Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ABAC eval not working with empty dict

See original GitHub issue


r = sub, obj, type, act 

p = rule, type, act

e = some(where (p.eft == allow))

m = eval(p.rule) && r.type == p.type && r.act == p.act


p, r.sub.admin == True, user, delete
p, r.sub.identifier == r.obj.identifier, user, read

When attempting to eval the following:

abac_enforcer = casbin.Enforcer(
    str(file_path(...)), str(file_path(...))

if abac_enforcer.enforce({"admin": False}, {}, "user", "delete"):
        return True

Raises the following:

/", line 481, in _eval_attribute
    raise AttributeDoesNotExist(node.attr, self.expr)
simpleeval.AttributeDoesNotExist: ('identifier', '(r_sub.identifier == r_obj.identifier) and r_type == p_type and r_act == p_act')

I attempted this within the online editor and it works fine. Sorry if I’m missing something. New PyCasbin user here!

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:20 (13 by maintainers)

github_iconTop GitHub Comments

ffyuandacommented, Aug 6, 2021

@killswitch-GUI I don’t quite suggest change PyCasbin or simpleeval. You should instead follow the “object all the way down” logic when you use A(ttribute)BAC. And BTW image this is working simply because you set

user_1 = User(admin=True)

It evaluates the first line in policy and turns out to be True and ignored the second line 😃

ffyuandacommented, Aug 6, 2021

I’m checking the issue…

Read more comments on GitHub >

github_iconTop Results From Across the Web

eval function doesnt turn dict-like string into dict?
1. the message shows the error, the string is not valid. · Try to remove the "\"" around taglist. – Andrej Kesely ·...
Read more >
Attribute Based Access Control - NCCoE
Attribute based access control (ABAC) is an advanced method for managing access rights for people and systems connecting to networks and assets.
Read more >
Symbol API — mxnet documentation
The Symbol API, defined in the symbol (or simply sym ) package, provides neural network graphs and auto-differentiation. A symbol represents a multi-output ......
Read more >
Programming in Standard ML
This book is an introduction to programming with the Standard ML pro- gramming language. It began life as a set of lecture notes...
Read more >
Data types - Fauna Documentation
Scalar types; Boolean; Null; Number; String; Literal; Array; Object ... Null is a special marker used to indicate that a data value does...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found