feat: return clear error for invalid JSON when EnableAcceptJsonRequest is enabled

[Copilot]

When EnableAcceptJsonRequest(true) is enabled, invalid JSON strings (e.g., containing \x escape sequences not supported by JSON spec) fail to parse but errors are silently ignored. The string remains unparsed, causing confusing downstream errors like "Unable to access 'Name', 'r_sub' is not a struct or map" when matchers attempt field access.

Changes

enforcer.go

• Only attempt JSON parsing for strings starting with { or [
• Return descriptive error when JSON parsing fails instead of silent fallthrough
• Error format: "failed to parse JSON parameter at index %d: %w"

enforcer_json_test.go (new)

• Test invalid JSON returns clear error
• Test valid JSON parses correctly
• Test plain strings are not treated as JSON

Example

Before:

e.EnableAcceptJsonRequest(true)
e.Enforce(`{"Name": "\x20"}`, "data", "read")
// Error: Unable to access 'Name', 'r_sub' is not a struct or map

After:

e.EnableAcceptJsonRequest(true)
e.Enforce(`{"Name": "\x20"}`, "data", "read")
// Error: failed to parse JSON parameter at index 0: invalid character 'x' in string escape code

Note: JSON only supports \", \\, \/, \b, \f, \n, \r, \t, and \uXXXX escape sequences. \x is not valid JSON.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Bug] JSON string arguments are not parsed correctly in Enforce despite EnableAcceptJsonRequest(true)</issue_title>
<issue_description>
When EnableAcceptJsonRequest(true) is enabled, passing a valid JSON string as a parameter to Enforce() fails if the matcher attempts to access a field within that JSON object (e.g., r.sub.Name). The enforcer returns an error indicating that the parameter is not a struct or map, implying that the JSON string was not automatically parsed into an object before evaluation.

To Reproduce
Reproduction code:

func TestReproduce(t *testing.T) {
	modelText := `
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub.Name == "\x20"
`

	m, err := model.NewModelFromString(modelText)
	if err != nil {
		t.Fatalf("Failed to create model: %v", err)
	}
	e, err := NewEnforcer(m)
	if err != nil {
		fmt.Printf("Error: %v\n", err)
	}
	dataJSON := `{"Name": "\x20"}`
	e.EnableAcceptJsonRequest(true)
	res, err := e.Enforce(dataJSON, true, "read")
	fmt.Printf("result: %v, err: %v\n", res, err)  -> “result: false, err: Unable to access 'Name', 'r_sub' is not a struct or map”
}

And I also try to reproduce it in editor. However, the editor return false without any error. Their behaviours are inconsistent as well. https://editor.casbin.org/#ETVDB3RF7
</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [question] JSON string arguments are not parsed correctly in Enforce despite EnableAcceptJsonRequest(true) #1605

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}