Skip to main content

Functions

Functions in matchers

You can even specify functions in a matcher to make it more powerful. You can use built-in functions or specify your own function. The built-in key-matching functions take the following format:

bool function_name(string url, string pattern)

They return a boolean indicating whether the url matches the pattern.

The supported built-in functions are:

FunctionurlpatternExample
keyMatcha URL path like /alice_data/resource1a URL path or a * pattern like /alice_data/*keymatch_model.conf/keymatch_policy.csv
keyMatch2a URL path like /alice_data/resource1a URL path or a : pattern like /alice_data/:resourcekeymatch2_model.conf/keymatch2_policy.csv
keyMatch3a URL path like /alice_data/resource1a URL path or a {} pattern like /alice_data/{resource}https://github.com/casbin/casbin/blob/277c1a2b85698272f764d71a94d2595a8d425915/util/builtin_operators_test.go#L171-L196
keyMatch4a URL path like /alice_data/123/book/123a URL path or a {} pattern like /alice_data/{id}/book/{id}https://github.com/casbin/casbin/blob/277c1a2b85698272f764d71a94d2595a8d425915/util/builtin_operators_test.go#L208-L222
keyMatch5a URL path like /alice_data/123/?status=1a URL path, a {} or * pattern like /alice_data/{id}/*https://github.com/casbin/casbin/blob/1cde2646d10ad1190c0d784c3a1c0e1ace1b5bc9/util/builtin_operators_test.go#L485-L526
regexMatchany stringa regular expression patternkeymatch_model.conf/keymatch_policy.csv
ipMatchan IP address like 192.168.2.123an IP address or a CIDR like 192.168.2.0/24ipmatch_model.conf/ipmatch_policy.csv
globMatcha path-like path like /alice_data/resource1a glob pattern like /alice_data/*https://github.com/casbin/casbin/blob/277c1a2b85698272f764d71a94d2595a8d425915/util/builtin_operators_test.go#L426-L466

For key-getting functions, they usually take three parameters (except keyGet):

bool function_name(string url, string pattern, string key_name)

They will return the value of the key key_name if it matches the pattern, and return "" if nothing is matched.

For example, KeyGet2("/resource1/action", "/:res/action", "res") will return "resource1", and KeyGet3("/resource1_admin/action", "/{res}_admin/*", "res") will return "resource1". As for KeyGet, which takes two parameters, KeyGet("/resource1/action", "/*) will return "resource1/action".

Functionurlpatternkey_nameexample
keyGeta URL path like /proj/resource1a URL path or a * pattern like /proj/*\ keyget_model.conf/keymatch_policy.csv
keyGet2a URL path like /proj/resource1a URL path or : pattern like /prooj/:resourcekey name specified in the patternkeyget2_model.conf/keymatch2_policy.csv
keyGet3a URL path like /proj/res3_admin/a URL path or {} pattern like /proj/{resource}_admin/*key name specified in the patternhttps://github.com/casbin/casbin/blob/7bd496f94f5a2739a392d333a9aaaa10ae397673/util/builtin_operators_test.go#L209-L247

See details for the above functions at: https://github.com/casbin/casbin/blob/master/util/builtin_operators_test.go

How to add a customized function

First, prepare your function. It takes several parameters and returns a bool:

func KeyMatch(key1 string, key2 string) bool {
i := strings.Index(key2, "*")
if i == -1 {
return key1 == key2
}

if len(key1) > i {
return key1[:i] == key2[:i]
}
return key1 == key2[:i]
}

Then, wrap it with interface{} types:

func KeyMatchFunc(args ...interface{}) (interface{}, error) {
name1 := args[0].(string)
name2 := args[1].(string)

return (bool)(KeyMatch(name1, name2)), nil
}

Finally, register the function to the Casbin enforcer:

e.AddFunction("my_func", KeyMatchFunc)

Now, you can use the function in your model CONF like this:

[matchers]
m = r.sub == p.sub && my_func(r.obj, p.obj) && r.act == p.act