-
-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RBAC with domain and domain pattern returns invalid results #147
Labels
bug
Something isn't working
Comments
Nalweakette
pushed a commit
to bbouchezitroom/php-casbin
that referenced
this issue
Nov 20, 2023
Nalweakette
pushed a commit
to bbouchezitroom/php-casbin
that referenced
this issue
Nov 20, 2023
removed spaces in policy file added missing space at end of file
Nalweakette
pushed a commit
to bbouchezitroom/php-casbin
that referenced
this issue
Nov 20, 2023
added missing space at end of file
Nalweakette
pushed a commit
to bbouchezitroom/php-casbin
that referenced
this issue
Nov 20, 2023
added missing space at end of file
Nalweakette
pushed a commit
to bbouchezitroom/php-casbin
that referenced
this issue
Nov 20, 2023
added yield to unit test
Nalweakette
pushed a commit
to bbouchezitroom/php-casbin
that referenced
this issue
Nov 20, 2023
added missing eol
@Nalweakette
|
Closed as resolved |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When using model with keymatch, the role manager doesn't create links like it is supposed to do, giving invalid enforce result. RoleManager used to work when it was a "clone" of the node.js version, but broke when it was reworked on this commit a409154
Also note that now buildRoleLinks() must be called to have some "good" results
How to reproduce:
======================================================================
model.conf
[request_definition]
r = sub, dom, obj, act
[policy_definition]
p = sub, dom, obj, act
[role_definition]
g = _, _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub, r.dom) && keyMatch(r.dom, p.dom) && r.obj == p.obj && r.act == p.act
======================================================================
policies.csv
p,perm1,,data1,read
p,perm2,,data1,write
p,perm3,,data2,read
p,perm4,,data2,write
g,adminrole,perm1,*
g,adminrole,perm2,*
g,adminrole,perm3,*
g,adminrole,perm4,*
g,readerrole,perm1,*
g,readerrole,perm3,*
g,admingroup, adminrole, *
g,readergroup, readerrole, *
g,usergroup4, readergroup, domain4
g,usergroup4, perm4, domain4
g,alice,admingroup,domain1
g,alice,readergroup,domain2
g,alice,readergroup,domain4
======================================================================
result tests in https://casbin.org/editor/
alice, domain1, data1, read => true
alice, domain1, data1, write => true
alice, domain1, data2, read => true
alice, domain1, data2, write => true
bob, domain1, data2, write => false
alice, domain2, data1, read => true
alice, domain2, data1, write => false
alice, domain2, data2, read => true
alice, domain2, data2, write => false
alice, domain3, data1, read => false
alice, domain3, data1, write => false
alice, domain3, data2, read => false
alice, domain3, data2, write => false
alice, domain4, data1, write => false
alice, domain4, data1, read => true
alice, domain4, data2, read => true
alice, domain4, data2, write => true
======================================================================
end to end to in EnforcerTest.php
======================================================================
Results are all true, or all false. They doesn't match online editor
The text was updated successfully, but these errors were encountered: