I am using basic_model.conf and basic_policy.csv as follows.
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
p, alice, data1, read
p, bob, data2, write
Backend service is defined as follows.
app.get('/api/casbin', async (req, res) => {
// Get the user identity from URL.
const user = String(req.query["casbin_subject"]);
console.log(user)
const enforcer = await newEnforcer('/path/to/basic_model.conf', '/path/to/basic_policy.csv');
const ne = await casbinJsGetPermissionForUser(enforcer,user)
// Return the response to the client-side.
await res.status(200).json({
message: 'ok',
data: ne
})
})
In my react application, I uses
async componentDidMount () {
const authorizer = new casbinjs.Authorizer('auto', {endpoint: 'http://localhost:3000/api/casbin'});
await authorizer.setUser("alice");
let me = await authorizer.can("read", "data1")
console.log(me) // this gives false which is incorrect
}
For user alice can read data1 according to the model. However, authorizer.can("read", "data1") returns false which is incorrect.
I am using basic_model.conf and basic_policy.csv as follows.
Backend service is defined as follows.
In my react application, I uses
For user alice can read data1 according to the model. However,
authorizer.can("read", "data1")
returnsfalse
which is incorrect.