Breaking change in expression parsing between versions 1.5.0 and 2.5.3

[vova-lantsov-dev]

I followed the migration guide but there are no documented details regarding the changes in expression parsing logic. The code that used to work on version 1.5.0 - doesn't work anymore on 2.5.3

Exception:

DynamicExpresso.Exceptions.ParseException: No property or field 'rule' exists in type 'ListRequestValues`1' (at index 2).
2024-05-09 19:43:58	
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2024-05-09 19:43:58	
   ...
   at Casbin.EnforcerExtension.Enforce[T](IEnforcer enforcer, T[] value)
2024-05-09 19:43:58	
   at Casbin.Enforcer.Enforce[TRequest](EnforceContext context, TRequest requestValues)
2024-05-09 19:43:58	
   at Casbin.Enforcer.InternalEnforce[TRequest](EnforceContext& context, TRequest& requestValues)
2024-05-09 19:43:58	
   at Casbin.Enforcer.InternalEnforce[TRequest,TPolicy](EnforceContext& context, TRequest& requestValues)
2024-05-09 19:43:58	
   at Casbin.Evaluation.ExpressionHandler.Invoke[TRequest,TPolicy](EnforceContext& context, String expressionString, TRequest& request, TPolicy& policy)
2024-05-09 19:43:58	
   at DynamicExpresso.Interpreter.ParseAsDelegate[TDelegate](String expressionText, String[] parametersNames)
2024-05-09 19:43:58	
   at DynamicExpresso.Interpreter.ParseAsLambda(String expressionText, Type expressionType, Parameter[] parameters)
2024-05-09 19:43:58	
   at DynamicExpresso.Parsing.Parser.Parse()
   ...

Model:

[request_definition]
r = rule, sub, obj, act

[policy_definition]
p = sub_rule, sub, obj, act

[role_definition]
g = _, _ 

[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))

[matchers]
m = eval(p.sub_rule) && g(r.sub, p.sub) && keyMatch3(r.obj, p.obj) && (p.act == "*" || regexMatch(r.act, p.act))

Policies:

p, r.rule["CompanyData"]["CompanyIsActive"] == "True" && (r.rule["CompanyData"]["BusinessRole"] == "Role1" || r.rule["CompanyData"]["BusinessRole"] == "Role2"), WebApp, /api/transactions/getTransactions, POST
p, r.rule["CompanyData"]["CompanyIsActive"] == "False" && (r.rule["CompanyData"]["BusinessRole"] == "Role1" || r.rule["CompanyData"]["BusinessRole"] == "Role2"), Admin, /api/transactions/getTransactions, POST

How I'm enforcing on version 1.5.0:

var enforceRequestValues = new List<object>();

var authorizationAttributes = new Dictionary<string, Dictionary<string, string>>
{
    ["CompanyData"] = new Dictionary<string, string>
    {
        ["CompanyIsActive"] = "True", ["BusinessRole"] = "Role1"
    }
};

enforceRequestValues.Add(authorizationAttributes);
// role is Admin
enforceRequestValues.Add(role);
// path is /api/transactions/gettransactions
enforceRequestValues.Add(path);
// method is POST
enforceRequestValues.Add(method);

result = _enforcer.Enforce(enforceRequestValues.ToArray());

The same logic doesn't work on version 2.5.3

Can you suggest, please, what I am missing or what to change?

[casbin-bot]

@sagilio @sociometry @AsakusaRinne

[sagilio0728]

Here are two questions:

1. The current transformer processing for Matcher does not recognize index operators, and this needs to be fixed.

   Casbin.NET/Casbin/EnforceView.cs

   Line 12 in 5a358a4

   // TODO: The .NET Standard 2.0 TFM is not support private init.

2. The overload used for Enforce is incorrect. Enforce currently supports generic parameters, which helps to avoid the significant overhead caused by forced boxing. You can try to make a direct call, like this:

var authorizationAttributes = new Dictionary<string, Dictionary<string, string>>
{
    ["CompanyData"] = new Dictionary<string, string>
    {
        ["CompanyIsActive"] = "True", ["BusinessRole"] = "Role1"
    }
};
result = _enforcer.Enforce(authorizationAttributes, role, path, method);

[vova-lantsov-dev]

Thanks, I will try to implement it