chore: update casbin to version 2.5.0 (#878)

Co-authored-by: Nathan.fooo <86001920+appflowy@users.noreply.github.com>
This commit is contained in:
Khor Shu Heng 2024-10-15 15:56:29 +08:00 committed by GitHub
parent 2b02a8d12b
commit 1c51656865
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 28 additions and 47 deletions

30
Cargo.lock generated
View File

@ -1914,21 +1914,22 @@ dependencies = [
[[package]] [[package]]
name = "casbin" name = "casbin"
version = "2.2.0" version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b71063d3ee2f5ecc89229ccade0f3f8fb413b5e3978124a38b611216f91dd7c9" checksum = "66e141a8db13c2e8bf3fdd6ac2b48ace7e70d2e4a66c329a4bb759e1368f22dc"
dependencies = [ dependencies = [
"async-trait", "async-trait",
"fixedbitset", "fixedbitset",
"getrandom 0.2.15", "getrandom 0.2.15",
"hashlink",
"mini-moka", "mini-moka",
"once_cell", "once_cell",
"parking_lot 0.12.3", "parking_lot 0.12.3",
"petgraph", "petgraph",
"regex", "regex",
"rhai", "rhai",
"ritelinked",
"serde", "serde",
"serde_json",
"thiserror", "thiserror",
"tokio", "tokio",
] ]
@ -3720,15 +3721,6 @@ dependencies = [
"thiserror", "thiserror",
] ]
[[package]]
name = "hashbrown"
version = "0.11.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ab5ef0d4909ef3724cc8cce6ccc8572c5c817592e9285f5464f8e86f8bd3726e"
dependencies = [
"ahash 0.7.8",
]
[[package]] [[package]]
name = "hashbrown" name = "hashbrown"
version = "0.12.3" version = "0.12.3"
@ -6031,16 +6023,6 @@ dependencies = [
"windows-sys 0.52.0", "windows-sys 0.52.0",
] ]
[[package]]
name = "ritelinked"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "98f2771d255fd99f0294f13249fecd0cae6e074f86b4197ec1f1689d537b44d3"
dependencies = [
"ahash 0.7.8",
"hashbrown 0.11.2",
]
[[package]] [[package]]
name = "rkyv" name = "rkyv"
version = "0.7.44" version = "0.7.44"
@ -6478,9 +6460,9 @@ dependencies = [
[[package]] [[package]]
name = "serde_json" name = "serde_json"
version = "1.0.122" version = "1.0.128"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da" checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8"
dependencies = [ dependencies = [
"itoa", "itoa",
"memchr", "memchr",

View File

@ -8,7 +8,7 @@ actix-http.workspace = true
app-error.workspace = true app-error.workspace = true
anyhow.workspace = true anyhow.workspace = true
async-trait.workspace = true async-trait.workspace = true
casbin = { version = "2.2.0", features = [ casbin = { version = "2.5.0", features = [
"cached", "cached",
"runtime-tokio", "runtime-tokio",
"incremental", "incremental",

