fix: escape assertion bug (#394)

casbin · Oct 4, 2022 · 5a339d8 · 5a339d8
1 parent ebf68a0
commit 5a339d8
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 2 deletions.
diff --git a/examples/abac_attr_model.conf b/examples/abac_attr_model.conf
@@ -0,0 +1,11 @@
+[request_definition]
+r = sub_data, act
+
+[policy_definition]
+p = sub, act
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = r.sub_data.attr.id == p.sub && r.act == p.act
diff --git a/examples/abac_attr_policy.csv b/examples/abac_attr_policy.csv
@@ -0,0 +1,2 @@
+p, alice, read
+p, bob, write
diff --git a/src/util/util.ts b/src/util/util.ts
@@ -17,8 +17,10 @@ import * as fs from 'fs';
 // escapeAssertion escapes the dots in the assertion,
 // because the expression evaluation doesn't support such variable names.
 function escapeAssertion(s: string): string {
-  s = s.replace(/r\./g, 'r_');
-  s = s.replace(/p\./g, 'p_');
+  s = ' ' + s;
+  s = s.replace(/(?<=[\(| ])r\./g, 'r_');
+  s = s.replace(/(?<=[\(| ])p\./g, 'p_');
+  s = s.trim();
   return s;
 }
 

diff --git a/test/enforcer.test.ts b/test/enforcer.test.ts
@@ -697,3 +697,17 @@ test('TestEnforceExWithPriorityModel', async () => {
   testEnforceEx(e, 'bob', 'data2', 'read', [true, ['data2_allow_group', 'data2', 'read', 'allow']]);
   testEnforceEx(e, 'alice', 'data2', 'read', [false, []]);
 });
+
+test('TestABACAtrrModel', async () => {
+  const e = await newEnforcer('examples/abac_attr_model.conf', 'examples/abac_attr_policy.csv');
+  expect(
+    await e.enforce(
+      {
+        attr: {
+          id: 'alice',
+        },
+      },
+      'read'
+    )
+  ).toBe(true);
+});