hsluoyz
commented
7 months ago @bartventer
Closed leson closed 7 months ago
hsluoyz
commented
7 months ago @bartventer
leson
commented
7 months ago supplement my situation as below: i have tested with on-prem mongodb refer to the example code of mongodb.
from the example of mongodb , there let us to provide "examples/rbac_model.conf"
may i know where the file examples/rbac_policy.csv using for ?
bartventer
commented
7 months ago The rbac_policy.csv file is used in the unit tests of this repository, specifically in the adapter_test.go file. It's used to initialize the policy for the Casbin enforcer in the tests. This file is not used in the example code provided in the README.
If you're not seeing any Casbin rules created in your MongoDB collection after running the example code, it could be due to an error in the code or the configuration. To verify if the operation was successful, you can check the MongoDB collection directly using a MongoDB client. If the rules were created successfully, you should see them in the collection.
To help diagnose the issue, could you please provide some logs or error messages you're seeing when running the code? Additionally, a minimal reproducible example of the code you're running would be very helpful.
leson
commented
7 months ago The
rbac_policy.csvfile is used in the unit tests of this repository, specifically in theadapter_test.gofile. It's used to initialize the policy for the Casbin enforcer in the tests. This file is not used in the example code provided in the README.If you're not seeing any Casbin rules created in your MongoDB collection after running the example code, it could be due to an error in the code or the configuration. To verify if the operation was successful, you can check the MongoDB collection directly using a MongoDB client. If the rules were created successfully, you should see them in the collection.
To help diagnose the issue, could you please provide some logs or error messages you're seeing when running the code? Additionally, a minimal reproducible example of the code you're running would be very helpful.
Thanks for your assist. let me supplement my sample code and testing log below:
package mongod
import (
"context"
"fmt"
"os"
"testing"
cloudadapter "github.com/bartventer/casbin-go-cloud-adapter"
// Enable MongoDB driver
_ "github.com/bartventer/casbin-go-cloud-adapter/drivers/mongodocstore"
"github.com/casbin/casbin/v2"
)
func TestCasbinAdaptorMongo(t *testing.T) {
// Set the MONGO_SERVER_URL environment variable to the MongoDB connection string.
os.Setenv("MONGO_SERVER_URL", "mongodb://root:root@172.19.0.3:27017/") //root:root@
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
url := "mongo://casbin_test/casbin_rule?id_field=id"
a, err := cloudadapter.New(ctx, url)
if err != nil {
panic(err)
}
e, err := casbin.NewEnforcer("../rbac_model.conf", a)
if err != nil {
panic(err)
}
// Load the policy from DB.
e.LoadPolicy()
// Check the permission.
hasPerm, _ := e.Enforce("alice", "data1", "read")
fmt.Println("==> has permission:", hasPerm)
// Modify the policy.
// e.AddPolicy(...)
// e.RemovePolicy(...)
// Save the policy back to DB.
e.SavePolicy()
}
go test -v ./casbin/mongo/...=== RUN TestCasbinAdaptorMongo
==> has permission: false
--- PASS: TestCasbinAdaptorMongo (0.02s)
PASS
ok github.com/leson/gin_poc/casbin/mongo 0.025sCould you help review where i do something wrong ? Many Thanks! Leson
bartventer
commented
7 months ago From the provided test and output, it appears that everything is working as expected. The Enforce function is returning false because there is no policy that grants "alice" the permission to "read" "data1".
