Describe the bug
This is a similar bug as https://github.com/casbin/casbin/issues/1204 , but this is in java.
We are using RBAC with domain model to do authorization. And using group policy to extend one role to another.
In the casbin editor below we can see that can_manage extends can_use role in all domain, and user with can_manage role can also perform can_use action like attach.
But same logic doesn't work in casbin java lib even latest version v1.32.3
To Reproduce
model is
[request_definition]
r = sub, dom, obj, act
[policy_definition]
p = sub, dom, obj, act
[role_definition]
g = _, _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
#RBAC
m = g(r.sub, p.sub, r.dom) && keyMatch(r.dom, p.dom) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
public void setDefaultPoliciesForCasbin(DefaultPolicyModel dpm){
Enforcer e = CasbinEnforce.getInstance().getEnforcer();
e.addPolicy("can_manage", "engines/*", "*", "(pause)|(resume)");
e.addPolicy("can_use", "engines/*", "*", "(attach)|(detach)");
e.addGroupingPolicy("can_manage", "can_use", "*");
e.addGroupingPolicy("Username==test2", "can_manage", "engines/engine1");
List<String> r = e.getImplicitRolesForUser("Username==test2", "engines/engine1");
System.out.println("r " + r);
EnforceResult enforceEx = e.enforceEx("Username==test2", "engines/engine1", "*", "attach");
System.out.println(enforceEx.toString());
}
Expected behavior
implicitRoles should be can_manage and can_use and ok should be true
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
OS: [e.g. iOS]
Browser [e.g. chrome, safari]
Version [e.g. 22]
Smartphone (please complete the following information):
Device: [e.g. iPhone6]
OS: [e.g. iOS8.1]
Browser [e.g. stock browser, safari]
Version [e.g. 22]
Additional context
Add any other context about the problem here.
Describe the bug This is a similar bug as https://github.com/casbin/casbin/issues/1204 , but this is in java. We are using RBAC with domain model to do authorization. And using group policy to extend one role to another.
In the casbin editor below we can see that can_manage extends can_use role in all domain, and user with can_manage role can also perform can_use action like attach.
https://editor.casbin.org/#DQV237WAL
But same logic doesn't work in casbin java lib even latest version v1.32.3
To Reproduce
Expected behavior implicitRoles should be can_manage and can_use and ok should be true
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
OS: [e.g. iOS] Browser [e.g. chrome, safari] Version [e.g. 22] Smartphone (please complete the following information):
Device: [e.g. iPhone6] OS: [e.g. iOS8.1] Browser [e.g. stock browser, safari] Version [e.g. 22] Additional context Add any other context about the problem here.