Closed doctormacky closed 2 years ago
@tangyang9464 @seriouszyx @elfisworking @fangzhengjin
Anyone here can help ? This really impact our project.
I wrote a unit test as below and encountered no problems. Is there any inconsistency between this test and your situation?
Model:
[request_definition]
r = sub, dom, obj, act
[policy_definition]
p = sub, dom, obj, act
[role_definition]
g = _,_
g2 = _, _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = (g(r.sub, p.sub) || g2(r.sub, p.sub, r.dom)) && regexMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
Policy:
g2, super_inventory_admin, inventory_admin, SOS
g2, super_compliance_admin, compliance_admin, SOS
g2, super_inventory_admin, inventory_admin, ARMADA:ace
g2, super_compliance_admin, compliance_admin, ARMADA:ace
g2, macky, inventory_admin, SOS
Test:
public class IssueTest {
@Test
public void testIssue251() {
Enforcer e = new Enforcer("examples/issue251.conf", "examples/issue251.csv");
System.out.println(e.getNamedGroupingPolicy("g2"));
System.out.println(e.getGroupingPolicy());
e.addGroupingPolicy("macky", "super_compliance_admin");
System.out.println(e.getNamedGroupingPolicy("g2"));
System.out.println(e.getGroupingPolicy());
}
}
output:
[[super_inventory_admin, inventory_admin, SOS], [super_compliance_admin, compliance_admin, SOS], [super_inventory_admin, inventory_admin, ARMADA:ace], [super_compliance_admin, compliance_admin, ARMADA:ace], [macky, inventory_admin, SOS]]
[]
[[super_inventory_admin, inventory_admin, SOS], [super_compliance_admin, compliance_admin, SOS], [super_inventory_admin, inventory_admin, ARMADA:ace], [super_compliance_admin, compliance_admin, ARMADA:ace], [macky, inventory_admin, SOS]]
[[macky, super_compliance_admin]]
Thanks for you quick response. Yes, there are some difference.
Another interesting case is that some new added g2 policy will show g2 xxxxx whenn I tried to print the policy by engine.getModel().printPolicy();
Like following:
2021-12-22 20:20:15.898 INFO 8666 --- [TaskScheduler-1] org.casbin.jcasbin : g2: _, _, _: [[super_inventory_admin, inventory_admin, SOS], [super_compliance_admin, compliance_admin, SOS], [super_inventory_admin, inventory_admin, ARMADA:ace], [super_compliance_admin, compliance_admin, ARMADA:ace], [g2, macky, inventory_admin, bluemix], [g2, macky, compliance_admin, ARMADA:ace], [g2, macky, compliance_admin, SOS], [macky, inventory_admin, ARMADA:ace], [macky, inventory_admin, SOS]]
Could you help help to investigate it ? thanks.
Sorry, I can not reproduce these bugs. Could you please extract a unit test so that we can position it? For example, use file storage first to determine whether the bug was caused by jCasbin or by adapter.
Sorry, I can not reproduce these bugs. Could you please extract a unit test so that we can position it? For example, use file storage first to determine whether the bug was caused by jCasbin or by adapter.
Thanks, I think the FileAdapter can not reproduce it due to some un-implemented functions in this adapter.
I believe that this issue caused by some error logic when add new g2 group policy in the group role manager.
By the way, those g2 group policy in database are showing as expected. Could you please let me know the mechanism on the adding new g2 group policy (what happen in casbin including the group role manager, model, and also the database).
Anyone Can help ? I am 100 percent sure that this is is a fatal error when using group role with domain model.
When we try to add some new g2 policies. then, those new added policies in model will show like g2 xxxxxx, we should hide g2. I would suggest you guys to drop this model before fix it. as it's a fatal error.
@sagilio
I would like to close this issue since this issue caused by a shawdow copy of the policy. sorry for the disturbe.
Issue description:
casbin will return g2 xxxxx group policy after we added a new policy and then try to load all g2 policy again.
Return following polices when call getNamedGroupingPolicy("g2") at the first time.
Step to reproduce
[policy_definition] p = sub, dom, obj, act
[roledefinition] g = , g2 = , ,
[policy_effect] e = some(where (p.eft == allow))
[matchers] m = (g(r.sub, p.sub) || g2(r.sub, p.sub, r.dom)) && regexMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
[[super_inventory_admin, inventory_admin, SOS], [super_compliance_admin, compliance_admin, SOS], [super_inventory_admin, inventory_admin, ARMADA:ace], [super_compliance_admin, compliance_admin, ARMADA:ace], [macky, inventory_admin, SOS]]
[[super_inventory_admin, inventory_admin, SOS], [super_compliance_admin, compliance_admin, SOS], [super_inventory_admin, inventory_admin, ARMADA:ace], [super_compliance_admin, compliance_admin, ARMADA:ace], [g2, macky, inventory_admin, SOS]]