Type Methods Reference
Complete reference of methods available for each type
Every type in PolicyFlow has specific methods that can be called on instances of that type. This reference provides a comprehensive guide to all available methods.
String Methods
Strings provide extensive text manipulation capabilities.
Methods Reference
| Method | Description | Returns | Example |
|---|---|---|---|
.Length() | Number of characters | Number | "hello".Length() → 5 |
.Lower() | Convert to lowercase | String | "HELLO".Lower() → "hello" |
.Upper() | Convert to uppercase | String | "hello".Upper() → "HELLO" |
.Trim() | Remove whitespace | String | " hello ".Trim() → "hello" |
.Contains(substring) | Check substring existence | Boolean | "hello".Contains("ell") → true |
.StartsWith(prefix) | Check string start | Boolean | "hello".StartsWith("he") → true |
.EndsWith(suffix) | Check string end | Boolean | "hello".EndsWith("lo") → true |
.Matches(regex) | Match regular expression | Boolean | "test@example.com".Matches("^[^@]+@[^@]+$") → true |
.Split(delimiter) | Split into array | String[] | "a,b,c".Split(",") → ["a", "b", "c"] |
Static Methods
| Method | Description | Returns | Example |
|---|---|---|---|
String.Join(array, delimiter) | Join array elements | String | String.Join(["a", "b"], ",") → "a,b" |
Examples
rule ValidateEmail {
when {
const email = user.email.Lower().Trim();
// Check domain
if (!email.EndsWith("@company.com")) {
return false;
}
// Check format
if (!email.Matches("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$")) {
return false;
}
// Check length
return email.Length() > 5 AND email.Length() < 100;
}
then ALLOW
}
rule ParseTags {
when {
const tags = resource.tags.Split(",").Map(t => t.Trim().Lower());
return tags.Contains("public") OR tags.Contains("shared");
}
then ALLOW
}Array Methods
Arrays provide powerful collection manipulation methods.
Methods Reference
| Method | Description | Returns |
|---|---|---|
.Count() | Number of elements | Number |
.IsEmpty() | Check if empty | Boolean |
.Contains(element) | Check element existence | Boolean |
.Distinct() | Remove duplicates | Array |
.First() | Get first element | Element? |
.Last() | Get last element | Element? |
.Intersection(other) | Common elements | Array |
.Union(other) | Combined unique elements | Array |
Lambda Methods
| Method | Description | Returns |
|---|---|---|
.Any(x => condition) | Check if any match | Boolean |
.All(x => condition) | Check if all match | Boolean |
.Filter(x => condition) | Filter elements | Array |
.Map(x => transform) | Transform elements | Array |
Examples
rule CheckPermissions {
when {
const requiredPerms = ["read", "write", "delete"];
const userPerms = user.permissions;
// Check if user has all required permissions
return requiredPerms.All(p => userPerms.Contains(p));
}
then ALLOW
}
rule ValidateRoles {
when {
const adminRoles = ["admin", "super-admin", "system-admin"];
const userRoles = user.roles.Map(r => r.Lower());
// Check if user has any admin role
return adminRoles.Any(role => userRoles.Contains(role));
}
then ALLOW
}
rule CheckTags {
when {
const allowedTags = resource.allowedTags;
const requestedTags = context.requestedTags;
// All requested tags must be in allowed tags
const invalidTags = requestedTags.Filter(t => !allowedTags.Contains(t));
return invalidTags.IsEmpty();
}
then ALLOW
}Map Methods
Maps (dictionaries) provide key-value storage and lookup.
Methods Reference
| Method | Description | Returns |
|---|---|---|
.Count() | Number of entries | Number |
.IsEmpty() | Check if empty | Boolean |
.ContainsKey(key) | Check key existence | Boolean |
.Get(key, [default]) | Get value with optional default | Value? |
.Keys() | Get all keys | Array<Key> |
.Values() | Get all values | Array<Value> |
Bracket Notation
// These are equivalent:
const value1 = map.Get("key");
const value2 = map["key"];
// With default value:
const value3 = map.Get("key", "default");Examples
rule CheckAttributes {
when {
// user.attributes is Map<String, String>
const dept = user.attributes.Get("department", "unknown");
const level = user.attributes["clearanceLevel"];
return dept == "engineering" AND level != null;
}
then ALLOW
}
rule ValidateMetadata {
when {
const requiredKeys = ["owner", "classification", "created"];
const metadata = resource.metadata;
// Check all required keys exist
return requiredKeys.All(key => metadata.ContainsKey(key));
}
then ALLOW
}DateTime Methods
DateTime provides comprehensive date and time operations.
