search

casbin / casbin-editor

Web-based model & policy editor for Casbin
https://editor.casbin.org
Apache License 2.0
90 stars 22 forks source link

GFunction doesn't work well on website editor #34

Closed wim-web closed 3 years ago

wim-web commented 3 years ago

I used the same model, policy, and request, but the results were different between the website editor and local code.

on website

スクリーンショット 2021-04-22 22 52 01

on local code

model.conf

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub)

policy.csv

p, admin, data1, read

g2, alice, admin

main.go

package main

import (
    "fmt"

    "github.com/casbin/casbin/v2"
)

func main() {
    e, _ := casbin.NewEnforcer("./model.conf", "./policy.csv")
    res, _ := e.Enforce("alice", "data1", "read")
    fmt.Print(res) // display false
}

go.mod

module casbin

go 1.15

require github.com/casbin/casbin/v2 v2.28.2 // indirect
hsluoyz commented 3 years ago

@wim-web I think Casbin-editor may have bug.

@Zxilly plz fix it.

Zxilly commented 3 years ago

working on this

Zxilly commented 3 years ago

@hsluoyz I believe this is different default behavior between node-casbin and golang-casbin. Plz move this to node-casbin.

nodece commented 3 years ago

@hsluoyz this is Golang-casbin issue. the alice belong to admin role, so aclice, data1, read is true.

Zxilly commented 3 years ago

@nodece He didn't use g2(r.sub, p.sub) to build role link, so g2, alice, admin should be ignored.

hsluoyz commented 3 years ago

@nodece He didn't use g2(r.sub, p.sub) to build role link, so g2, alice, admin should be ignored.

Agreed with @Zxilly

So this is still a Node-Casbin issue..

nodece commented 3 years ago

@hsluoyz @Zxilly g and g2 uses same role manager, so g == g2 and returns true. I tried to use jcasbin and node-casbin to check this model and policy, which returns true. If golang-casbin is right, we should update all code.

hsluoyz commented 3 years ago

@nodece that's right.

@Zxilly plz update Node-Casbin

Zxilly commented 3 years ago

@nodece We have updated rm to rmMap, now every group has its own role manager. This is meant to use different match function on different role.

nodece commented 3 years ago

@hsluoyz I checkout go-casbin to check this issue, we need to update casbin of other program language.

@Zxilly thanks for your contribution :)

hsluoyz commented 3 years ago

@nodece plz update the editor version.