Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
`DomainMatchingFunc` is not used if `loadPolicy` is called after adding it
See original GitHub issueHello,
I apologise if this has been reported before, I couldn’t find it.
What’s happening
In the previous versions when there was no lazyLoad option, I used to initialise empty enforcer then add adapter and model to it. Later when I need to load policy, I used to call loadPolicy to load policies from the adapter. Please refer code below.
This used work fine with 5.7.0 . It stopped working with latest version and I spent some time debugging it. I found that, DefaultRoleManager constructor is called multiple times when executing code given below and loadPolicy also seems to initialise default role manager. If addDomainMatchingFunc is called before loadPolicy then it resets the flag hasDomainPattern which causes skipping domain matching function when domain based RBAC g rules are present in the policy.
Is this intended? Should we only call addDomainMatchingFunc after enforcer is fully initialised?
If so, it would be nice to add this somewhere in the docs. Please point me to the page, If it’s already mentioned in the docs.
export class AccessControl {
public static Action = Action;
private static _instance: AccessControl;
private defaultModel: Model
private adapter: Adapter;
private defaultEnforcer: Enforcer;
// eslint-disable-next-line @typescript-eslint/no-empty-function
private constructor(a: Adapter) {
this.adapter = a;
this.defaultModel = newModelFromFile(pathJoin(__dirname, './default-model.conf'));
const e = new Enforcer();
e.setModel(this.defaultModel);
e.setAdapter(this.adapter);
e.enableAutoSave(true);
e.enableLog(true);
this.defaultEnforcer = e;
}
public static async getInstance(dbUrl?: string): Promise<AccessControl> {
if (!AccessControl._instance) {
const adapter = await TypeORMAdapter.newAdapter({
type: 'mongodb',
url: dbUrl,
readPreference: 'secondaryPreferred',
})
const instance = new AccessControl(adapter as unknown as Adapter);
AccessControl._instance = instance;
//load default policies
await instance.defaultEnforcer.loadPolicy();
// register matching custom functions to enforcer
await (instance.defaultEnforcer.getRoleManager() as DefaultRoleManager).addDomainMatchingFunc(Util.keyMatchFunc);
await instance.addActionMatchFunc(instance.defaultEnforcer);
await instance.addObjectMatchFunc(instance.defaultEnforcer);
}
return AccessControl._instance;
}
}
Thanks for your work
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@hariprasadiit I believe
v5.11.5can resolve the problem you met. But you should callenforcer.initRmMap()manually.I believe this is a bug which exists since
v5.5.0, thanks for your report. A patch is in progress.