regexMatch, Domain (Tenant) and Group models not giving expected results

[wndrr101]

Hello @will7200 ,

Just awesome idea to have such plugin in IDEA. Unfortunately, it seems not quite well functioning.

Casbin policy:

p, alice, domain1, /foo/bar/.+/.+baz.+, GET, allow
p, alice, domain1, /foo/bar/.+/baz$, GET, deny
p, alice, domain1, /foo/bar/.+, GET, allow
p, alice, domain1, /foo/bar.+, GET, deny
p, alice, domain1, /foo/bar$, GET, allow
p, alice, 10.10.10.10, /foo/.+, GET, allow
p, alice, 10.10.10.10, /foo.+, GET, deny
p, alice, domain1, /foo/.+, GET, deny
p, alice, domain1, /foo.+, GET, deny
p, data2_admin, domain1, /foo$, GET, allow
p, alice, domain1, /foo$, GET, deny
p, root, domain1, /foo$, GET, deny
p, alice, domain1, /.+, GET, deny

g, alice, data2_admin, domain1
g, bob, root, domain1

Casbin model:

[request_definition]
r = sub, dom, obj, act

[policy_definition]
p = sub, dom, obj, act, eft

[role_definition]
g = _, _, _

[policy_effect]
e = priority(p.eft) || deny

[matchers]
m = (((r.sub == p.sub) || g(r.sub, p.sub, r.dom)) && r.dom == p.dom && c(r.obj, p.obj) && regexMatch(r.act, p.act)) || (g(r.sub, "root", p.dom) || r.sub == "admin")

Test requests

alice, domain1, /zed, GET
alice, domain1, /zed, POST

alice, domain-10050, /foo, GET
alice, domain1, /foo, GET
data2_admin, domain1, /foo, GET
alice, domain1, /foo-bar, GET
alice, domain1, /foo/zed, GET
alice, domain1, /foo/bar, GET
alice, domain1, /foo/bar-zed, GET
alice, domain1, /foo/bar/zed, GET

alice, domain1, /foo/bar/*/baz-q, GET
alice, domain1, /foo/bar/zed/baz, GET

alice, domain1, /foo/bar/*/*baz*, GET
alice, domain1, /foo/bar/zed/aaa-baz=val, GET

alice, 10.10.10.10, /foo, GET
alice, 10.10.10.10, /foo/bar, GET

root, *, *, *
root, *, *, GET
root, *, *, POST
root, *, *, PUT
root, *, /foo/bar/zed/baz, *
root, *, /foo/bar/zed/aaa-baz=val, *

bob, domain1, /foo, POST
bob, domain1, /foo$, GET
bob, domain1, /foo/bar/baz, GET
bob, domain2, /foo, PUT
bob, domain2, /foo, GET
bob1, domain1, /foo, GET
admin, domain1, /foo-bar, GET
admin, domain10500, /cert, GET

If we'll feed Casbin Editor (https://casbin.org/en/editor) with same input, result from both would not be the same.

[wndrr101]

Also it would be nice to have left pane movable, so policy and model filenames could be read easily in case of long paths. And "tabs", please (compare results of different models for example)?

[will7200]

Thank you for reporting the issue.

1. Investigate the inconsistent results between the plugin vs the casbin editor. There might be a bug in the java implementation of casbin

I will add for release v0.2.0

1. Left Pane being movable
2. Add Tabs for different models

[hsluoyz]

Hi, can you report the bug as an GitHub issue to jCasbin: https://github.com/casbin/jcasbin ?

[will7200]

@wndrr101 Are you still experiencing this issue? This issue may have been caused with the casbin enforcer not being reloaded when the model definition changes.

[wndrr101]

Hi @will7200,

Sorry for not reposting it to jcasbin - been busy a bit and also not sure if I'm eligible to flood with my issue. So, I did not used your plugin since encountered first error. Just read Implementation doesn't match Online Editor Results casbin/jcasbin#108, it seems that jcasbin works fine itself. But how can I retest it in IntelliJ since there is no updated version of plugin?

Thanks.

p.s. btw, 5k downloads - congrats

[will7200]

@wndrr101 I released an alpha version that corrects the behavior of reloading the Casbin enforcer on file changes. Download the zip from this release.

Install from disk and see if that fixes the issue that you are experiencing. Instructions

Thanks for testing it out.

[will7200]

released new version to Jetbrains market place. Please reopen if issue persists.