Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforcer.Enforce throws exception when model contains similar definitions #308

Closed
dmolochnikov opened this issue Jan 12, 2023 · 3 comments · Fixed by #319
Closed

Enforcer.Enforce throws exception when model contains similar definitions #308

dmolochnikov opened this issue Jan 12, 2023 · 3 comments · Fixed by #319
Assignees
@hsluoyz
Labels
bug Something isn't working
Projects
Casbin Easy Tasks for Beginners/Stude...

Comments

@dmolochnikov
Copy link

dmolochnikov commented Jan 12, 2023
edited by hsluoyz
Loading

Hi!
Here's test code that demonstrates the issue:

    [Fact]
    public void TestRbacModelInMemory2Objects()
    {
        string text =
            "[request_definition]\n"
            + "r = sub, obj, obj2, act\n"
            + "\n"
            + "[policy_definition]\n"
            + "p = sub, obj, obj2, act\n"
            + "\n"
            + "[role_definition]\n"
            + "g = _, _\n"
            + "\n"
            + "[policy_effect]\n"
            + "e = some(where (p.eft == allow))\n"
            + "\n"
            + "[matchers]\n"
            + "m = g(r.sub, p.sub) && r.obj == p.obj && r.obj2 == p.obj2 && r.act == p.act\n";

        IModel m = DefaultModel.CreateFromText(text);

        Enforcer e = new(m);

        e.AddPermissionForUser("alice", "data1", "data10", "read");
        e.AddPermissionForUser("data2_admin", "data1", "data10", "read");
        e.AddRoleForUser("alice", "data2_admin");

        TestEnforce(e, "alice", "data1", "data10", "read", true);
        TestEnforce(e, "alice", "data1", "data10", "write", false);
    }

P.S. Possible workaround is to rename definitions to be completely different (like 'abc' and 'xyz' instead of 'obj' and 'obj2')
@casbin-bot
Copy link
Member

@sagilio @sociometry @AsakusaRinne

@casbin-bot casbin-bot added the question Further information is requested label Jan 12, 2023
@hsluoyz
Copy link
Member

hsluoyz commented Jan 12, 2023

@dmolochnikov can you paste your error stack about the exception? Also can you try if the online editor has similar issue? https://casbin.org/editor

@sagilio
Copy link
Member

sagilio commented Jan 12, 2023

Thank you for the feedback, the reason is an error transform logic here when the value definitions are too similar. I will try to fix this later.

Casbin.NET/Casbin/EnforceView.cs

Lines 137 to 147 in 2d721e6

foreach (KeyValuePair<string, int> tokenPair in view.RequestAssertion.Tokens)
{
matcher = matcher.Replace($"{view.RequestType}.{tokenPair.Key}",
$"{view.RequestType}.Value{tokenPair.Value + 1}");
}
foreach (KeyValuePair<string, int> tokenPair in view.PolicyAssertion.Tokens)
{
matcher = matcher.Replace($"{view.PolicyType}.{tokenPair.Key}",
$"{view.PolicyType}.Value{tokenPair.Value + 1}");
}

@sagilio sagilio added bug Something isn't working and removed question Further information is requested labels Jan 12, 2023
@sagilio sagilio linked a pull request Jun 13, 2023 that will close this issue
feat: Better support tokens with substring relation and use two more complex test cases #319
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hsluoyz hsluoyz

Labels
bug Something isn't working
Projects
Casbin Easy Tasks for Beginners/Stude...
Casbin.NET Easy Tasks
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Better support tokens with substring relation and use two more complex test cases
4 participants
@hsluoyz @dmolochnikov @sagilio @casbin-bot