pkg/policy/match.go

package policy

import (
	"cmp"
	"fmt"

	"github.com/ipld/go-ipld-prime"
	"github.com/ipld/go-ipld-prime/datamodel"
	"github.com/ipld/go-ipld-prime/must"

	"github.com/ucan-wg/go-ucan/pkg/policy/selector"
)

func (p Policy) Filter(sel selector.Selector) Policy {
	return p.FilterWithMatcher(sel, selector.SegmentEquals)
}

// FilterWithMatcher extracts a subset of the policy related to the specified selector,
// by matching each segment using the given selector.SegmentMatcher.
func (p Policy) FilterWithMatcher(sel selector.Selector, matcher selector.SegmentMatcher) Policy {
	var filtered Policy
	for _, stmt := range p {
		if stmt.Selector().Matches(sel, matcher) {
			filtered = append(filtered, stmt)
		}
	}

	return filtered
}

// Match determines if the IPLD node matches the policy document.
func (p Policy) Match(node datamodel.Node) bool {
	for _, stmt := range p {
		ok := matchStatement(stmt, node)
		if !ok {
			return false
		}
	}

	return true
}

func matchStatement(statement Statement, node ipld.Node) bool {
	switch statement.Kind() {
	case KindEqual:
		if s, ok := statement.(equality); ok {
			one, many, err := selector.Select(s.selector, node)
			if err != nil {
				return false
			}
			if one != nil {
				return datamodel.DeepEqual(s.value, one)
			}
			if many != nil {
				for _, n := range many {
					if eq := datamodel.DeepEqual(s.value, n); eq {
						return true
					}
				}
			}

			return false
		}
	case KindGreaterThan:
		if s, ok := statement.(equality); ok {
			one, _, err := selector.Select(s.selector, node)
			if err != nil || one == nil {
				return false
			}
			return isOrdered(s.value, one, gt)
		}
	case KindGreaterThanOrEqual:
		if s, ok := statement.(equality); ok {
			one, _, err := selector.Select(s.selector, node)
			if err != nil || one == nil {
				return false
			}
			return isOrdered(s.value, one, gte)
		}
	case KindLessThan:
		if s, ok := statement.(equality); ok {
			one, _, err := selector.Select(s.selector, node)
			if err != nil || one == nil {
				return false
			}
			return isOrdered(s.value, one, lt)
		}
	case KindLessThanOrEqual:
		if s, ok := statement.(equality); ok {
			one, _, err := selector.Select(s.selector, node)
			if err != nil || one == nil {
				return false
			}
			return isOrdered(s.value, one, lte)
		}
	case KindNot:
		if s, ok := statement.(negation); ok {
			return !matchStatement(s.statement, node)
		}
	case KindAnd:
		if s, ok := statement.(connective); ok {
			for _, cs := range s.statements {
				r := matchStatement(cs, node)
				if !r {
					return false
				}
			}
			return true
		}
	case KindOr:
		if s, ok := statement.(connective); ok {
			if len(s.statements) == 0 {
				return true
			}
			for _, cs := range s.statements {
				r := matchStatement(cs, node)
				if r {
					return true
				}
			}
			return false
		}
	case KindLike:
		if s, ok := statement.(wildcard); ok {
			one, _, err := selector.Select(s.selector, node)
			if err != nil || one == nil {
				return false
			}
			v, err := one.AsString()
			if err != nil {
				return false
			}
			return s.pattern.Match(v)
		}
	case KindAll:
		if s, ok := statement.(quantifier); ok {
			_, many, err := selector.Select(s.selector, node)
			if err != nil || many == nil {
				return false
			}
			for _, n := range many {
				ok := matchStatement(s.statement, n)
				if !ok {
					return false
				}
			}
			return true
		}
	case KindAny:
		if s, ok := statement.(quantifier); ok {
			one, many, err := selector.Select(s.selector, node)
			if err != nil {
				return false
			}
			if one != nil {
				ok := matchStatement(s.statement, one)
				if ok {
					return true
				}
			}
			if many != nil {
				for _, n := range many {
					ok := matchStatement(s.statement, n)
					if ok {
						return true
					}
				}
			}