View File

@ -6,7 +6,8 @@ use crate::metrics::{tick_metric, AccessControlMetrics};
use anyhow::anyhow; use anyhow::anyhow;
use app_error::AppError; use app_error::AppError;
use casbin::rhai::ImmutableString; use casbin::function_map::OperatorFunction;
use casbin::rhai::{Dynamic, ImmutableString};
use casbin::{CoreApi, DefaultModel, Enforcer, MgmtApi}; use casbin::{CoreApi, DefaultModel, Enforcer, MgmtApi};
use database_entity::dto::{AFAccessLevel, AFRole}; use database_entity::dto::{AFAccessLevel, AFRole};
@ -52,10 +53,7 @@ impl AccessControl {
let mut enforcer = casbin::Enforcer::new(model, adapter).await.map_err(|e| { let mut enforcer = casbin::Enforcer::new(model, adapter).await.map_err(|e| {
AppError::Internal(anyhow!("Failed to create access control enforcer: {}", e)) AppError::Internal(anyhow!("Failed to create access control enforcer: {}", e))
})?; })?;
enforcer.add_function( enforcer.add_function("cmpRoleOrLevel", OperatorFunction::Arg2(cmp_role_or_level));
"cmpRoleOrLevel",
|r: ImmutableString, p: ImmutableString| cmp_role_or_level(r.as_str(), p.as_str()),
);
let enforcer = Arc::new(AFEnforcer::new(enforcer, NoEnforceGroup).await?); let enforcer = Arc::new(AFEnforcer::new(enforcer, NoEnforceGroup).await?);
tick_metric( tick_metric(
@ -198,29 +196,29 @@ pub async fn casbin_model() -> Result<DefaultModel, AppError> {
/// * `r_act` - The role or access level from the request, prefixed with "r:" for roles or "l:" for levels. /// * `r_act` - The role or access level from the request, prefixed with "r:" for roles or "l:" for levels.
/// * `p_act` - The role or access level from the policy, prefixed with "r:" for roles or "l:" for levels. /// * `p_act` - The role or access level from the policy, prefixed with "r:" for roles or "l:" for levels.
/// ///
pub fn cmp_role_or_level(r_act: &str, p_act: &str) -> bool { pub fn cmp_role_or_level(r_act: ImmutableString, p_act: ImmutableString) -> Dynamic {
trace!("cmp_role_or_level: r: {} p: {}", r_act, p_act); trace!("cmp_role_or_level: r: {} p: {}", r_act, p_act);
if r_act.starts_with("r:") && p_act.starts_with("r:") { if r_act.starts_with("r:") && p_act.starts_with("r:") {
let r = AFRole::from_enforce_act(r_act); let r = AFRole::from_enforce_act(r_act.as_str());
let p = AFRole::from_enforce_act(p_act); let p = AFRole::from_enforce_act(p_act.as_str());
return p >= r; return Dynamic::from_bool(p >= r);
} }
if r_act.starts_with("l:") && p_act.starts_with("l:") { if r_act.starts_with("l:") && p_act.starts_with("l:") {
let r = AFAccessLevel::from_enforce_act(r_act); let r = AFAccessLevel::from_enforce_act(r_act.as_str());
let p = AFAccessLevel::from_enforce_act(p_act); let p = AFAccessLevel::from_enforce_act(p_act.as_str());
return p >= r; return Dynamic::from_bool(p >= r);
} }
if r_act.starts_with("l:") && p_act.starts_with("r:") { if r_act.starts_with("l:") && p_act.starts_with("r:") {
let r = AFAccessLevel::from_enforce_act(r_act); let r = AFAccessLevel::from_enforce_act(r_act.as_str());
let role = AFRole::from_enforce_act(p_act); let role = AFRole::from_enforce_act(p_act.as_str());
let p = AFAccessLevel::from(&role); let p = AFAccessLevel::from(&role);
return p >= r; return Dynamic::from_bool(p >= r);
} }
false Dynamic::from_bool(false)
} }
/// Represents the entity stored at the index of the access control policy. /// Represents the entity stored at the index of the access control policy.

View File

@ -244,7 +244,7 @@ mod tests {
entity::ObjectType, entity::ObjectType,
}; };
use async_trait::async_trait; use async_trait::async_trait;
use casbin::{prelude::*, rhai::ImmutableString}; use casbin::{function_map::OperatorFunction, prelude::*};
use database_entity::dto::{AFAccessLevel, AFRole}; use database_entity::dto::{AFAccessLevel, AFRole};
use super::{AFEnforcer, EnforcerGroup}; use super::{AFEnforcer, EnforcerGroup};
@ -268,10 +268,7 @@ mod tests {
.await .await
.unwrap(); .unwrap();
enforcer.add_function( enforcer.add_function("cmpRoleOrLevel", OperatorFunction::Arg2(cmp_role_or_level));
"cmpRoleOrLevel",
|r: ImmutableString, p: ImmutableString| cmp_role_or_level(r.as_str(), p.as_str()),
);
AFEnforcer::new(enforcer, enforce_group).await.unwrap() AFEnforcer::new(enforcer, enforce_group).await.unwrap()
} }
#[tokio::test] #[tokio::test]

View File

@ -32,7 +32,11 @@ pgvector = { workspace = true, features = ["sqlx"] }
tracing = { version = "0.1.40" } tracing = { version = "0.1.40" }
uuid = { workspace = true, features = ["serde", "v4"] } uuid = { workspace = true, features = ["serde", "v4"] }
chrono = { version = "0.4", features = ["serde"] } chrono = { version = "0.4", features = ["serde"] }
redis.workspace = true redis = { workspace = true, features = [
"aio",
"tokio-comp",
"connection-manager",
] }
futures-util = "0.3.30" futures-util = "0.3.30"
bytes = "1.5" bytes = "1.5"
aws-sdk-s3 = { version = "1.36.0", features = [ aws-sdk-s3 = { version = "1.36.0", features = [