casbin-bot
commented
1 year ago @sagilio @sociometry @AsakusaRinne
Closed mari3728 closed 12 months ago
casbin-bot
commented
1 year ago @sagilio @sociometry @AsakusaRinne
hsluoyz
commented
1 year ago @marifaleiros hi, we cannot reproduce your issue at: https://editor.casbin.org/#2CNB8XD9F , you can see the result is false here. Please also share your editor page
hsluoyz
commented
1 year ago @marifaleiros
Tanyuu
commented
1 year ago @marifaleiros Hi, as mentioned in the query above, the issue you raised is not reproduced in the online editor, but I have modified it to some extent, the link (https://editor.casbin.org/#7VRMT6ZLH), and I think this is the problem you are experiencing. I guess there are three problems with your code, the first one about regular expression syntax, the second one about needing to register regular matching methods with the enforcer, and the third one maybe that you forgot to add the grouping policy. The code that I think is correct is as follows, I hope it helps you.
// using System;
using NetCasbin;
using NetCasbin.Model;
// using System.Linq;
using System.Text.RegularExpressions;
// using System.Reflection;
using NetCasbin.Extensions;
using NetCasbin.Util;
// using NetCasbin.Util.Function;
public class Program
{
public static void Main()
{
var modelText = @"[request_definition]
r = sub, dom, obj, act
[policy_definition]
p = sub, dom, obj, act, eft
[role_definition]
g = _, _, _
[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
[matchers]
m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && regexMatch(r.obj, p.obj) && regexMatch(r.act, p.act)";
var casbinRules = @"
p, MyResourceName, domain-123, my-resourceId, access, allow
g, .*, Team::TeamEveryoneKey, domain-123
g, Team::TeamEveryoneKey, MyResourceName, domain-123
";
// 1 (not '*' but '.*')
var model = Model.CreateDefaultFromText(modelText);
var enforcer = new Enforcer(model);
enforcer.EnableAutoBuildRoleLinks(false);
// 2 (https://casbin.org/zh/docs/rbac-with-pattern)
enforcer.AddNamedMatchingFunc("g", BuiltInFunctions.RegexMatch);
var rules = Regex.Split(casbinRules, "\r\n|\r|\n");
var policies = rules.Where(l => l.StartsWith("p")).Select(x => x.Split(',').Skip(1).Select(y => y.Trim()).ToList()).ToList();
Console.WriteLine(string.Join(",", policies.SelectMany(p => p)));
enforcer.AddPolicies(policies);
var groups = rules.Where(l => l.StartsWith("g")).Select(x => x.Split(',').Skip(1).Select(y => y.Trim()).ToList()).ToList();
Console.WriteLine(string.Join(",", groups.SelectMany(p => p)));
Console.WriteLine(string.Join(",", groups));
// 3 (Maybe you missed it)
enforcer.AddGroupingPolicies(groups);
enforcer.BuildRoleLinks();
var result = enforcer.EnforceEx("alice", "domain-123", "my-resourceId", "access");
Console.WriteLine(result.Result);
Console.WriteLine(result.Explains.FirstOrDefault());
}
}@marifaleiros any update?
hsluoyz
commented
12 months ago Closed as stale
Hello,
I'm using latest stable Casbin.Net (version 1.13.0 as of now) and I'd like to add a rule "everyone on the domain belongs to the group". My scenario works on Casbin Editor but not on the code.
Here's my model, policies, request and code sample:
Model Node: it's an RBAC model because I already use it for RBAC
Policies:
Request
alice, domain-123, my-resourceId, accessWorks on Casbin Editor:
Sample code in C#:
Thanks in advance for the help!