			return false
		}
	}
	panic(fmt.Errorf("unimplemented statement kind: %s", statement.Kind()))
}

func isOrdered(expected ipld.Node, actual ipld.Node, satisfies func(order int) bool) bool {
	if expected.Kind() == ipld.Kind_Int && actual.Kind() == ipld.Kind_Int {
		a := must.Int(actual)
		b := must.Int(expected)
		return satisfies(cmp.Compare(a, b))
	}

	if expected.Kind() == ipld.Kind_Float && actual.Kind() == ipld.Kind_Float {
		a, err := actual.AsFloat()
		if err != nil {
			panic(fmt.Errorf("extracting node float: %w", err))
		}
		b, err := expected.AsFloat()
		if err != nil {
			panic(fmt.Errorf("extracting selector float: %w", err))
		}
		return satisfies(cmp.Compare(a, b))
	}

	return false
}

func gt(order int) bool  { return order == 1 }
func gte(order int) bool { return order == 0 || order == 1 }
func lt(order int) bool  { return order == -1 }
func lte(order int) bool { return order == 0 || order == -1 }
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`package policy`

			`import (`
			`"cmp"`
			`"fmt"`

			`"github.com/ipld/go-ipld-prime"`
feat: simplify 2024-08-20 22:27:56 +02:00			`"github.com/ipld/go-ipld-prime/datamodel"`
			`"github.com/ipld/go-ipld-prime/must"`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00
feat: reorganize packages 2024-09-24 11:40:28 -04:00			`"github.com/ucan-wg/go-ucan/pkg/policy/selector"`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`)`

feat(policy): filter statements subset by selector 2024-09-24 11:33:06 +02:00			`func (p Policy) Filter(sel selector.Selector) Policy {`
versatile segments matchers 2024-09-24 19:36:01 +02:00			`return p.FilterWithMatcher(sel, selector.SegmentEquals)`
			`}`

			`// FilterWithMatcher extracts a subset of the policy related to the specified selector,`
			`// by matching each segment using the given selector.SegmentMatcher.`
			`func (p Policy) FilterWithMatcher(sel selector.Selector, matcher selector.SegmentMatcher) Policy {`
feat(policy): filter statements subset by selector 2024-09-24 11:33:06 +02:00			`var filtered Policy`
			`for _, stmt := range p {`
versatile segments matchers 2024-09-24 19:36:01 +02:00			`if stmt.Selector().Matches(sel, matcher) {`
feat(policy): filter statements subset by selector 2024-09-24 11:33:06 +02:00			`filtered = append(filtered, stmt)`
			`}`
			`}`

			`return filtered`
			`}`

			`// Match determines if the IPLD node matches the policy document.`
			`func (p Policy) Match(node datamodel.Node) bool {`
			`for _, stmt := range p {`
			`ok := matchStatement(stmt, node)`
			`if !ok {`
			`return false`
			`}`
			`}`
refactor policy.Match as receiver 2024-09-24 11:36:31 +02:00
feat(policy): filter statements subset by selector 2024-09-24 11:33:06 +02:00			`return true`
			`}`

feat: simplify 2024-08-20 22:27:56 +02:00			`func matchStatement(statement Statement, node ipld.Node) bool {`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`switch statement.Kind() {`
capability: normal go formatting for enums 2024-09-01 17:06:21 +02:00			`case KindEqual:`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`if s, ok := statement.(equality); ok {`
handle list nodes equality in selector 2024-09-16 13:00:13 +02:00			`one, many, err := selector.Select(s.selector, node)`
			`if err != nil {`
feat: simplify 2024-08-20 22:27:56 +02:00			`return false`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
handle list nodes equality in selector 2024-09-16 13:00:13 +02:00			`if one != nil {`
			`return datamodel.DeepEqual(s.value, one)`
			`}`
			`if many != nil {`
			`for _, n := range many {`
			`if eq := datamodel.DeepEqual(s.value, n); eq {`
			`return true`
			`}`
			`}`
			`}`

