search

node-casbin / sequelize-adapter

Sequelize adapter for Casbin
https://github.com/casbin/node-casbin
Apache License 2.0
64 stars 34 forks source link

Unable to verify policy #42

Closed Tapas059 closed 3 years ago

Tapas059 commented 3 years ago

Hi All , I am trying to integrate casbin . Data is getting saved in DB using addPolicy

When i try to access data : await e.enforce("alice", "data1", "read"); i am getting false Can anyone help me with this ?

hsluoyz commented 3 years ago

Hi @Tapas059 , plz:

  1. Post your model here, better with policy CSV file here instead of DB screenshot.
  2. Try it first at: https://casbin.org/en/editor
Tapas059 commented 3 years ago

Please find the below model .csv data :

p, 10, data1_deny_group, data1, read, deny p, 10, data1_deny_group, data1, write, deny p, 10, data2_allow_group, data2, read, allow p, 10, data2_allow_group, data2, write, allow

p, 1, alice, data1, write, allow p, 1, alice, data1, read, allow p, 1, bob, data2, read, allow

g, bob, data2_allow_group g, alice, data1_deny_group

model :

[request_definition] r = sub, obj, act

[policy_definition] p = priority, sub, obj, act, eft

[roledefinition] g = , _

[policy_effect] e = priority(p.eft) || deny

[matchers] m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

hsluoyz commented 3 years ago

@Zxilly @MRGUOKING

MRGUOKING commented 3 years ago

@Tapas059 I get true in https://casbin.org/en/editor and my node-test file, can you give your node file to me ? image image

Tapas059 commented 3 years ago

Thank you @MRGUOKING for looking into it.

Yeah , In policy editor and when we use .csv file then it work fine . But Instead of policies.csv file . if i store policies inside MySQL DB . I am getting false all the time . I am saving data as below , e.addPolicy("p", 10, "data1_deny_group", "data1", "read", "deny") e.addPolicy("p", 10, "data1_deny_group", "data1", "write", "deny") e.addPolicy("p", 10, "data2_allow_group", "data2", "read", "allow") e.addPolicy("p", 10, "data2_allow_group", "data2", "write", "allow")

    e.addPolicy("p", 1, "alice", "data1", "write", "allow")
      e.addPolicy("p", 1, "alice", "data1", "read", "allow")
        e.addPolicy("p", 1, "bob", "data2", "read", "allow")

          e.addPolicy("g", "bob", "data2_allow_group")
            e.addPolicy("g", "alice", "data1_deny_group")

table looks like above . But Polices are not getting verified from MySQL ,

Instead of //const enforcer = await newEnforcer('./basic_model.conf', './basic_data.csv'); in place of './basic_data.csv : I am using DB connection In next step , I am verifying data coming from request as below,

const res = await e.enforce(req.name, request.data, request.action); // Input as : "alice", "data1", "read"

when i print res ----> I am getting false

hsluoyz commented 3 years ago

@Tapas059 the 1st arg: "p" is not needed.

MRGUOKING commented 3 years ago

@Tapas059 you can save data like 

  await e.addPolicy(  "data1_deny_group", "data1", "read", "deny")
  await e.addPolicy( "10", "data1_deny_group", "data1", "write", "deny")
  await e.addPolicy( "10", "data2_allow_group", "data2", "read", "allow")
  await e.addPolicy( "10", "data2_allow_group", "data2", "write", "allow")
  await e.addPolicy( "1", "alice", "data1", "write", "allow")
  await e.addPolicy( "1", "alice", "data1", "read", "allow")

  await e.addPolicy("p", "1", "bob", "data2", "read", "allow")

  await e.addPolicy("g", "bob", "data2_allow_group")
  await e.addPolicy("g", "alice", "data1_deny_group")

then you can get true. image

Tapas059 commented 3 years ago

Thank you so much @hsluoyz and @MRGUOKING. Now I got it .