Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Results for "RBAC with pattern" differ from Casbin editor
See original GitHub issueHi, I’m totally new at this and there’s a high probability that I’ve just missed somehting basic to get this to work. BUT, when I run the same model/policy in the Casbin Editor and node I get different results.
Versions used:
- casbin: 5.2.0
- typescript: 4.0.5
- node: 14
The model I used was the “RBAC with pattern” example from this repo:
Model
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
g2 = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && g2(r.obj, p.obj) && regexMatch(r.act, p.act)
I used the example policy as well:
Policy
p, alice, /pen/1, GET
p, alice, /pen2/1, GET
p, book_admin, book_group, GET
p, pen_admin, pen_group, GET
g, alice, book_admin
g, bob, pen_admin
g, /book/*, book_group
g, cathy, /book/1/2/3/4/5
g, cathy, pen_admin
g2, /book/:id, book_group
g2, /pen/:id, pen_group
g2, /book2/{id}, book_group
g2, /pen2/{id}, pen_group
My source code is not anything special:
export const check = async (userId: string, resource: string, action: string): Promise<boolean> => {
const e = await newEnforcer('./src/auth/model.conf', './src/auth/policy.csv')
e.enableLog(true)
const permission = await e.enforce(userId, resource, action)
return permission
}
const run = async () => {
const a1 = await check('alice', '/book/1', 'GET')
const a2 = await check('bob', '/book/1', 'GET')
const a3 = await check('alice', '/pen/1', 'GET')
const a4 = await check('bob', '/pen/1', 'GET')
}
run()
In the Casbin Editor I get the following results:
alice, /book/1, GET --> true
bob, /book/1, GET --> false
alice, /pen/1, GET --> true
bob, /pen/1, GET --> true
But in node I get the following:
Request: alice, /book/1, GET ---> false
Request: bob, /book/1, GET ---> false
Request: alice, /pen/1, GET ---> true
Request: bob, /pen/1, GET ---> false
Full log output
```ini Request: alice, /book/1, GET ---> false Model: r.r: sub, obj, act p.p: sub, obj, act g.g: _, _ g.g2: _, _ e.e: some(where (p_eft == allow)) m.m: g(r_sub, p_sub) && g2(r_obj, p_obj) && regexMatch(r_act, p_act) Role links for: g [object Map] Role links for: g2 [object Map] Request: bob, /book/1, GET ---> false Model: r.r: sub, obj, act p.p: sub, obj, act g.g: _, _ g.g2: _, _ e.e: some(where (p_eft == allow)) m.m: g(r_sub, p_sub) && g2(r_obj, p_obj) && regexMatch(r_act, p_act) Role links for: g [object Map] Role links for: g2 [object Map] Request: alice, /pen/1, GET ---> true Model: r.r: sub, obj, act p.p: sub, obj, act g.g: _, _ g.g2: _, _ e.e: some(where (p_eft == allow)) m.m: g(r_sub, p_sub) && g2(r_obj, p_obj) && regexMatch(r_act, p_act) Role links for: g [object Map] Role links for: g2 [object Map] Request: bob, /pen/1, GET ---> false ```
So, is this an actual issue that I’m facing or have I made a mistake somewhere?
Best regards, R
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@karatekaneen Thanks for your report! One thing to note is
Custom Configon Casbin Editor.Custom Config
Here we configure matching for
g, you missed it. I will continue to improve the Casbin Editor!Here is the test code for node-casbin: https://github.com/casbin/node-casbin/blob/master/test/model.test.ts#L304
@karatekaneen We welcome anyone to contribute!