Instance Methods
| Method | Description | Returns |
|---|---|---|
.Age() | Years until now | Number |
.DayOfWeek() | Day (0=Sunday) | Number |
.Add(unit, amount) | Add time | DateTime |
.Subtract(unit, amount) | Subtract time | DateTime |
.Format(pattern) | Format as string | String |
.Time() | Extract time component | Time |
.ToUnit(unit) | Extract component | Number |
Time Units
Use with TimeUnit enum:
TimeUnit.YearsTimeUnit.MonthsTimeUnit.DaysTimeUnit.HoursTimeUnit.MinutesTimeUnit.Seconds
Examples
rule CheckAccountAge {
when {
const accountAge = (DateTime.Now() - user.createdAt).TotalDays();
const isWeekend = DateTime.Now().DayOfWeek() in [0, 6];
// Require 30-day old account for weekend access
return !isWeekend OR accountAge >= 30;
}
then ALLOW
}
rule CheckExpiration {
when {
const timeUntilExpiry = resource.expiresAt - DateTime.Now();
const hoursUntilExpiry = timeUntilExpiry.TotalHours();
if (hoursUntilExpiry < 24) {
return false; // Deny if expires within 24 hours
}
const nextMonth = DateTime.Now().Add(TimeUnit.Months, 1);
return resource.expiresAt < nextMonth;
}
then ALLOW
}Specialized Type Methods
Email Methods
| Method | Description | Returns | Example |
|---|---|---|---|
.Domain() | Full domain | String | "user@sub.example.com".Domain() → "sub.example.com" |
.LocalPart() | Username part | String | "user@example.com".LocalPart() → "user" |
.TopLevelDomain() | TLD | String | "user@example.co.uk".TopLevelDomain() → "uk" |
URL Methods
| Method | Description | Returns | Example |
|---|---|---|---|
.Scheme() | Protocol | String | "https://example.com".Scheme() → "https" |
.Host() | Full hostname | String | "https://api.example.com".Host() → "api.example.com" |
.Domain() | Registered domain | String | "https://api.example.com".Domain() → "example.com" |
.Port() | Port number | Number? | "https://example.com:8080".Port() → 8080 |
.Path() | URL path | String | "https://example.com/api/v1".Path() → "/api/v1" |
.GetQueryParam(key) | Query parameter | String? | "https://example.com?key=value".GetQueryParam("key") → "value" |
IPAddress Methods
| Method | Description | Returns |
|---|---|---|
.IsIPv4() | Check if IPv4 | Boolean |
.IsIPv6() | Check if IPv6 | Boolean |
.Matches(cidr) | Check CIDR match | Boolean |
Examples
rule ValidateEmailDomain {
when {
const allowedDomains = ["company.com", "partner.com"];
return allowedDomains.Contains(user.email.Domain());
}
then ALLOW
}
rule CheckInternalAccess {
when {
// Only allow internal IPs
return context.ipAddress.Matches("10.0.0.0/8")
OR context.ipAddress.Matches("192.168.0.0/16");
}
then ALLOW
}
rule ValidateAPIEndpoint {
when {
const url = context.requestUrl;
// Must be HTTPS
if (url.Scheme() != "https") {
return false;
}
// Must be on allowed domain
if (url.Domain() != "api.company.com") {
return false;
}
// Check port if specified (Port() returns null if no port)
const port = url.Port();
if (port != null AND port != 443) {
return false;
}
// Must be v2 API
return url.Path().StartsWith("/v2/");
}
then ALLOW
}
rule HandleNullableReturns {
when {
// First() and Last() return null if array is empty
const firstRole = user.roles.First();
if (firstRole == null) {
return false; // No roles assigned
}
// GetQueryParam() returns null if parameter not found
const apiKey = context.requestUrl.GetQueryParam("api_key");
if (apiKey == null) {
return false; // No API key provided
}
// Map.Get() returns null if key not found (without default)
const clearance = user.attributes.Get("clearanceLevel");
if (clearance == null) {
return false; // No clearance level set
}
return true;
}
then ALLOW
}Method Chaining
Methods can be chained for concise expressions:
rule ComplexValidation {
when {
// Chain string methods
const normalizedEmail = user.email.Trim().Lower();
// Chain array methods
const activeAdmins = users
.Filter(u => u.isActive)
.Filter(u => u.roles.Contains("admin"))
.Map(u => u.id);
// Chain with null-safe operator
const managerDept = user.manager?.department?.Upper() ?? "NONE";
return normalizedEmail.EndsWith("@company.com")
AND activeAdmins.Count() > 0
AND managerDept == "ENGINEERING";
}
then ALLOW
}