Enforcer provides the following cateogries of Oasis functions accessible from ALFA. These functions can be used as part of an expression inside a policy.
To make use of these functions from inside an ALFA file, use the import statement:
import Oasis.Functions
import Enforcer.Functions
String Functions
The following functions manipulate strings or bags of strings.
- Concatenate
- ToBoolean
- ToInteger
- ToDouble
- ToTime
- ToDate
- ToDateTime
- ToDuration
- ToLower
- ToString
- Trim
- StartsWith
- EndsWith
- Contains
- IsMatch
- IsEqualIgnoreCase
Concatenate
Namespace : Oasis.Functions
function Concatenate = "urn:oasis:names:tc:xacml:2.0:function:string-concatenate"
: first:string second:string additional:string* -> string
Takes at least two strings and returns a single string, by combining all the strings.
Example
The following function would return "hello and goodbye".
Concatenate("hello", " and", " goodbye")
ToBoolean
Namespace : Oasis.Functions
function ToBoolean = "urn:oasis:names:tc:xacml:3.0:function:boolean-from-string"
: toConvert:string -> Boolean
Takes a string representing a Boolean value, and coverts it into a Boolean value.
Indeterminate
If the string is neither true or false, then the function will fail resulting in the overall result of the expression being indeterminate.
ToInteger
Namespace : Oasis.Functions
function ToInteger = "urn:oasis:names:tc:xacml:3.0:function:integer-from-string"
: toConvert:string -> integer
Takes a string representation of an integer value and converts it into an integer.
Indeterminate
If the string is not a valid integer, then the function will fail resulting in the overall result of the expression being indeterminate.
ToDouble
Namespace : Oasis.Functions
function ToDouble = "urn:oasis:names:tc:xacml:3.0:function:double-from-string"
: toConvert:string -> double
Takes a string representation of a double value and converts it into an double.
Indeterminate
If the string is not a valid double, then the function will fail resulting in the overall result of the expression being indeterminate.
ToTime
Namespace : Oasis.Functions
function ToTime = "urn:oasis:names:tc:xacml:3.0:function:time-from-string"
: toConvert:string -> time
Takes a string representation of a time value and converts it into a time.
Indeterminate
If the string is not a valid double, then the function will fail resulting in the overall result of the expression being indeterminate.
ToDate
Namespace : Oasis.Functions
function ToDate = "urn:oasis:names:tc:xacml:3.0:function:date-from-string"
: toConvert:string -> date
Takes a string representation of a date value and converts it into a date.
Indeterminate
If the string is not a valid date, then the function will fail resulting in the overall result of the expression being indeterminate.
ToDatetime
Namespace : Oasis.Functions
function ToDatetime = "urn:oasis:names:tc:xacml:3.0:function:dateTime-from-string"
: toConvert:string -> dateTime
Takes a string representation of a date time value and converts it into a dateTime.
Indeterminate
If the string is not a valid dateTime, then the function will fail resulting in the overall result of the expression being indeterminate.
ToDuration
Namespace : Oasis.Enforcer
function ToDuration = "urn:rsk:function:duration-from-string"
: toConvert:string -> duration
Takes a string representation of a duration and converts it into a duration.
Examples
Converts the following ISO-8601 format into a duration of 5 days, 15 hours, 12 minutes and 46 seconds.
ToDuration("P5DT15H12M46S")
Converts the pretty format into a duration of 5 days, 15 hours, 12 minutes and 46 seconds.
ToDuration("5:15:12:46")
Indeterminate
If the string is not a valid duration, then the function will fail resulting in the overall result of the expression being indeterminate.
ToLower
Namespace : Oasis.Enforcer
function ToLower = "urn:oasis:names:tc:xacml:1.0:function:string-normalize-to-lower-case"
: input:string -> string
| input:bag[string] -> bag[string]
Converts the input string(s) into lower case
ToString
Namespace : Enforcer.Functions
function ToString = "urn:rsk:function:to-string"
: toConvert:bag[string] -> string
| toConvert:bag[integer] -> string
| toConvert:bag[double] -> string
| toConvert:bag[duration] -> string
| toConvert:bag[time] -> string
| toConvert:bag[dateTime] -> string
| toConvert:bag[date] -> string
| toConvert:bag[boolean] -> string
| toConvert:bag[string] string-> string
| toConvert:bag[integer] string -> string
| toConvert:bag[double] string -> string
| toConvert:bag[duration] string -> string
| toConvert:bag[time] string -> string
| toConvert:bag[dateTime] string -> string
| toConvert:bag[date] string -> string
| toConvert:bag[boolean] string -> string
| toConvert:string -> string
| toConvert:integer -> string
| toConvert:double -> string
| toConvert:duration -> string
| toConvert:time -> string
| toConvert:dateTime -> string
| toConvert:date -> string
| toConvert:boolean -> string
Takes any value or bag of values and returns a string.
If the bag contains no values, an empty string is returned.
If the bag contains multiple values, each value is comma separated.
To change the separator string between each item in the bag, call the ToString with an additional parameter indicating the string to use to separate each item in the bag.