			`return false`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
capability: normal go formatting for enums 2024-09-01 17:06:21 +02:00			`case KindGreaterThan:`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`if s, ok := statement.(equality); ok {`
			`one, _, err := selector.Select(s.selector, node)`
feat: better selector 2024-08-20 15:55:04 +02:00			`if err != nil \|\| one == nil {`
feat: simplify 2024-08-20 22:27:56 +02:00			`return false`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`return isOrdered(s.value, one, gt)`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
capability: normal go formatting for enums 2024-09-01 17:06:21 +02:00			`case KindGreaterThanOrEqual:`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`if s, ok := statement.(equality); ok {`
			`one, _, err := selector.Select(s.selector, node)`
feat: better selector 2024-08-20 15:55:04 +02:00			`if err != nil \|\| one == nil {`
feat: simplify 2024-08-20 22:27:56 +02:00			`return false`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`return isOrdered(s.value, one, gte)`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
capability: normal go formatting for enums 2024-09-01 17:06:21 +02:00			`case KindLessThan:`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`if s, ok := statement.(equality); ok {`
			`one, _, err := selector.Select(s.selector, node)`
feat: better selector 2024-08-20 15:55:04 +02:00			`if err != nil \|\| one == nil {`
feat: simplify 2024-08-20 22:27:56 +02:00			`return false`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`return isOrdered(s.value, one, lt)`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
capability: normal go formatting for enums 2024-09-01 17:06:21 +02:00			`case KindLessThanOrEqual:`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`if s, ok := statement.(equality); ok {`
			`one, _, err := selector.Select(s.selector, node)`
feat: better selector 2024-08-20 15:55:04 +02:00			`if err != nil \|\| one == nil {`
feat: simplify 2024-08-20 22:27:56 +02:00			`return false`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`return isOrdered(s.value, one, lte)`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
capability: normal go formatting for enums 2024-09-01 17:06:21 +02:00			`case KindNot:`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`if s, ok := statement.(negation); ok {`
			`return !matchStatement(s.statement, node)`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
capability: normal go formatting for enums 2024-09-01 17:06:21 +02:00			`case KindAnd:`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`if s, ok := statement.(connective); ok {`
			`for _, cs := range s.statements {`
feat: simplify 2024-08-20 22:27:56 +02:00			`r := matchStatement(cs, node)`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`if !r {`
feat: simplify 2024-08-20 22:27:56 +02:00			`return false`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
			`}`
feat: simplify 2024-08-20 22:27:56 +02:00			`return true`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
capability: normal go formatting for enums 2024-09-01 17:06:21 +02:00			`case KindOr:`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`if s, ok := statement.(connective); ok {`
			`if len(s.statements) == 0 {`
feat: simplify 2024-08-20 22:27:56 +02:00			`return true`
feat: better selector 2024-08-20 15:55:04 +02:00			`}`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`for _, cs := range s.statements {`
feat: simplify 2024-08-20 22:27:56 +02:00			`r := matchStatement(cs, node)`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`if r {`
feat: simplify 2024-08-20 22:27:56 +02:00			`return true`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
			`}`
feat: simplify 2024-08-20 22:27:56 +02:00			`return false`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
capability: normal go formatting for enums 2024-09-01 17:06:21 +02:00			`case KindLike:`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`if s, ok := statement.(wildcard); ok {`
			`one, _, err := selector.Select(s.selector, node)`
feat: wildcard 2024-08-21 08:13:44 +02:00			`if err != nil \|\| one == nil {`
			`return false`
			`}`
			`v, err := one.AsString()`
			`if err != nil {`
			`return false`
			`}`
glob: a bit of reshaping, and a benchmark 2024-09-18 11:24:37 +02:00			`return s.pattern.Match(v)`
feat: wildcard 2024-08-21 08:13:44 +02:00			`}`
capability: normal go formatting for enums 2024-09-01 17:06:21 +02:00			`case KindAll:`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`if s, ok := statement.(quantifier); ok {`
			`_, many, err := selector.Select(s.selector, node)`
feat: quantification 2024-08-21 08:44:17 +02:00			`if err != nil \|\| many == nil {`
			`return false`
			`}`
			`for _, n := range many {`
policy: fix "all" and "any" to apply a single statement on a collection Matching the spec 2024-09-04 15:58:08 +02:00			`ok := matchStatement(s.statement, n)`
feat: quantification 2024-08-21 08:44:17 +02:00			`if !ok {`
			`return false`
			`}`
			`}`
			`return true`
			`}`
capability: normal go formatting for enums 2024-09-01 17:06:21 +02:00			`case KindAny:`
policy: remove superfluous interfaces Those interfaces were only used inside the package, where private concrete work just as well. 2024-09-02 02:24:13 +02:00			`if s, ok := statement.(quantifier); ok {`
handle list nodes equality in selector 2024-09-16 13:00:13 +02:00			`one, many, err := selector.Select(s.selector, node)`
			`if err != nil {`
feat: quantification 2024-08-21 08:44:17 +02:00			`return false`
			`}`
handle list nodes equality in selector 2024-09-16 13:00:13 +02:00			`if one != nil {`
			`ok := matchStatement(s.statement, one)`
feat: quantification 2024-08-21 08:44:17 +02:00			`if ok {`
			`return true`
			`}`
			`}`
handle list nodes equality in selector 2024-09-16 13:00:13 +02:00			`if many != nil {`
			`for _, n := range many {`
			`ok := matchStatement(s.statement, n)`
			`if ok {`
			`return true`
			`}`
			`}`
			`}`

