[Question] Handle to handle policy_definition has more than 6 items

longsunli commented 1 year ago

Want to prioritize this issue? Try:

What's your scenario? What do you want to achieve? Your answer here

Your model:

[request_definition]
r = sub, dom,obj, act

[policy_definition]
p = id, name, status, sub, dom, obj, act, eft, metadata

[role_definition]
g = _, _,_

[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))

[matchers]
m = g(r.sub, p.sub, r.dom) && p.status == "enable" && keyMatch(r.dom, p.dom) && regexMatch(r.obj, p.obj) && regexMatch(r.act, p.act)

Your policy:

p,1,name1,enable,Username==Mickey,cats/customer,S1/*,(select)|(insert),allow
p,2,name1,disable,Username==Mickey,cats/customer,S1/*,insert,deny

Your request(s):

alice, data2, read ---> false (expected: true)
Username==Mickey, cats/customer,S1/SHARED_ADDRESS/*,select ---> true (expected: true)
Username==Mickey, cats/customer,S2/SHARED_ADDRESS/*,select ---> false (expected: false)

We are using adapter github.com/casbin/gorm-adapter/v3, but looks like adapter only support v0 to v5 https://github.com/casbin/gorm-adapter/blob/master/adapter.go#L46-L53

Is there any suggestion about this? Can we extends column numbers or we have to combine policy column? If we combine them to 6 columns, will have trouble to do the filtering and need to implement some custom functions.

casbin-bot commented 1 year ago

@tangyang9464 @JalinWang

PokIsemaine commented 1 year ago

Hi, @longsunli You might consider modifying or writing a new adapter yourself

casbin-bot commented 1 year ago

@tangyang9464 @JalinWang @imp2002

hsluoyz commented 1 year ago

Closed as resolved

casbin / gorm-adapter

[Question] Handle to handle policy_definition has more than 6 items #212