Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ABAC eval not working with empty dict

See original GitHub issue

Model:

[request_definition]
r = sub, obj, type, act 

[policy_definition]
p = rule, type, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = eval(p.rule) && r.type == p.type && r.act == p.act

Policy:

p, r.sub.admin == True, user, delete
p, r.sub.identifier == r.obj.identifier, user, read

When attempting to eval the following:

abac_enforcer = casbin.Enforcer(
    str(file_path(...)), str(file_path(...))

if abac_enforcer.enforce({"admin": False}, {}, "user", "delete"):
        return True

Raises the following:

/simpleeval.py", line 481, in _eval_attribute
    raise AttributeDoesNotExist(node.attr, self.expr)
simpleeval.AttributeDoesNotExist: ('identifier', '(r_sub.identifier == r_obj.identifier) and r_type == p_type and r_act == p_act')

I attempted this within the online editor and it works fine. Sorry if I’m missing something. New PyCasbin user here!

Issue Analytics

State:
Created 2 years ago
Comments:20 (13 by maintainers)

Top GitHub Comments

1reaction

ffyuandacommented, Aug 6, 2021

@killswitch-GUI I don’t quite suggest change PyCasbin or simpleeval. You should instead follow the “object all the way down” logic when you use A(ttribute)BAC. And BTW this is working simply because you set

user_1 = User(admin=True)

It evaluates the first line in policy and turns out to be True and ignored the second line 😃

1reaction

ffyuandacommented, Aug 6, 2021

I’m checking the issue…

Top Results From Across the Web

eval function doesnt turn dict-like string into dict?

1. the message shows the error, the string is not valid. · Try to remove the "\"" around taglist. – Andrej Kesely ·...

Attribute Based Access Control - NCCoE

Attribute based access control (ABAC) is an advanced method for managing access rights for people and systems connecting to networks and assets.

Symbol API — mxnet documentation

The Symbol API, defined in the symbol (or simply sym ) package, provides neural network graphs and auto-differentiation. A symbol represents a multi-output ......

Programming in Standard ML

This book is an introduction to programming with the Standard ML pro- gramming language. It began life as a set of lecture notes...

Data types - Fauna Documentation

Scalar types; Boolean; Null; Number; String; Literal; Array; Object ... Null is a special marker used to indicate that a data value does...