search

pycasbin / async-sqlalchemy-adapter

Async SQLAlchemy Adapter for PyCasbin
https://github.com/casbin/pycasbin
Apache License 2.0
7 stars 6 forks source link

Inconsistent enforcement results between online editor and async-sqlalchemy-adapter #6

Closed tanasecucliciu closed 11 months ago

tanasecucliciu commented 1 year ago

I have a model that I created using the online editor. I was surprised to see that even though I used the same policies and the same requests I would get different results in the online editor vs using this adapter. In order to double check I switched the adapter for SQLAlchemy Adapter and that fixed the problem. I'm unsure if the issue is with this adapter or the asynccasbin projects it uses as a dependency.

Model:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = (g(r.sub, p.sub) && (r.obj == p.obj || p.obj == "*") && (r.act == p.act || p.act == "*")) || (r.sub == p.sub && r.obj == p.obj && r.act == p.act)

Policies:

g, 0d959490-a8bb-4ad7-9616-58f0d15eac38, admin
p, admin, *, *

Request: 0d959490-a8bb-4ad7-9616-58f0d15eac38, 0d959490-a8bb-4ad7-9616-58f0d15eac38, read

For some context, my goals with this model were:

Thanks for your time and consideration.

casbin-bot commented 1 year ago

@techoner @Nekotoxin

BustDot commented 1 year ago

I tried both in pycasbin and asynccasbin with the provided model and policies and it returns different result. It seems that it is not caused by the adapter since I didn't import it.

import casbin

e = casbin.Enforcer('examples/rbac_model.conf', 'examples/rbac_policy.csv')

sub = "0d959490-a8bb-4ad7-9616-58f0d15eac38"  # the user that wants to access a resource.
obj = "0d959490-a8bb-4ad7-9616-58f0d15eac38"  # the resource that is going to be accessed.
act = "read"  # the operation that the user performs on the resource.

if e.enforce(sub, obj, act):
    # permit alice to read data1
    print('allow')
else:
    # deny the request, show an error
    print("deny")

In pycasbin, it prints allow, but in async it prints deny.

tanasecucliciu commented 1 year ago

Thank you! In retrospect I should have tried that before posting. It doesn't seem like asynccasbin has an issue board so I don't know what to do next in regards to properly reporting this issue. I just switched to SQLAlchemy Adapter for my project. Guess this will just get closed.

hsluoyz commented 11 months ago

@BustDot can this issue be resolved after merging PR: https://github.com/pycasbin/async-sqlalchemy-adapter/pull/11 ?

BustDot commented 11 months ago

@BustDot can this issue be resolved after merging PR: #11 ?

Yes. After I test with the given model and policy, it print "allow" as expected.

mport asyncio

import casbin

e = casbin.AsyncEnforcer('tests/rbac_model.conf', 'tests/rbac_policy.csv')

sub = "0d959490-a8bb-4ad7-9616-58f0d15eac38"  # the user that wants to access a resource.
obj = "0d959490-a8bb-4ad7-9616-58f0d15eac38"  # the resource that is going to be accessed.
act = "read"  # the operation that the user performs on the resource.

async def main():
    await e.load_policy()
    if e.enforce(sub, obj, act):
        # permit alice to read data1
        print('allow')
    else:
        # deny the request, show an error
        print("deny")

asyncio.run(main())
hsluoyz commented 11 months ago

Thanks!

@tanasecucliciu plz use v1.3.0 and later: https://github.com/pycasbin/async-sqlalchemy-adapter/pull/11#issuecomment-1667151660