Closed selfuppen closed 1 year ago
@tangyang9464 @imp2002
OK, I finally make it out. The correct Model is
[request_definition]
r = sub, dom, obj, act
[policy_definition]
p = sub, dom, obj, act
[role_definition]
g = _, _, _
g2 = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub, r.dom) && g2(r.obj, p.obj) && r.dom == p.dom && r.act == p.act
So, If there is nothing wrong , I would love to propose an rbac_with_resource_roles_and_domain example PR.
@selfuppen PR is welcome!
I want to use the Rbac with domain combining with resource roles model, but there is no examples or documents.
My case is below: rbac_with_resource_roles_and_domain_policy.csv
Tests
rbac_with_resource_roles_and_domain_model.conf
My question is how can I define my model (especially the [matchers]).
When I found some similar cases ,but I'm even more confused: the class
src/test/java/org/casbin/jcasbin/main/GroupRoleManagerTest.java
use group_with_domain_model ,but the test seems to be the opposite completely. In my humble opinion, the requesttestDomainEnforce(e, "alice", "domain1", "data1", "read", false);
should not be true rather than false?request in GroupRoleManagerTest.java:
group_with_domain_model.csv
group_with_domain_model.conf
Tell me if you need more information. Thank you!