jkbddlZddlZddlmZddlmZGddZGddZdS)N)Enforcer) RWLockWritecJeZdZdZedZejdZdS) AtomicBoolcDtj|_||_dSN) threadingLock_lock_valueselfvalues `/lsinfo/ai/hellotax_ai/base_platform/venv/lib/python3.11/site-packages/casbin/synced_enforcer.py__init__zAtomicBool.__init__s^%%  cR|j5|jcdddS#1swxYwYdSrr r rs rrzAtomicBool.valuess Z  ;                  s   cT|j5||_ddddS#1swxYwYdSrrr s rrzAtomicBool.value su Z  DK                  s !!N)__name__ __module__ __qualname__rpropertyrsetterrrrrs[X \  \   rrceZdZdZdpdZdZdZdZdZdZ d Z d Z d Z d Z d ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZ d Z!d!Z"d"Z#d#Z$d$Z%d%Z&d&Z'd'Z(d(Z)d)Z*d*Z+d+Z,d,Z-d-Z.d.Z/d/Z0d0Z1d1Z2d2Z3d3Z4d4Z5d5Z6d6Z7d7Z8d8Z9d9Z:d:Z;d;Zd>Z?d?Z@d@ZAdAZBdBZCdCZDdDZEdEZFdFZGdGZHdHZIdIdJdKZJdIdJdLZKdMZLdNZMdOZNdPZOdQZPdRZQdSZRdTZSdUZTdqdVZUdWZVdXZWdYZXdZZYd[ZZd\Z[d]Z\d^Z]d_Z^d`Z_daZ`dbZadcZbddZcdeZddfZedgefdhdifdjZgdkZhdlZidmZjdnZkdoZldS)rSyncedEnforcerzpSyncedEnforcer wraps Enforcer and provides synchronized access. It's also a drop-in replacement for EnforcerNct|||_t|_|j|_|j|_td|_ d|_ dS)NF) r_er_rwlock gen_rlock_rl gen_wlock_wlr _auto_loading_auto_loading_thread)rmodeladapters rrzSyncedEnforcer.__init__+sf5'**"}} <))++<))++'..$(!!!rc|jjS)z0check if SyncedEnforcer is auto loading policies)r&rrs ris_auto_loading_runningz&SyncedEnforcer.is_auto_loading_running3s!''rc4|rtj| |nC#t$r6}|jjt|Yd}~nd}~wwxYw|dSdSr) r+timesleep load_policy Exceptionr loggererrorrepr)rintervales r_auto_load_policyz SyncedEnforcer._auto_load_policy7s**,, . Jx  .  """" . . .$$T!WW-------- . **,, . . . . .s? A? ,A::A?c|rdSd|j_tj|j|gd|_|jdS)zAstarts a thread that will call load_policy every interval secondsNT)targetargsdaemon)r+r&rr Threadr6r'start)rr4s rstart_auto_load_policyz%SyncedEnforcer.start_auto_load_policy?sc  ' ' ) )  F#' $-$4Dv>>> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?rcl|j5|jj||g|RcdddS#1swxYwYdS)z\removes an authorization rule from the current named policy, field filters can be specified.N)r%r remove_filtered_named_policyrs rrz+SyncedEnforcer.remove_filtered_named_policy!s X [ [7477{Z\ZZZ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [rcb|j5|jj|cdddS#1swxYwYdS)z2determines whether a role inheritance rule exists.N)r#r has_grouping_policyrs rrz"SyncedEnforcer.has_grouping_policy&s} X 8 8.47.7 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8rjcj|j5|jj|g|RcdddS#1swxYwYdS)z8determines whether a named role inheritance rule exists.N)r#r has_named_grouping_policyrs rrz(SyncedEnforcer.has_named_grouping_policy+s X E E4474UDVDDD E E E E E E E E E E E E E E E E E Ercb|j5|jj|cdddS#1swxYwYdS)zadds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule. N)r%r add_grouping_policyrs rrz"SyncedEnforcer.add_grouping_policy0s X 8 8.47.7 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8rjcj|j5|jj|g|RcdddS#1swxYwYdS)zadds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule. N)r%r add_named_grouping_policyrs rrz(SyncedEnforcer.add_named_grouping_policy8s X E E4474UDVDDD E E E E E E E E E E E E E E E E E Ercb|j5|jj|cdddS#1swxYwYdS)z8removes a role inheritance rule from the current policy.N)r%r remove_grouping_policyrs rrz%SyncedEnforcer.remove_grouping_policy@s} X ; ;14716: ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;rjcj|j5|jj|g|RcdddS#1swxYwYdS)zXremoves a role inheritance rule from the current policy, field filters can be specified.N)r%r remove_filtered_grouping_policyrs rrz.SyncedEnforcer.remove_filtered_grouping_policyEs X W W:47:;VVVV W W W W W W W W W W W W W W W W W Wrcj|j5|jj|g|RcdddS#1swxYwYdS)z>removes a role inheritance rule from the current named policy.N)r%r