Enforcer.Enforce throws exception when model contains similar definitions

[dmolochnikov]

Hi! Here's test code that demonstrates the issue:

    [Fact]
    public void TestRbacModelInMemory2Objects()
    {
        string text =
            "[request_definition]\n"
            + "r = sub, obj, obj2, act\n"
            + "\n"
            + "[policy_definition]\n"
            + "p = sub, obj, obj2, act\n"
            + "\n"
            + "[role_definition]\n"
            + "g = _, _\n"
            + "\n"
            + "[policy_effect]\n"
            + "e = some(where (p.eft == allow))\n"
            + "\n"
            + "[matchers]\n"
            + "m = g(r.sub, p.sub) && r.obj == p.obj && r.obj2 == p.obj2 && r.act == p.act\n";

        IModel m = DefaultModel.CreateFromText(text);

        Enforcer e = new(m);

        e.AddPermissionForUser("alice", "data1", "data10", "read");
        e.AddPermissionForUser("data2_admin", "data1", "data10", "read");
        e.AddRoleForUser("alice", "data2_admin");

        TestEnforce(e, "alice", "data1", "data10", "read", true);
        TestEnforce(e, "alice", "data1", "data10", "write", false);
    }

P.S. Possible workaround is to rename definitions to be completely different (like 'abc' and 'xyz' instead of 'obj' and 'obj2')

[casbin-bot]

@sagilio @sociometry @AsakusaRinne

[hsluoyz]

@dmolochnikov can you paste your error stack about the exception? Also can you try if the online editor has similar issue? https://casbin.org/editor

[sagilio]

Thank you for the feedback, the reason is an error transform logic here when the value definitions are too similar. I will try to fix this later. https://github.com/casbin/Casbin.NET/blob/2d721e6c8513a905bce997da86b07f7eba945ec7/Casbin/EnforceView.cs#L137-L147