perf: Support priority deny override model without recursion.

Signed-off-by: Sagilio <[email protected]>

Author: sagilio

NetCasbin/CoreEnforcer.cs

@@ -832,11 +832,11 @@ private Task<bool> InternalEnforceAsync(IReadOnlyList<object> requestValues, str
         /// <param name="requestValues">The request needs to be mediated, usually an array of strings, 
         /// can be class instances if ABAC is used.</param>
         /// <param name="matcher">The custom matcher.</param>
-        /// <param name="explains"></param>
+        /// <param name="explains">Collection of matched policy explains</param>
         /// <returns>Whether to allow the request.</returns>
         private bool InternalEnforce(IReadOnlyList<object> requestValues, string matcher = null, ICollection<IEnumerable<string>> explains = null)
         {
-            EnforceContext context = EnforceContext.Create(model, matcher, explains is not null);
+            var context = EnforceContext.Create(model, matcher, explains is not null);
 
             if (context.RequestTokens.Count != requestValues.Count)
             {
@@ -955,36 +955,41 @@ private bool InternalEnforce(IReadOnlyList<object> requestValues, string matcher
         /// <param name="context">Storage of enforcer variables</param>
         /// <param name="requestValues">The request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.</param>
         /// <param name="explains">Collection of matched policy explains</param>
-        /// <param name="maxPriority">Index of maxPriority to filter out lower tier policies</param>
         /// <returns>Whether to allow the request.</returns>
         private bool InternalEnforceWithChainEffector(
             EnforceContext context,
             IChainEffector chainEffector,
             IReadOnlyList<object> requestValues = null,
-            ICollection<IEnumerable<string>> explains = null,
-            PolicyEffectType effectType = PolicyEffectType.Custom,
-            int maxPriority = int.MaxValue)
+            ICollection<IEnumerable<string>> explains = null)
         {
-            bool result = false;
+            bool finalResult = false;
             chainEffector.StartChain(context.Effect);
 
             bool hasPriority = context.PolicyAssertion.TryGetPriorityIndex(out int priorityIndex);
+            bool isPriorityDenyOverrideEfffet = chainEffector.PolicyEffectType is PolicyEffectType.PriorityDenyOverride;
+            int? priority = null;
 
             if (context.Policies.Count is not 0)
             {
-                IEnumerable<IReadOnlyList<string>> policies = context.Policies;
-                if (hasPriority && chainEffector.PolicyEffectType is PolicyEffectType.PriorityDenyOverride)
-                {
-                    policies = policies.Where(t => maxPriority == int.MaxValue || int.Parse(t[priorityIndex]) == maxPriority);
-                }
-
-                foreach (IReadOnlyList<string> policyValues in policies)
+                foreach (IReadOnlyList<string> policyValues in context.Policies)
                 {
                     if (context.PolicyTokens.Count != policyValues.Count)
                     {
                         throw new ArgumentException($"Invalid policy size: expected {context.PolicyTokens.Count}, got {policyValues.Count}.");
                     }
 
+                    if (hasPriority && isPriorityDenyOverrideEfffet)
+                    {
+                        if (int.TryParse(policyValues[priorityIndex], out int nowPriority))
+                        {
+                            if (priority.HasValue && nowPriority != priority.Value)
+                            {
+                                break;
+                            }
+                            priority = nowPriority;
+                        }
+                    }
+
                     ExpressionHandler.SetPolicyParameters(policyValues);
 
                     bool expressionResult;
@@ -1001,14 +1006,6 @@ private bool InternalEnforceWithChainEffector(
 
                     var nowEffect = GetEffect(expressionResult);
 
-                    if (context.Effect.Equals(PermConstants.PolicyEffect.PriorityDenyOverride)
-                            && nowEffect == Effect.Effect.Allow
-                            && maxPriority == int.MaxValue)
-                    {
-                        return InternalEnforceWithChainEffector(context, chainEffector, requestValues, explains, effectType,
-                            int.Parse(policyValues[priorityIndex]));
-                    }
-
                     if (nowEffect is not Effect.Effect.Indeterminate
                         && ExpressionHandler.Parameters.TryGetValue("p_eft", out Parameter parameter))
                     {
@@ -1034,7 +1031,7 @@ private bool InternalEnforceWithChainEffector(
                     }
                 }
 
-                result = chainEffector.Result;
+                finalResult = chainEffector.Result;
             }
             else
             {
@@ -1049,7 +1046,7 @@ private bool InternalEnforceWithChainEffector(
 
                 if (chainEffector.TryChain(nowEffect))
                 {
-                    result = chainEffector.Result;
+                    finalResult = chainEffector.Result;
                 }
 
                 if (context.Explain && chainEffector.HitPolicy)
@@ -1061,14 +1058,14 @@ private bool InternalEnforceWithChainEffector(
 #if !NET45
             if (context.Explain)
             {
-                Logger?.LogEnforceResult(requestValues, result, explains);
+                Logger?.LogEnforceResult(requestValues, finalResult, explains);
             }
             else
             {
-                Logger?.LogEnforceResult(requestValues, result);
+                Logger?.LogEnforceResult(requestValues, finalResult);
             }
 #endif
-            return result;
+            return finalResult;
         }
 
         private static Effect.Effect GetEffect(bool expressionResult)