Functions
Functions in matchers
Enhance matcher capabilities by incorporating functions. Use built-in functions or define custom ones. Built-in key-matching functions follow this signature:
bool function_name(string url, string pattern)
These functions return booleans indicating whether url matches pattern.
Available built-in functions:
| Function | url | pattern | Example |
|---|---|---|---|
| keyMatch | a URL path like /alice_data/resource1 | a URL path or a * pattern like /alice_data/* | keymatch_model.conf/keymatch_policy.csv |
| keyMatch2 | a URL path like /alice_data/resource1 | a URL path or a : pattern like /alice_data/:resource | keymatch2_model.conf/keymatch2_policy.csv |
| keyMatch3 | a URL path like /alice_data/resource1 | a URL path or a {} pattern like /alice_data/{resource} | https://github.com/casbin/casbin/blob/277c1a2b85698272f764d71a94d2595a8d425915/util/builtin_operators_test.go#L171-L196 |
| keyMatch4 | a URL path like /alice_data/123/book/123 | a URL path or a {} pattern like /alice_data/{id}/book/{id} | https://github.com/casbin/casbin/blob/277c1a2b85698272f764d71a94d2595a8d425915/util/builtin_operators_test.go#L208-L222 |
| keyMatch5 | a URL path like /alice_data/123/?status=1 | a URL path, a {} or * pattern like /alice_data/{id}/* | https://github.com/casbin/casbin/blob/1cde2646d10ad1190c0d784c3a1c0e1ace1b5bc9/util/builtin_operators_test.go#L485-L526 |
| regexMatch | any string | a regular expression pattern | keymatch_model.conf/keymatch_policy.csv |
| ipMatch | an IP address like 192.168.2.123 | an IP address or a CIDR like 192.168.2.0/24 | ipmatch_model.conf/ipmatch_policy.csv |
| globMatch | a path-like path like /alice_data/resource1 | a glob pattern like /alice_data/* | https://github.com/casbin/casbin/blob/277c1a2b85698272f764d71a94d2595a8d425915/util/builtin_operators_test.go#L426-L466 |
Key-getting functions generally accept three parameters (except keyGet):
bool function_name(string url, string pattern, string key_name)
These return the key_name value when matching the pattern, otherwise returning "".
Examples: KeyGet2("/resource1/action", "/:res/action", "res") returns "resource1", while KeyGet3("/resource1_admin/action", "/{res}_admin/*", "res") returns "resource1".
For KeyGet with two parameters: KeyGet("/resource1/action", "/*") returns "resource1/action".
| Function | url | pattern | key_name | example |
|---|---|---|---|---|
| keyGet | a URL path like /proj/resource1 | a URL path or a * pattern like /proj/* | \ | keyget_model.conf/keymatch_policy.csv |
| keyGet2 | a URL path like /proj/resource1 | a URL path or : pattern like /prooj/:resource | key name specified in the pattern | keyget2_model.conf/keymatch2_policy.csv |
| keyGet3 | a URL path like /proj/res3_admin/ | a URL path or {} pattern like /proj/{resource}_admin/* | key name specified in the pattern | https://github.com/casbin/casbin/blob/7bd496f94f5a2739a392d333a9aaaa10ae397673/util/builtin_operators_test.go#L209-L247 |
Complete function details: https://github.com/casbin/casbin/blob/master/util/builtin_operators_test.go
How to add a customized function
Start by creating your function, accepting multiple parameters and returning a bool:
func KeyMatch(key1 string, key2 string) bool {
i := strings.Index(key2, "*")
if i == -1 {
return key1 == key2
}
if len(key1) > i {
return key1[:i] == key2[:i]
}
return key1 == key2[:i]
}
Next, create an interface{} wrapper:
func KeyMatchFunc(args ...interface{}) (interface{}, error) {
name1 := args[0].(string)
name2 := args[1].(string)
return (bool)(KeyMatch(name1, name2)), nil
}
Register the function with the Casbin enforcer:
e.AddFunction("my_func", KeyMatchFunc)
Use the function in your model CONF:
[matchers]
m = r.sub == p.sub && my_func(r.obj, p.obj) && r.act == p.act