feat: update_filtered_policies

casbin/internal_enforcer.py

@@ -88,6 +88,37 @@ def _update_policies(self, sec, ptype, old_rules, new_rules):
 
         return rules_updated
 
+    def _update_filtered_policies(
+        self, sec, ptype, new_rules, field_index, *field_values
+    ):
+        """_update_filtered_policies deletes old rules and adds new rules."""
+
+        old_rules = self.model.get_filtered_policy(
+            sec, ptype, field_index, *field_values
+        )
+
+        if self.adapter and self.auto_save:
+            try:
+                old_rules = self.adapter.update_filtered_policies(
+                    sec, ptype, new_rules, field_index, *field_values
+                )
+            except:
+                pass
+
+        if not old_rules:
+            return False
+
+        is_rule_changed = self.model.remove_policies(sec, ptype, old_rules)
+        self.model.add_policies(sec, ptype, new_rules)
+        is_rule_changed = is_rule_changed and len(new_rules) != 0
+        if not is_rule_changed:
+            return is_rule_changed
+        if sec == "g":
+            self.build_role_links()
+        if self.watcher:
+            self.watcher.update()
+        return is_rule_changed
+
     def _remove_policy(self, sec, ptype, rule):
         """removes a rule from the current policy."""
         rule_removed = self.model.remove_policy(sec, ptype, rule)

casbin/management_enforcer.py

@@ -151,6 +151,20 @@ def update_named_policies(self, ptype, old_rules, new_rules):
         """updates authorization rules from the current named policy."""
         return self._update_policies("p", ptype, old_rules, new_rules)
 
+    def update_filtered_policies(self, new_rules, field_index, *field_values):
+        """update_filtered_policies deletes old rules and adds new rules."""
+        return self.update_filtered_named_policies(
+            "p", new_rules, field_index, *field_values
+        )
+
+    def update_filtered_named_policies(
+        self, ptype, new_rules, field_index, *field_values
+    ):
+        """update_filtered_named_policies deletes old rules and adds new rules."""
+        return self._update_filtered_policies(
+            "p", ptype, new_rules, field_index, *field_values
+        )
+
     def remove_policy(self, *params):
         """removes an authorization rule from the current policy."""
         return self.remove_named_policy("p", *params)

casbin/persist/adapters/update_adapter.py

@@ -28,3 +28,11 @@ def update_policies(self, sec, ptype, old_rules, new_rules):
         UpdatePolicies updates some policy rules to storage, like db, redis.
         """
         pass
+
+    def update_filtered_policies(
+        self, sec, ptype, new_rules, field_index, *field_values
+    ):
+        """
+        update_filtered_policies deletes old rules and adds new rules.
+        """
+        pass

tests/test_management_api.py

@@ -115,6 +115,24 @@ def test_get_policy_api(self):
         self.assertTrue(e.has_grouping_policy(["alice", "data2_admin"]))
         self.assertFalse(e.has_grouping_policy(["bob", "data2_admin"]))
 
+    def test_update_filtered_policies(self):
+        e = self.get_enforcer(
+            get_examples("rbac_model.conf"),
+            get_examples("rbac_policy.csv"),
+        )
+
+        e.update_filtered_policies(
+            [
+                ["data2_admin", "data3", "read"],
+                ["data2_admin", "data3", "write"],
+                ["bob", "data3", "write"],
+            ],
+            0,
+            "data2_admin",
+        )
+        self.assertTrue(e.enforce("data2_admin", "data3", "write"))
+        self.assertTrue(e.enforce("data2_admin", "data3", "read"))
+
     def test_get_policy_matching_function(self):
         e = self.get_enforcer(
             get_examples("rbac_with_domain_and_policy_pattern_model.conf"),