diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..f0b2b77 Binary files /dev/null and b/.DS_Store differ diff --git a/src/.DS_Store b/src/.DS_Store new file mode 100644 index 0000000..f557c9a Binary files /dev/null and b/src/.DS_Store differ diff --git a/src/casdoor/async_main.py b/src/casdoor/async_main.py index 6732e1d..e40f40e 100644 --- a/src/casdoor/async_main.py +++ b/src/casdoor/async_main.py @@ -25,6 +25,43 @@ from .user import User +def _build_enforce_params( + permission_id: str, + model_id: str, + resource_id: str, + enforce_id: str, + owner: str, +) -> Dict[str, str]: + """ + Build and validate parameters for enforce API calls. + + Exactly one of the parameters must be provided and non-empty. + + :return: Dictionary with exactly one parameter set + :raises ValueError: If zero or multiple parameters are provided + """ + params: Dict[str, str] = {} + if permission_id: + params["permissionId"] = permission_id + if model_id: + params["modelId"] = model_id + if resource_id: + params["resourceId"] = resource_id + if enforce_id: + params["enforcerId"] = enforce_id + if owner: + params["owner"] = owner + + if len(params) != 1: + raise ValueError( + "Exactly one of (permission_id, model_id, resource_id, enforce_id, owner) " + "must be provided and non-empty. " + f"Got {len(params)} parameters: {list(params.keys())}" + ) + + return params + + class AioHttpClient: def __init__(self, base_url): self.base_url = base_url @@ -277,19 +314,13 @@ async def enforce( :param permission_id: the permission id (i.e. organization name/permission name) :param model_id: the model id :param resource_id: the resource id - :param enforce_id: the enforce id + :param enforce_id: the enforcer id (note: uses 'enforcerId' parameter in API) :param owner: the owner of the permission :param casbin_request: a list containing the request data (i.e. sub, obj, act) :return: a boolean value indicating whether the request is allowed """ url = "/api/enforce" - params: Dict[str, str] = { - "permissionId": permission_id, - "modelId": model_id, - "resourceId": resource_id, - "enforceId": enforce_id, - "owner": owner, - } + params = _build_enforce_params(permission_id, model_id, resource_id, enforce_id, owner) async with self._session as session: response = await session.post( @@ -328,18 +359,13 @@ async def batch_enforce( :param permission_id: the permission id (i.e. organization name/permission name) :param model_id: the model id - :param enforce_id: the enforce id + :param enforce_id: the enforcer id (note: uses 'enforcerId' parameter in API) :param owner: the owner of the permission :param casbin_request: a list of lists containing the request data :return: a list of boolean values indicating whether each request is allowed """ url = "/api/batch-enforce" - params = { - "permissionId": permission_id, - "modelId": model_id, - "enforceId": enforce_id, - "owner": owner, - } + params = _build_enforce_params(permission_id, model_id, "", enforce_id, owner) async with self._session as session: response = await session.post( diff --git a/src/casdoor/main.py b/src/casdoor/main.py index c347a94..a87c5c5 100644 --- a/src/casdoor/main.py +++ b/src/casdoor/main.py @@ -43,6 +43,43 @@ from .webhook import _WebhookSDK +def _build_enforce_params( + permission_id: str, + model_id: str, + resource_id: str, + enforce_id: str, + owner: str, +) -> Dict[str, str]: + """ + Build and validate parameters for enforce API calls. + + Exactly one of the parameters must be provided and non-empty. + + :return: Dictionary with exactly one parameter set + :raises ValueError: If zero or multiple parameters are provided + """ + params = {} + if permission_id: + params["permissionId"] = permission_id + if model_id: + params["modelId"] = model_id + if resource_id: + params["resourceId"] = resource_id + if enforce_id: + params["enforcerId"] = enforce_id + if owner: + params["owner"] = owner + + if len(params) != 1: + raise ValueError( + "Exactly one of (permission_id, model_id, resource_id, enforce_id, owner) " + "must be provided and non-empty. " + f"Got {len(params)} parameters: {list(params.keys())}" + ) + + return params + + class CasdoorSDK( _UserSDK, _AdapterSDK, @@ -281,19 +318,14 @@ def enforce( :param permission_id: the permission id (i.e. organization name/permission name) :param model_id: the model id :param resource_id: the resource id - :param enforce_id: the enforce id + :param enforce_id: the enforcer id (note: uses 'enforcerId' parameter in API) :param owner: the owner of the permission :param casbin_request: a list containing the request data (i.e. sub, obj, act) :return: a boolean value indicating whether the request is allowed """ url = self.endpoint + "/api/enforce" - params = { - "permissionId": permission_id, - "modelId": model_id, - "resourceId": resource_id, - "enforceId": enforce_id, - "owner": owner, - } + params = _build_enforce_params(permission_id, model_id, resource_id, enforce_id, owner) + r = requests.post( url, params=params, @@ -332,18 +364,14 @@ def batch_enforce( :param permission_id: the permission id (i.e. organization name/permission name) :param model_id: the model id - :param enforce_id: the enforce id + :param enforce_id: the enforcer id (note: uses 'enforcerId' parameter in API) :param owner: the owner of the permission :param casbin_request: a list of lists containing the request data :return: a list of boolean values indicating whether each request is allowed """ url = self.endpoint + "/api/batch-enforce" - params = { - "permissionId": permission_id, - "modelId": model_id, - "enforceId": enforce_id, - "owner": owner, - } + params = _build_enforce_params(permission_id, model_id, "", enforce_id, owner) + r = requests.post( url, params=params,