Functions
Functions in matchers
You can even specify functions in a matcher to make it more powerful. You can use built-in functions or specify your own function. The built-in key-matching functions take the following format:
bool function_name(string url, string pattern)
They return a boolean indicating whether the url
matches the pattern
.
The supported built-in functions are:
Function | url | pattern | Example |
---|---|---|---|
keyMatch | a URL path like /alice_data/resource1 | a URL path or a * pattern like /alice_data/* | keymatch_model.conf/keymatch_policy.csv |
keyMatch2 | a URL path like /alice_data/resource1 | a URL path or a : pattern like /alice_data/:resource | keymatch2_model.conf/keymatch2_policy.csv |
keyMatch3 | a URL path like /alice_data/resource1 | a URL path or a {} pattern like /alice_data/{resource} | https://github.com/casbin/casbin/blob/277c1a2b85698272f764d71a94d2595a8d425915/util/builtin_operators_test.go#L171-L196 |
keyMatch4 | a URL path like /alice_data/123/book/123 | a URL path or a {} pattern like /alice_data/{id}/book/{id} | https://github.com/casbin/casbin/blob/277c1a2b85698272f764d71a94d2595a8d425915/util/builtin_operators_test.go#L208-L222 |
keyMatch5 | a URL path like /alice_data/123/?status=1 | a URL path, a {} or * pattern like /alice_data/{id}/* | https://github.com/casbin/casbin/blob/1cde2646d10ad1190c0d784c3a1c0e1ace1b5bc9/util/builtin_operators_test.go#L485-L526 |
regexMatch | any string | a regular expression pattern | keymatch_model.conf/keymatch_policy.csv |
ipMatch | an IP address like 192.168.2.123 | an IP address or a CIDR like 192.168.2.0/24 | ipmatch_model.conf/ipmatch_policy.csv |
globMatch | a path-like path like /alice_data/resource1 | a glob pattern like /alice_data/* | https://github.com/casbin/casbin/blob/277c1a2b85698272f764d71a94d2595a8d425915/util/builtin_operators_test.go#L426-L466 |
For key-getting functions, they usually take three parameters (except keyGet
):
bool function_name(string url, string pattern, string key_name)
They will return the value of the key key_name
if it matches the pattern, and return ""
if nothing is matched.
For example, KeyGet2("/resource1/action", "/:res/action", "res")
will return "resource1"
, and KeyGet3("/resource1_admin/action", "/{res}_admin/*", "res")
will return "resource1"
.
As for KeyGet
, which takes two parameters, KeyGet("/resource1/action", "/*)
will return "resource1/action"
.
Function | url | pattern | key_name | example |
---|---|---|---|---|
keyGet | a URL path like /proj/resource1 | a URL path or a * pattern like /proj/* | \ | keyget_model.conf/keymatch_policy.csv |
keyGet2 | a URL path like /proj/resource1 | a URL path or : pattern like /prooj/:resource | key name specified in the pattern | keyget2_model.conf/keymatch2_policy.csv |
keyGet3 | a URL path like /proj/res3_admin/ | a URL path or {} pattern like /proj/{resource}_admin/* | key name specified in the pattern | https://github.com/casbin/casbin/blob/7bd496f94f5a2739a392d333a9aaaa10ae397673/util/builtin_operators_test.go#L209-L247 |
See details for the above functions at: https://github.com/casbin/casbin/blob/master/util/builtin_operators_test.go
How to add a customized function
First, prepare your function. It takes several parameters and returns a bool:
func KeyMatch(key1 string, key2 string) bool {
i := strings.Index(key2, "*")
if i == -1 {
return key1 == key2
}
if len(key1) > i {
return key1[:i] == key2[:i]
}
return key1 == key2[:i]
}
Then, wrap it with interface{}
types:
func KeyMatchFunc(args ...interface{}) (interface{}, error) {
name1 := args[0].(string)
name2 := args[1].(string)
return (bool)(KeyMatch(name1, name2)), nil
}
Finally, register the function to the Casbin enforcer:
e.AddFunction("my_func", KeyMatchFunc)
Now, you can use the function in your model CONF like this:
[matchers]
m = r.sub == p.sub && my_func(r.obj, p.obj) && r.act == p.act