feat: quantification 2024-08-21 08:44:17 +02:00			`return false`
			`}`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
feat: simplify 2024-08-20 22:27:56 +02:00			`panic(fmt.Errorf("unimplemented statement kind: %s", statement.Kind()))`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`

feat: simplify 2024-08-20 22:27:56 +02:00			`func isOrdered(expected ipld.Node, actual ipld.Node, satisfies func(order int) bool) bool {`
feat: better selector 2024-08-20 15:55:04 +02:00			`if expected.Kind() == ipld.Kind_Int && actual.Kind() == ipld.Kind_Int {`
feat: simplify 2024-08-20 22:27:56 +02:00			`a := must.Int(actual)`
			`b := must.Int(expected)`
			`return satisfies(cmp.Compare(a, b))`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`

feat: better selector 2024-08-20 15:55:04 +02:00			`if expected.Kind() == ipld.Kind_Float && actual.Kind() == ipld.Kind_Float {`
			`a, err := actual.AsFloat()`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`if err != nil {`
feat: simplify 2024-08-20 22:27:56 +02:00			`panic(fmt.Errorf("extracting node float: %w", err))`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
feat: better selector 2024-08-20 15:55:04 +02:00			`b, err := expected.AsFloat()`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`if err != nil {`
feat: simplify 2024-08-20 22:27:56 +02:00			`panic(fmt.Errorf("extracting selector float: %w", err))`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`
feat: simplify 2024-08-20 22:27:56 +02:00			`return satisfies(cmp.Compare(a, b))`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`

feat: simplify 2024-08-20 22:27:56 +02:00			`return false`
feat: add policy implementation 2024-08-19 23:16:36 +02:00			`}`

			`func gt(order int) bool { return order == 1 }`
			`func gte(order int) bool { return order == 0 \|\| order == 1 }`
			`func lt(order int) bool { return order == -1 }`
			`func lte(order int) bool { return order == 0 \|\| order == -1 }`