Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

add_named_matching_func not fully functional in 1.2.0

See original GitHub issue

Hi, there is some change applied in 1.2.0 which is preventing the following code and rules to run as they were in 1.1.3 The policy was working fine in 1.1.3. I believe it has something to do with “g2”, add_named_matching_func and fm functions

code:

enforcer = casbin.Enforcer("./rbac.conf", "./policy.csv")
enforcer.add_named_matching_func("g2", enforcer.fm.fm["globMatch"])

rbac.conf:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, role

[role_definition]
g  = _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g2(r.act, p.role) && (g(r.sub, p.sub) || p.sub=='*') && keyMatch(r.obj, p.obj)

policy.csv

p, root, *, owner
g, root@localhost, root
g2, *.*, owner

expected: root@localhost, /, org.create -> PASS (get a FAIL in 1.2.0)

Issue Analytics

State:
Created 2 years ago
Reactions:5
Comments:10 (6 by maintainers)

Top GitHub Comments

2reactions

Zxillycommented, Jun 29, 2021

I have located the problem. It was because role manager will use the first gRule hit by matching_func to judge the link between the roles. In this example, it’s *.create and org.create, it hit rule g2, *.update, admin, admin is not owner and g2() return false immediately. I will later fix this.

1reaction

natbusacommented, Jun 29, 2021

@Zxilly you can add to the unittests . Many thanks for locating the problem!