remove_named_grouping_policyrs rrz+SyncedEnforcer.remove_named_grouping_policyJs X H H7477GGGG H H H H H H H H H H H H H H H H H Hrcl|j5|jj||g|RcdddS#1swxYwYdS)z^removes a role inheritance rule from the current named policy, field filters can be specified.N)r%r %remove_filtered_named_grouping_policyrs rrz4SyncedEnforcer.remove_filtered_named_grouping_policyOs X d d@47@ cVbccc d d d d d d d d d d d d d d d d d drcz|j5|j||cdddS#1swxYwYdS)zadds a customized function.N)r%r add_function)rnamefuncs rrzSyncedEnforcer.add_functionTs X 4 47''d33 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4rOcx|j5|j|cdddS#1swxYwYdS)zgets the roles that a user has.N)r#r get_roles_for_userrrs rrz!SyncedEnforcer.get_roles_for_user[ X 4 47--d33 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4rFcx|j5|j|cdddS#1swxYwYdS)zgets the users that has a role.N)r#r get_users_for_rolers rrz!SyncedEnforcer.get_users_for_role`rrFcz|j5|j||cdddS#1swxYwYdS)z%determines whether a user has a role.N)r#r has_role_for_user)rrroles rrz SyncedEnforcer.has_role_for_useres X 9 97,,T488 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9rOcz|j5|j||cdddS#1swxYwYdS)zt adds a role for a user. Returns false if the user already has the role (aka not affected). N)r%r add_role_for_userruserrs rrz SyncedEnforcer.add_role_for_userjs X 9 97,,T488 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9rOcz|j5|j||cdddS#1swxYwYdS)zy deletes a role for a user. Returns false if the user does not have the role (aka not affected). N)r%r delete_role_for_userrs rrz#SyncedEnforcer.delete_role_for_userrs X < <7//d;; < < < < < < < < < < < < < < < < < roleName, when fn returns true, Link is valid, otherwise invalidN)r%r add_named_link_condition_func)rrtrrrs rrz,SyncedEnforcer.add_named_link_condition_func2sX I I G 1 1%tR H H H I I I I I I I I I I I I I I I I I Is 377c||j5|j||ddddS#1swxYwYdS)zGadd_named_domain_matching_func add MatchingFunc by ptype to RoleManagerN)r%r add_named_domain_matching_funcrs rrz-SyncedEnforcer.add_named_domain_matching_func8s X > > G 2 25" = = = > > > > > > > > > > > > > > > > > >rc|j5|j|||||ddddS#1swxYwYdS)zAdd condition function fn for Link userName-> {roleName, domain}, when fn returns true, Link is valid, otherwise invalidN)r%r $add_named_domain_link_condition_func)rrtrrrrs rrz3SyncedEnforcer.add_named_domain_link_condition_func=sX X X G 8 8dFTV W W W X X X X X X X X X X X X X X X X X Xs 488cr|j5|jj||||g|RddddS#1swxYwYdS)zVSets the parameters of the condition function fn for Link userName->{roleName, domain}N)r%r +set_named_domain_link_condition_func_params)rrtrrrrs rrz:SyncedEnforcer.set_named_domain_link_condition_func_paramsCs X d d ?DG ?tTSY c\b c c c c d d d d d d d d d d d d d d d d d drcp|j5|jj|||g|RddddS#1swxYwYdS)zLSets the parameters of the condition function fn for Link userName->roleNameN)r%r $set_named_link_condition_func_params)rrtrrrs rrz3SyncedEnforcer.set_named_link_condition_func_paramsHs X U U 8DG 8d TV T T T T U U U U U U U U U U U U U U U U U Urcx|j5|jddddS#1swxYwYdS)z4returns true if the loaded policy has been filtered.N)r#r is_filteredrs rrzSyncedEnforcer.is_filteredMrRrFcx|j5|j|cdddS#1swxYwYdS)aadds authorization rules to the current policy. If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. Otherwise the function returns true for the corresponding rule by adding the new rule. N)r%r add_policiesrruless rr zSyncedEnforcer.add_policiesRs X / /7''.. / / / / / / / / / / / / / / / / / /rFcz|j5|j||cdddS#1swxYwYdS)a adds authorization rules to the current named policy. If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. Otherwise