Merge branch 'supportSomeApi'

# Conflicts:
#	README.md
#	src/main/java/org/casbin/Client.java
#	src/main/java/org/casbin/NewEnforcer.java
#	src/test/java/org/casbin/ClientTest.java

README.md

@@ -24,6 +24,7 @@ mvn clean install
 | `-p, --policy`        | The path of the policy file or policy text   | y    | Please wrap it with `""` and separate each line with `\|` |          
 | `-e, --enforce`       | Check permissions                            | n    | Please wrap it with `""`                                  |
 | `-ex, --enforceEx`    | Check permissions and get which policy it is | n    | Please wrap it with `""`                                  |
+| `-af, --addFuntion`   | Add custom funtion                           | n    | Please wrap it with `""` and separate each line with `\|` |
 | `-ap, --addPolicy`    | Add a policy rule to the policy file         | n    | Please wrap it with `""`                                  |
 | `-rp, --removePolicy` | Remove a policy rule from the policy file    | n    | Please wrap it with `""`                                  |
 

examples/abac_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == r.obj.Owner

examples/abac_not_using_policy_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act, eft
+
+[policy_effect]
+e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
+
+[matchers]
+m = r.sub == r.obj.Owner

examples/abac_rule_custom_function_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub_rule, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = eval(p.sub_rule) && r.act == p.act

examples/abac_rule_custom_function_policy.csv

@@ -0,0 +1,2 @@
+p, r.sub.name == 'alice' && custom(r.obj), r.obj, GET
+p, r.sub.age >= 18 && custom(r.obj), r.obj, GET

examples/abac_rule_effect_policy.csv

@@ -0,0 +1,4 @@
+p, alice, /data1, read, deny
+p, alice, /data1, write, allow
+p, bob, /data2, write, deny
+p, bob, /data2, read, allow

examples/abac_rule_map_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == r.obj.Owner

examples/abac_rule_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub_rule, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = eval(p.sub_rule) && r.obj == p.obj && r.act == p.act

examples/abac_rule_policy.csv

@@ -0,0 +1,2 @@
+p, r.sub.Age > 18, /data1, read
+p, r.sub.Age < 60, /data2, write

examples/abac_rule_with_domains_policy.csv

@@ -3,4 +3,4 @@ p, r.domain == 'domain1', admin, domain1, data1, write
 p, r.domain == 'domain2', admin, domain2, data2, read
 p, r.domain == 'domain2', admin, domain2, data2, write
 g, alice, admin, domain1
-g, bob, admin, domain2
+g, bob, admin, domain2

examples/basic_inverse_policy.csv

@@ -0,0 +1,2 @@
+p, alice, data1, write
+p, bob, data2, read

examples/basic_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && r.obj == p.obj && r.act == p.act

examples/basic_model_without_spaces.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub,obj,act
+
+[policy_definition]
+p = sub,obj,act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && r.obj == p.obj && r.act == p.act

examples/basic_policy.csv

@@ -0,0 +1,2 @@
+p, alice, data1, read
+p, bob, data2, write

examples/basic_with_root_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && r.obj == p.obj && r.act == p.act || r.sub == "root"

examples/basic_without_resources_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, act
+
+[policy_definition]
+p = sub, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && r.act == p.act

examples/basic_without_resources_policy.csv

@@ -0,0 +1,2 @@
+p, alice, read
+p, bob, write

examples/basic_without_users_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = obj, act
+
+[policy_definition]
+p = obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.obj == p.obj && r.act == p.act

examples/basic_without_users_policy.csv

@@ -0,0 +1,2 @@
+p, data1, read
+p, data2, write

examples/comment_model.conf

@@ -0,0 +1,12 @@
+[request_definition]
+r = sub, obj, act ; Request definition
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow)) # This is policy effect.
+
+# Matchers
+[matchers]
+m = r.sub == p.sub && r.obj == p.obj && r.act == p.act

examples/glob_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && globMatch(r.obj, p.obj) && r.act == p.act

examples/glob_policy.csv

@@ -0,0 +1,4 @@
+p, u1, /foo/*, read
+p, u2, /foo*, read
+p, u3, /*/foo/*, read
+p, u4, *, read

