search

casbin / Casbin.NET

An authorization library that supports access control models like ACL, RBAC, ABAC in .NET (C#)
https://casbin.org
Apache License 2.0
1.16k stars 111 forks source link

Result is not matched to the editor in golang program when using RBAC with domain and pattern #202

Closed sagilio closed 3 years ago

sagilio commented 3 years ago

I had tried in another two languages, nodejs and dotnet. The results are different either.

dotnet code:

 class Program
 {
     static void Main(string[] args)
     {
         var e = new Enforcer("model.conf", "policy.csv");
         var rm = new DefaultRoleManager(10);
         rm.AddDomainMatchingFunc((arg1, arg2) => BuiltInFunctions.KeyMatch(arg1, arg2));
         e.SetRoleManager(rm)
         Console.WriteLine($"Enforce: user||1, tenant||1, menu||2, *"); 
         var result = e.Enforce("user||1", "tenant||2", "menu||2", "*");
         Console.WriteLine($"Result:{result}")
         Console.WriteLine($"Enforce: user||1, tenant||2, menu||2, *");
         result = e.Enforce("user||1", "tenant||1", "menu||2", "*");
         Console.WriteLine($"Result:{result}");
     }
 }

// Output:
//Enforce: user||1, tenant||1, menu||2, *
//Result:True
//Enforce: user||1, tenant||2, menu||2, *
//Result:True --> Should be False

nodejs code:

import { newEnforcer, DefaultRoleManager, Util } from 'casbin'

async function main() {
        const enforcer = await newEnforcer('model.conf', 'policy.csv');
        const rm = enforcer.getRoleManager() as DefaultRoleManager;
        await rm.addDomainMatchingFunc(Util.keyMatchFunc);

        console.log('user||1, tenant||1, menu||2, *')
        const res1 = await enforcer.enforce('user||1', 'tenant||1', 'menu||2','*');
        console.log(res1);

        console.log('user||1, tenant||2, menu||2, *')
        const res2 = await enforcer.enforce('user||1', 'tenant||2', 'menu||2','*');
        console.log(res2);
        return "ok";
}

main().then(console.log).catch(console.error);

// Output
//user||1, tenant||1, menu||2, *
//true --> Correct
//user||1, tenant||2, menu||2, *
//false --> Correct

The problem might be due to the different handling or result for GFunction.

Nodejs will call generateTempRoles to generate temp roles for domain, while the other two don't.

Originally posted by @ErikXu in https://github.com/casbin/casbin/issues/855#issuecomment-892512163

hsluoyz commented 3 years ago

@closetool @tangyang9464

github-actions[bot] commented 3 years ago

:tada: This issue has been resolved in version 1.11.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: