search

casbin / jcasbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Java
https://casbin.org
Apache License 2.0
2.4k stars 464 forks source link

addGroupingPolicy API interface bug #312

Closed mynameisny closed 2 years ago

mynameisny commented 2 years ago

When using this interface enforcer. addGroupingPolicy ("member", "group") to add user to an group, occured java.lang.NullPointerException:

dependencies pom

<dependency>
    <groupId>org.casbin</groupId>
    <artifactId>jcasbin</artifactId>
    <version>1.31.1</version>
</dependency>

<dependency>
    <groupId>org.casbin</groupId>
    <artifactId>jdbc-adapter</artifactId>
    <version>2.3.3</version>
</dependency>

model.conf

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

Application

JDBCAdapter adapter = new JDBCAdapter(driver, url, username, password);
String modelPath = "src/main/resources/cabin/model.conf";

Enforcer enforcer = new Enforcer(modelPath, adapter);

enforcer.addPolicy("admin", "/books", "READ");
boolean policy = enforcer.addGroupingPolicy("tony", "admin");  // Exception in thread "main" java.lang.NullPointerException
casbin-bot commented 2 years ago

@tangyang9464 @imp2002

imp2002 commented 2 years ago

Verified, I will fix it.

imp2002 commented 2 years ago

I took a look and found that this is not a bug, acutrally addGroupingPolicy() is a role inheritance, so in model.conf should include a [role_definition] just look like follows.

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
hsluoyz commented 2 years ago

Closed as resolved

mynameisny commented 2 years ago

Thank you very much! @hsluoyz