examples/group_with_domain_model.conf

@@ -0,0 +1,15 @@
+[request_definition]
+r = sub, dom, obj, act
+
+[policy_definition]
+p = sub, dom, obj, act
+
+[role_definition]
+g = _,_
+g2 = _, _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = (g(r.sub, p.sub) || g2(r.sub, p.sub, r.dom)) && r.obj == p.obj && r.act == p.act

examples/group_with_domain_policy.csv

@@ -0,0 +1,3 @@
+p, admin, domain1, data1, read
+g, alice, group1
+g2, group1, admin, domain1

examples/haslink_synchronized_model.conf

@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj
+
+[policy_definition]
+p = sub, obj, eft
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = !some(where (p.eft == deny))
+
+[matchers]
+m = r.sub == p.sub && g(r.obj, p.obj)

examples/in_op_sytanx.conf

@@ -0,0 +1,12 @@
+[request_definition]
+r = sub, obj
+
+[policy_definition]
+p = sub
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub.name == p.sub && r.sub.name in r.obj.admins && ("bob") in r.obj.admins
+

examples/in_op_sytanx.csv

@@ -0,0 +1 @@
+p, alice

examples/ipmatch_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = ipMatch(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

examples/ipmatch_policy.csv

@@ -0,0 +1,2 @@
+p, 192.168.2.0/24, data1, read
+p, 10.0.0.0/16, data2, write

examples/keymatch2_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && keyMatch2(r.obj, p.obj) && regexMatch(r.act, p.act)

examples/keymatch2_policy.csv

@@ -0,0 +1,2 @@
+p, alice, /alice_data/:resource, GET
+p, alice, /alice_data2/:id/using/:resId, GET

examples/keymatch4_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && keyMatch4(r.obj, p.obj) && regexMatch(r.act, p.act)

examples/keymatch4_policy.csv

@@ -0,0 +1,4 @@
+p, alice, /alice_data/resource/{id}/child/{id}, GET
+p, alice, /alice_data/resource/{id}/child{id}, GET
+p, alice, /alice_data/resource/{id}/child/{id}/child2/{id}, GET
+p, alice, /alice_data2/{id}/using/{resId}, GET

examples/keymatch_custom_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)

examples/keymatch_model.conf

@@ -0,0 +1,11 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub == p.sub && keyMatchCustom(r.obj, p.obj) && regexMatch(r.act, p.act)

examples/keymatch_policy.csv

@@ -0,0 +1,5 @@
+p, alice, /alice_data/*, GET
+p, alice, /alice_data/resource1, POST
+p, bob, /alice_data/resource2, GET
+p, bob, /bob_data/*, POST
+p, cathy, /cathy_data, (GET)|(POST)

examples/keymatch_with_rbac_in_domain.conf

@@ -0,0 +1,15 @@
+[request_definition]
+r = sub, dom, obj, act
+
+[policy_definition]
+p = sub, dom, obj, act
+
+[role_definition]
+g = _, _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+#RBAC
+m = g(r.sub, p.sub, r.dom) && keyMatch(r.dom, p.dom) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)

examples/keymatch_with_rbac_in_domain.csv

@@ -0,0 +1,8 @@
+g,can_manage,can_use,*
+
+#engine
+p,can_manage,engines/*,*,(pause)|(resume)
+p,can_use,engines/*,*,(attach)|(detach)
+
+
+g,Username==test2,can_manage,engines/engine1

examples/multiline_model.conf

@@ -0,0 +1,19 @@
+[request_definition]
+r = sub, dom, obj, act
+
+[policy_definition]
+p = sub, dom, obj, act, eft
+
+[role_definition]
+g = _, _
+g2 = _, _, _
+g3 = _, _, _
+
+[policy_effect]
+e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
+
+[matchers]
+m = (g(r.sub, p.sub) || g2(r.sub, p.sub, r.dom)) \
+    && (keyMatch(r.obj, p.obj) || g3(r.obj, p.obj, r.dom)) \
+    && (p.dom == 'public' || r.dom == p.dom)\
+    && keyMatch(r.act, p.act) \

examples/multiline_policy.csv

@@ -0,0 +1,5 @@
+p, alice, domain1, data1, read, allow
+p, bob, domain1, data2, write, allow
+p, data2_admin, domain1, data2, read, allow
+p, data2_admin, domain1, data2, write, allow
+p, alice, domain1, data2, write, deny