the function returns true for the corresponding by adding the new rule.N)r%r add_named_policiesrrtr"s rr$z!SyncedEnforcer.add_named_policies[s X < <7--eU;; < < < < < < < < < < < < < < < < < > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?rOcx|j5|j|cdddS#1swxYwYdS)a#adds role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule. N)r%r add_grouping_policiesr!s rr+z$SyncedEnforcer.add_grouping_policiesms X 8 870077 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8rFcz|j5|j||cdddS#1swxYwYdS)a" "adds named role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.N)r%r add_named_grouping_policiesr%s rr-z*SyncedEnforcer.add_named_grouping_policiesvs X E E766ueDD E E E E E E E E E E E E E E E E E ErOcx|j5|j|cdddS#1swxYwYdS)z7removes role inheritance rules from the current policy.N)r%r remove_grouping_policiesr!s rr/z'SyncedEnforcer.remove_grouping_policies~s X ; ;733E:: ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;rFcz|j5|j||cdddS#1swxYwYdS)z=removes role inheritance rules from the current named policy.N)r%r remove_named_grouping_policiesr%s rr1z-SyncedEnforcer.remove_named_grouping_policiess X H H799%GG H H H H H H H H H H H H H H H H H HrOc|||d||dS)Ng)rAbuild_incremental_role_linksrJ)roprtr"s rr4z+SyncedEnforcer.build_incremental_role_linkss= 55d6K6K6M6MrSVX]_deeeeersuffixreturnEnforceContextc6|j|Sr)r new_enforce_context)rr6s rr:z"SyncedEnforcer.new_enforce_contextsw**6222rcB|jj||S)z!gets the index of the field name.)r r(get_field_index)rrtfields rr<zSyncedEnforcer.get_field_indexsw},,UE:::rcJ|jjd|}||j|<dS)z!sets the index of the field name.pN)r r(field_index_map)rrtr=index assertions rset_field_indexzSyncedEnforcer.set_field_indexs(GM#&u- +0 !%(((rcx|j5|j|cdddS#1swxYwYdS)zgets all roles associated with the domain. note: Not applicable to Domains with inheritance relationship (implicit roles)N)r#r get_all_roles_by_domain)rrs rrEz&SyncedEnforcer.get_all_roles_by_domainsX ; ;7226:: ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;rFcx|j5|j|cdddS#1swxYwYdS)agets implicit user based on resource. for example: p, alice, data1, read p, bob, data2, write p, data2_admin, data2, read p, data2_admin, data2, write g, alice, data2_admin get_implicit_users_for_resource("data2") will return [[bob data2 write] [alice data2 read] [alice data2 write]] get_implicit_users_for_resource("data1") will return [[alice data1 read]] Note: only users will be returned, roles (2nd arg in "g") will be excluded.N)r#r get_implicit_users_for_resource)rresources rrGz.SyncedEnforcer.get_implicit_users_for_resourcesX E E7::8DD E E E E E E E E E E E E E E E E E ErFcz|j5|j||cdddS#1swxYwYdS)ztget implicit user based on resource and domain. Compared to GetImplicitUsersForResource, domain is supportedN)r#r )get_implicit_users_for_resource_by_domain)rrHrs rrJz8SyncedEnforcer.get_implicit_users_for_resource_by_domainsX W W7DDXvVV W W W W W W W W W W W W W W W W W WrO)NN)T)mrrr__doc__rr+r6r=r?rArDrHrJrMrQrTrWrZr]r/r`rcrergrlrnrprrrvryr|r~rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr r rrrrrrrr r$r'r)r+r-r/r1r4strr:r<rCrErGrJrrrrr&s44))))(((...***--- ''' ((( (((... )))""" ))) ))) &&& *** ))) 888 )))... +++...000... 999 --- 888 --- 888 +++ 666 ((( KKK 333 XXX 111 TTT <<< aaa /// <<< ///<<<222 NNN ??? [[[ 888 EEE 888EEE;;; WWW HHH ddd 444444 444 999 999<<<777------:::FFFIII===:::FFF F F FRV q q q q q_c" J J JFFF FFF KKK OOO LLL YYY OOO 777 3333777 III >>> XXX ddd UUU """ ///<<<222 ??? 888EEE;;; HHH fff3#32B3333;;;111 ;;; E E EWWWWWrr)r r-casbin.enforcerrcasbin.util.rwlockrrrrrrrOs $$$$$$******         I WI WI WI WI WI WI WI WI WI Wr