diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 54cea7e..fe52d75 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -108,12 +108,30 @@ jobs: - name: Install dependencies run: | - luarocks install lualogging - luarocks install lrexlib-pcre2 - luarocks install luaposix - luarocks install luasocket - luarocks install busted - luarocks install busted-htest + until luarocks install lualogging + do + sleep 1 + done + until luarocks install lrexlib-pcre2 + do + sleep 1 + done + until luarocks install luaposix + do + sleep 1 + done + until luarocks install luasocket + do + sleep 1 + done + until luarocks install busted + do + sleep 1 + done + until luarocks install busted-htest + do + sleep 1 + done - name: Run Benchmark run: | diff --git a/examples/keymatch4_model.conf b/examples/keymatch4_model.conf new file mode 100644 index 0000000..da39667 --- /dev/null +++ b/examples/keymatch4_model.conf @@ -0,0 +1,14 @@ +[request_definition] +r = sub, obj, act + +[policy_definition] +p = sub, obj, act + +[role_definition] +g = _, _ + +[policy_effect] +e = some(where (p.eft == allow)) + +[matchers] +m = g(r.sub, p.sub) && keyMatch4(r.obj, p.obj) && regexMatch(r.act, p.act) diff --git a/examples/keymatch4_policy.csv b/examples/keymatch4_policy.csv new file mode 100644 index 0000000..35e99df --- /dev/null +++ b/examples/keymatch4_policy.csv @@ -0,0 +1,4 @@ +p, alice, /parent/{id}/child/{id}, GET|POST +p, bob, /parent/{id}/child/{another_id}, GET|POST +g, alice, alice +g, bob, bob \ No newline at end of file diff --git a/src/main/CoreEnforcer.lua b/src/main/CoreEnforcer.lua index c8b5aa8..c77c65c 100644 --- a/src/main/CoreEnforcer.lua +++ b/src/main/CoreEnforcer.lua @@ -446,7 +446,8 @@ function CoreEnforcer:enforceEx(...) res, err = luaxp.evaluate(tExpString, context) end if err then - error("evaluation error: " .. err.message) + local errMsg = type(err) == "table" and err.message or tostring(err) + error("evaluation error: " .. errMsg) end local c = true @@ -491,7 +492,8 @@ function CoreEnforcer:enforceEx(...) local res, err = luaxp.run(compiledExpression, context) if err then - error("evaluation error: " .. err.message) + local errMsg = type(err) == "table" and err.message or tostring(err) + error("evaluation error: " .. errMsg) end if res then diff --git a/tests/main/enforcer_spec.lua b/tests/main/enforcer_spec.lua index 122d226..082f705 100644 --- a/tests/main/enforcer_spec.lua +++ b/tests/main/enforcer_spec.lua @@ -94,6 +94,21 @@ describe("Enforcer tests", function () assert.is.True(e:enforce("alice", "/alice_data2/123/using/456", "GET")) end) + it("keyMatch4 test", function () + local model = path .. "/examples/keymatch4_model.conf" + local policy = path .. "/examples/keymatch4_policy.csv" + + local e = Enforcer:new(model, policy) + -- Test alice with matching IDs (same placeholder value) + assert.is.True(e:enforce("alice", "/parent/123/child/123", "GET")) + assert.is.True(e:enforce("alice", "/parent/456/child/456", "POST")) + -- Test alice with non-matching IDs (different placeholder values) + assert.is.False(e:enforce("alice", "/parent/123/child/456", "GET")) + -- Test bob with different IDs (different placeholders, should work) + assert.is.True(e:enforce("bob", "/parent/123/child/456", "GET")) + assert.is.True(e:enforce("bob", "/parent/789/child/012", "POST")) + end) + it("priority test", function () local model = path .. "/examples/priority_model.conf" local policy = path .. "/examples/priority_policy.csv"