If you want "alice" to have this permission, you need to add a policy that grants it. Here's how you can do it:
e.AddPolicy("alice", "data1", "read")Then, when you call Enforce with the same parameters, it should return true
To illustrate this, I've modified your test to first assert that "alice" does not have read access to "data1", then add a policy that grants this access, and finally assert that "alice" now has the required access. Here's the modified test:
package examples
import (
"context"
"os"
"testing"
cloudadapter "github.com/bartventer/casbin-go-cloud-adapter"
// Enable MongoDB driver
_ "github.com/bartventer/casbin-go-cloud-adapter/drivers/mongodocstore"
"github.com/casbin/casbin/v2"
"github.com/casbin/casbin/v2/model"
)
const rbacModel = `
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
`
const mongoServerURL = "mongodb://localhost:27017"
func TestCasbinAdaptorMongo(t *testing.T) {
os.Setenv("MONGO_SERVER_URL", mongoServerURL)
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
url := "mongo://casbin_test/casbin_rule?id_field=id"
a, err := cloudadapter.New(ctx, url)
if err != nil {
t.Fatal(err)
}
m, _ := model.NewModelFromString(rbacModel)
e, err := casbin.NewEnforcer(m, a)
if err != nil {
t.Fatal(err)
}
// Load the policy from DB.
e.LoadPolicy()
// Check the permission.
hasPerm, err := e.Enforce("alice", "data1", "read")
if err != nil {
t.Fatal(err)
}
if hasPerm {
t.Fatal("Alice should not have read access to data1")
}
// Add a policy.
e.AddPolicy("alice", "data1", "read")
// Save the policy back to DB.
e.SavePolicy()
// Check the permission again.
hasPerm, err = e.Enforce("alice", "data1", "read")
if err != nil {
t.Fatal(err)
}
if !hasPerm {
t.Fatal("Alice should have read access to data1 after the policy is added")
}
// Remove the policy.
e.RemovePolicy("alice", "data1", "read")
}
From the provided test and output, it appears that everything is working as expected. The
Enforcefunction is returningfalsebecause there is no policy that grants "alice" the permission to "read" "data1".If you want "alice" to have this permission, you need to add a policy that grants it. Here's how you can do it:
e.AddPolicy("alice", "data1", "read")Then, when you call
Enforcewith the same parameters, it should returntrueTo illustrate this, I've modified your test to first assert that "alice" does not have read access to "data1", then add a policy that grants this access, and finally assert that "alice" now has the required access. Here's the modified test:
package examples import ( "context" "os" "testing" cloudadapter "github.com/bartventer/casbin-go-cloud-adapter" // Enable MongoDB driver _ "github.com/bartventer/casbin-go-cloud-adapter/drivers/mongodocstore" "github.com/casbin/casbin/v2" "github.com/casbin/casbin/v2/model" ) const rbacModel = ` [request_definition] r = sub, obj, act [policy_definition] p = sub, obj, act [role_definition] g = _, _ [policy_effect] e = some(where (p.eft == allow)) [matchers] m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act ` const mongoServerURL = "mongodb://localhost:27017" func TestCasbinAdaptorMongo(t *testing.T) { os.Setenv("MONGO_SERVER_URL", mongoServerURL) ctx, cancel := context.WithCancel(context.Background()) defer cancel() url := "mongo://casbin_test/casbin_rule?id_field=id" a, err := cloudadapter.New(ctx, url) if err != nil { t.Fatal(err) } m, _ := model.NewModelFromString(rbacModel) e, err := casbin.NewEnforcer(m, a) if err != nil { t.Fatal(err) } // Load the policy from DB. e.LoadPolicy() // Check the permission. hasPerm, err := e.Enforce("alice", "data1", "read") if err != nil { t.Fatal(err) } if hasPerm { t.Fatal("Alice should not have read access to data1") } // Add a policy. e.AddPolicy("alice", "data1", "read") // Save the policy back to DB. e.SavePolicy() // Check the permission again. hasPerm, err = e.Enforce("alice", "data1", "read") if err != nil { t.Fatal(err) } if !hasPerm { t.Fatal("Alice should have read access to data1 after the policy is added") } // Remove the policy. e.RemovePolicy("alice", "data1", "read") }
Cool, Thanks for your help, it's worked now :)
leson
commented
7 months ago Close this query
no any impact or casbin rules be create to mongo db collection.
how can i know that successed or not after code executed successful.