Add GetStrictFilteredPolicy: treat "" as literal empty string, "*" as wildcard

[Copilot]

GetFilteredPolicy treats "" as a wildcard (matches any value), making it impossible to query for policy rules where a field is literally an empty string. The issue requests a non-breaking strict variant.

Changes

• model/policy.go — Added GetStrictFilteredPolicy core method: "" matches only empty-string fields, "*" matches any value. Includes bounds check on fieldIndex+i absent from the original.
• management_api.go — Added four new Enforcer methods: GetStrictFilteredPolicy, GetStrictFilteredNamedPolicy, GetStrictFilteredGroupingPolicy, GetStrictFilteredNamedGroupingPolicy
• enforcer_interface.go — Extended IEnforcer with the four new methods
• enforcer_synced.go — Added thread-safe wrappers on SyncedEnforcer for all four methods

Behaviour contrast

// Policy contains: ["alice","data1","read"], ["","data1","read"]

// Old: "" is wildcard — returns both rules
e.GetFilteredPolicy(0, "")           // [["alice","data1","read"], ["","data1","read"]]

// New: "" is literal — returns only the empty-subject rule
e.GetStrictFilteredPolicy(0, "")     // [["","data1","read"]]

// New: "*" is wildcard — returns all rules
e.GetStrictFilteredPolicy(0, "*")    // [["alice","data1","read"], ["","data1","read"]]

Original prompt

---

This section details on the original issue you should resolve

<issue_title>e.GetFilteredPolicy Empty string treated as wildcard</issue_title>
<issue_description>Expected behaviour:
In GetFilteredPolicy, "" empty string should be treated as empty string, and "*" should be treated as wildcard.

Actual behaviour:
"" empty string acts as a wildcard in this line of GetFilteredPolicy:
if fieldValue != "" && rule[fieldIndex+i] != fieldValue {

Suggested fix:
GetStrictFilteredPolicy which treats "" empty string as empty string, and treats "*" as wildcard.

GetStrictFilteredPolicy so as to not introduce a breaking change in GetFilteredPolicy

Why does this matter:

1. It's been discussed that Casbin adapters should support empty strings, therefore there should be a way to Get Filtered Policy for rules with empty string values.
2. Semantic accuracy.</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes e.GetFilteredPolicy Empty string treated as wildcard #1708

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}