Results for "RBAC with pattern" differ from Casbin editor
See original GitHub issueHi, I’m totally new at this and there’s a high probability that I’ve just missed somehting basic to get this to work. BUT, when I run the same model/policy in the Casbin Editor and node I get different results.
Versions used:
- casbin: 5.2.0
- typescript: 4.0.5
- node: 14
The model I used was the “RBAC with pattern” example from this repo:
Model
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
g2 = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && g2(r.obj, p.obj) && regexMatch(r.act, p.act)
I used the example policy as well:
Policy
p, alice, /pen/1, GET
p, alice, /pen2/1, GET
p, book_admin, book_group, GET
p, pen_admin, pen_group, GET
g, alice, book_admin
g, bob, pen_admin
g, /book/*, book_group
g, cathy, /book/1/2/3/4/5
g, cathy, pen_admin
g2, /book/:id, book_group
g2, /pen/:id, pen_group
g2, /book2/{id}, book_group
g2, /pen2/{id}, pen_group
</details
My source code is not anything special:
export const check = async (userId: string, resource: string, action: string): Promise<boolean> => {
const e = await newEnforcer('./src/auth/model.conf', './src/auth/policy.csv')
e.enableLog(true)
const permission = await e.enforce(userId, resource, action)
return permission
}
const run = async () => {
const a1 = await check('alice', '/book/1', 'GET')
const a2 = await check('bob', '/book/1', 'GET')
const a3 = await check('alice', '/pen/1', 'GET')
const a4 = await check('bob', '/pen/1', 'GET')
}
run()
In the Casbin Editor I get the following results:
alice, /book/1, GET --> true
bob, /book/1, GET --> false
alice, /pen/1, GET --> true
bob, /pen/1, GET --> true
But in node I get the following:
Request: alice, /book/1, GET ---> false
Request: bob, /book/1, GET ---> false
Request: alice, /pen/1, GET ---> true
Request: bob, /pen/1, GET ---> false
Full log output
```ini Request: alice, /book/1, GET ---> false Model: r.r: sub, obj, act p.p: sub, obj, act g.g: _, _ g.g2: _, _ e.e: some(where (p_eft == allow)) m.m: g(r_sub, p_sub) && g2(r_obj, p_obj) && regexMatch(r_act, p_act) Role links for: g [object Map] Role links for: g2 [object Map] Request: bob, /book/1, GET ---> false Model: r.r: sub, obj, act p.p: sub, obj, act g.g: _, _ g.g2: _, _ e.e: some(where (p_eft == allow)) m.m: g(r_sub, p_sub) && g2(r_obj, p_obj) && regexMatch(r_act, p_act) Role links for: g [object Map] Role links for: g2 [object Map] Request: alice, /pen/1, GET ---> true Model: r.r: sub, obj, act p.p: sub, obj, act g.g: _, _ g.g2: _, _ e.e: some(where (p_eft == allow)) m.m: g(r_sub, p_sub) && g2(r_obj, p_obj) && regexMatch(r_act, p_act) Role links for: g [object Map] Role links for: g2 [object Map] Request: bob, /pen/1, GET ---> false ```
So, is this an actual issue that I’m facing or have I made a mistake somewhere?
Best regards, R
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (4 by maintainers)
Top GitHub Comments
@karatekaneen Thanks for your report! One thing to note is
Custom Config
on Casbin Editor.Custom Config
Here we configure matching for
g
, you missed it. I will continue to improve the Casbin Editor!Here is the test code for node-casbin: https://github.com/casbin/node-casbin/blob/master/test/model.test.ts#L304
@karatekaneen We welcome anyone to contribute!