explain.first().unwrap_or(&Vec::<String>::new()), |
77 | 161 | });
|
78 | 162 |
|
79 | 163 | let expected = json!({
|
80 | 164 | "allow": true,
|
81 |
| - "explain": [], |
| 165 | + "explain": ["alice", "data1", "read"], |
82 | 166 | });
|
83 | 167 |
|
84 | 168 | assert_eq!(response, expected);
|
|
0 commit comments