Example
ToString(Subject.Role, ":")
Trim
Namespace : Oasis.Fuctions
function Trim = "urn:oasis:names:tc:xacml:1.0:function:string-normalize-space"
: input:string -> string
| input:bag[string] -> bag[string]
Removes all white space before and after a string.
StartsWith
Namespace : Oasis.Functions
function StartsWith = "urn:oasis:names:tc:xacml:3.0:function:string-starts-with"
: query:string toTest:string -> boolean
| query:string toTest:bag[string] -> bag[boolean]
Takes two string parameters, the first representing the pattern to match and the second representing the full string to compare against. If the full string starts with the pattern string, the function returns true, otherwise false.
Alternativly the second parameter can be a bag of full strings. The method returns a boolean bag containing the result of each string comparison. A boolean bag containing at least one item that is true is considered to be true in a boolean expression.
Examples
The following expression will evaluate to true.
StartsWith("hello", "hello world")
The following expression will evaluate to true, if any of the users phone numbers starts with a +44.
StartsWith("+44",Subject.Phone)
The following expression will evaluate to true, if all of the users phone numbers starts with a +44.
all(EndsWith("@acme.com",Subject.Email))
EndsWith
function EndsWith = "urn:oasis:names:tc:xacml:3.0:function:string-ends-with"
: query:string toTest:string -> boolean
| query:string toTest:bag[string] -> bag[boolean]
Takes two string parameters, the first representing the pattern to match and the second representing the full string to compare against. If the full string ends with the pattern string, the function returns true, otherwise false.
Alternativly the second parameter can be a bag of full strings. The method returns a boolean bag containing the result of each string comparison.
Examples
The following expression will evaluate to true.
EndsWith("@rocksolidknowledge", "support@rocksolidknowledge")
The following expression will evaluate to true, if any of the users email addresses end with @acme.com
EndsWith("@acme.com",Subject.Email)
The following expression will evaluate to true, if all of the users email addresses end with @acme.com
all(EndsWith("@acme.com",Subject.Email))
Contains
Namespace : Oasis.Functions
function Contains = "urn:oasis:names:tc:xacml:3.0:function:string-contains"
: query:string toTest:string -> boolean
| query:string toTest:bag[string] -> bag[boolean]
Takes two string parameters, the first representing the pattern to match and the second representing the full string to compare against. If the full string contains at least one occurrence of the pattern string, the function returns true, otherwise false.
Alternativly the second parameter can be a bag of full strings. The method returns a boolean bag containing the result of each string comparison.
Examples
The following expression will evaluate to true.
Contains("solid", "support@rocksolidknowledge")
The following expression will evaluate to true, if any of the users full name contains Smith.
Contains("Smith",Subject.Name)
The following expression will evaluate to true, if all of the users full name contains Smith.
all(Contains("@acme.com",Subject.Name))
SubString
Namespace : Oasis.Functions
function SubString = "urn:oasis:names:tc:xacml:3.0:function:string-substring"
: source:string start:integer length:integer -> string
Returns a fragment of the string, based on a zero based index and a length.
The first parameter represents the source string, the second parameter refers to the index from which to start extracting the sub string. The final parameter is the number of characters to extract.
If the final parameter is -1, this represents the remaining part of the string.
Indeterminate
If the index or length is out of bounds, then the function will fail resulting in the overall result of the expression being indeterminate.
Examples
The following expression would return "world".
SubString("hello world", 6, 5)
The following expression would return "34232".
SubString("PO34232", 2, -1)
IsEqualIgnoreCase
Namespace : Oasis.Functions
function IsEqualIgnoreCase = "urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"
: lhs:string rhs:string -> boolean
| lhs:bag[string] rhs:string -> boolean
| lhs:string rhs:bag[string] -> boolean
| lhs:bag[string] rhs:bag[string] -> boolean
Compares strings for equality ignoring case.
Examples
The following expression would return true
IsEqualIgnoreCase("HELLO","Hello")
When applying to a bag of strings if any of the bag items equals the single string value ignoring case, true is returned.
IsEqualIgnoreCase( ToBag("Hello" , "World") , "hellO")
When comparing two bags of string, true is returned if both bags are equivilent in values ignoring case. The following example returns true
IsEqualIgnoreCase( ToBag("Hello" , "World") , ToBag("HELLO" , "WORLD"))
IsMatch
Namespace : Oasis.Functions
function IsMatch = "urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"
: pattern:string toTest:string -> boolean
| pattern:string toTest:bag[string] -> bag[boolean]
Performs a regular expression pattern match. The first parameter provides the match expression and the second the string to match against.
Alternativly the second parameter can be a bag of strings to match against. The method returns a boolean bag containing the result of each string comparison.
The implementation uses the .NET RegEx class, full details of its pattern matching can be found here.
Examples
The following expression would return true.
IsMatch("[0-9]+", "234392")
The following expression will evaluate to true, if any of the users employee ids match the company id pattern.
IsMatch("RSK-[0-9][0-9][0-9]$",Subject.EmployeeId)
The following expression will evaluate to true, if all of the users employee ids match the company id pattern.
all(IsMatch("RSK-[0-9][0-9][0-9]$",Subject.EmployeeId))