Building role links when domain matching function is set seems to result in some faulty links being created that can lead to unintended/unexpected privileges being granted.
Model:
# The exact model is not important, as the problem seems to lie in resolving g(r.sub, p.sub, r.dom)
[request_definition]
r = sub, dom, obj, act
[policy_definition]
p = sub, dom, obj, act
[role_definition]
g = _, _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.obj == p.obj && r.act == p.act && g(r.sub, p.sub, r.dom)
Building role links when domain matching function is set seems to result in some faulty links being created that can lead to unintended/unexpected privileges being granted.
Model:
Policy:
Result:
For reference, the online editor returns false as would seem logical: https://editor.casbin.org/#6AJX758PB
As far as I understand, the issue lies in the AddLink method of DefaultRoleManager. What happens when the role links are built step-by-step:
The current implementation also results in inconsistent linking based on the order roles are assigned:
If we swap the two role assignments:
What happens: