feat: enable ABAC support in /api/enforce and /api/batch-enforce endpoints

Co-authored-by: hsluoyz <3787410+hsluoyz@users.noreply.github.com> Agent-Logs-Url: https://github.com/casdoor/casdoor/sessions/6176766c-3464-438b-b8f2-1cf570a1c30c
2026-03-24 12:19:52 +00:00
parent bbf726fb75
commit bd60682b05
4 changed files with 42 additions and 17 deletions
--- a/controllers/casbin_api.go
+++ b/controllers/casbin_api.go
@@ -26,7 +26,7 @@ import (
 // @Title Enforce
 // @Tag Enforcer API
 // @Description Call Casbin Enforce API
-// @Param   body    body   []string  true   "Casbin request"
+// @Param   body    body   []interface{}  true   "Casbin request (array of strings or JSON objects for ABAC)"
 // @Param   permissionId    query   string  false   "permission id"
 // @Param   modelId    query   string  false   "model id"
 // @Param   resourceId    query   string  false   "resource id"
@@ -57,7 +57,7 @@ func (c *ApiController) Enforce() {
 		return
 	}

-	var request []string
+	var request []interface{}
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -74,8 +74,8 @@ func (c *ApiController) Enforce() {
 		res := []bool{}
 		keyRes := []string{}

-		// type transformation
-		interfaceRequest := util.StringToInterfaceArray(request)
+		// convert any JSON-encoded string elements to anonymous structs for ABAC support
+		interfaceRequest := util.ConvertInterfaceArray(request)

 		enforceResult, err := enforcer.Enforce(interfaceRequest...)
 		if err != nil {
@@ -173,7 +173,7 @@ func (c *ApiController) Enforce() {
 // @Title BatchEnforce
 // @Tag Enforcer API
 // @Description Call Casbin BatchEnforce API
-// @Param   body    body   []string  true   "array of casbin requests"
+// @Param   body    body   [][]interface{}  true   "array of Casbin requests (each request is an array of strings or JSON objects for ABAC)"
 // @Param   permissionId    query   string  false   "permission id"
 // @Param   modelId    query   string  false   "model id"
 // @Param   owner    query   string  false   "owner"
@@ -197,7 +197,7 @@ func (c *ApiController) BatchEnforce() {
 		return
 	}

-	var requests [][]string
+	var requests [][]interface{}
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -214,8 +214,8 @@ func (c *ApiController) BatchEnforce() {
 		res := [][]bool{}
 		keyRes := []string{}

-		// type transformation
-		interfaceRequests := util.StringToInterfaceArray2d(requests)
+		// convert any JSON-encoded string elements to anonymous structs for ABAC support
+		interfaceRequests := util.ConvertInterfaceArray2d(requests)

 		enforceResult, err := enforcer.BatchEnforce(interfaceRequests)
 		if err != nil {
--- a/object/permission_enforcer.go
+++ b/object/permission_enforcer.go
@@ -291,26 +291,26 @@ func removeGroupingPolicies(permission *Permission) error {
 	return nil
 }

-func Enforce(permission *Permission, request []string, permissionIds ...string) (bool, error) {
+func Enforce(permission *Permission, request []interface{}, permissionIds ...string) (bool, error) {
 	enforcer, err := getPermissionEnforcer(permission, permissionIds...)
 	if err != nil {
 		return false, err
 	}

-	// type transformation
-	interfaceRequest := util.StringToInterfaceArray(request)
+	// convert any JSON-encoded string elements to anonymous structs for ABAC support
+	interfaceRequest := util.ConvertInterfaceArray(request)

 	return enforcer.Enforce(interfaceRequest...)
 }

-func BatchEnforce(permission *Permission, requests [][]string, permissionIds ...string) ([]bool, error) {
+func BatchEnforce(permission *Permission, requests [][]interface{}, permissionIds ...string) ([]bool, error) {
 	enforcer, err := getPermissionEnforcer(permission, permissionIds...)
 	if err != nil {
 		return nil, err
 	}

-	// type transformation
-	interfaceRequests := util.StringToInterfaceArray2d(requests)
+	// convert any JSON-encoded string elements to anonymous structs for ABAC support
+	interfaceRequests := util.ConvertInterfaceArray2d(requests)

 	return enforcer.BatchEnforce(interfaceRequests)
 }
--- a/util/string.go
+++ b/util/string.go
@@ -395,6 +395,31 @@ func StringToInterfaceArray2d(arrays [][]string) [][]interface{} {
 	return interfaceArrays
 }

+func ConvertInterfaceArray(array []interface{}) []interface{} {
+	result := make([]interface{}, len(array))
+	for i, elem := range array {
+		if s, ok := elem.(string); ok {
+			jStruct, err := TryJsonToAnonymousStruct(s)
+			if err == nil {
+				result[i] = jStruct
+			} else {
+				result[i] = elem
+			}
+		} else {
+			result[i] = elem
+		}
+	}
+	return result
+}
+
+func ConvertInterfaceArray2d(arrays [][]interface{}) [][]interface{} {
+	result := make([][]interface{}, len(arrays))
+	for i, arr := range arrays {
+		result[i] = ConvertInterfaceArray(arr)
+	}
+	return result
+}
+
 func generateRandomString(length int) (string, error) {
 	const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
 	b := make([]byte, length)
--- a/util/variable.go
+++ b/util/variable.go
@@ -15,7 +15,7 @@
 package util

 var (
-	Version      = "dev"
-	CommitId     = "unknown"
-	CommitOffset = 0
+	Version      = ""
+	CommitId     = ""
+	CommitOffset = -1
 )