escapeAssertion does not respect string literals #473
Description
Currently escapeAssertion does a rather brutal regex replace operation to convert r.*/p.* into r_*/p_* respectively. However it does not consider the case where the expression could contain a string literal. So if you have a rule that have some sort of string literal like p.obj == "r.something" it will fail in a very subtle manner.
const { newEnforcer, newModel } = require("casbin");
const MY_RESOURCE_NAME = "r.my_resource"; // change this to e.g. "a.my_resource" and it will work
(async function () {
const model = newModel();
model.addDef("r", "r", "act, obj");
model.addDef("p", "p", "act, obj, rule");
model.addDef("e", "e", "some(where (p.eft == allow))");
model.addDef("m", "m", "r.act == p.act && r.obj == p.obj && eval(p.rule)");
const enforcer = await newEnforcer(model);
enforcer.addPolicy(
"alice",
MY_RESOURCE_NAME,
`p.obj == "${MY_RESOURCE_NAME}"`
);
// does not work because internally it becomes `p_obj == "r_my_resource"`
console.log(await enforcer.enforce("alice", MY_RESOURCE_NAME));
})();