fix: add checks fieldValues to remove filtered policy

Signed-off-by: Zixuan Liu <nodeces@gmail.com>
casbin · Jul 28, 2020 · 9db19f4 · 9db19f4
1 parent 2ab8eb7
commit 9db19f4
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 5 deletions.
diff --git a/errors/rbac_errors.go b/errors/rbac_errors.go
@@ -18,8 +18,9 @@ import "errors"
 
 // Global errors for rbac defined here
 var (
-	ERR_NAME_NOT_FOUND       = errors.New("error: name does not exist")
-	ERR_DOMAIN_PARAMETER     = errors.New("error: domain should be 1 parameter")
-	ERR_NAMES12_NOT_FOUND    = errors.New("error: name1 or name2 does not exist")
-	ERR_USE_DOMAIN_PARAMETER = errors.New("error: useDomain should be 1 parameter")
+	ERR_NAME_NOT_FOUND            = errors.New("error: name does not exist")
+	ERR_DOMAIN_PARAMETER          = errors.New("error: domain should be 1 parameter")
+	ERR_NAMES12_NOT_FOUND         = errors.New("error: name1 or name2 does not exist")
+	ERR_USE_DOMAIN_PARAMETER      = errors.New("error: useDomain should be 1 parameter")
+	INVALID_FIELDVAULES_PARAMETER = errors.New("fieldValues requires at least one parameter")
 )
diff --git a/internal_api.go b/internal_api.go
@@ -15,6 +15,7 @@
 package casbin
 
 import (
+	Err "github.com/casbin/casbin/v2/errors"
 	"github.com/casbin/casbin/v2/model"
 	"github.com/casbin/casbin/v2/persist"
 )
@@ -170,6 +171,10 @@ func (e *Enforcer) removePolicies(sec string, ptype string, rules [][]string) (b
 
 // removeFilteredPolicy removes rules based on field filters from the current policy.
 func (e *Enforcer) removeFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) (bool, error) {
+	if len(fieldValues) == 0 {
+		return false, Err.INVALID_FIELDVAULES_PARAMETER
+	}
+
 	if e.shouldPersist() {
 		if err := e.adapter.RemoveFilteredPolicy(sec, ptype, fieldIndex, fieldValues...); err != nil {
 			if err.Error() != notImplemented {

diff --git a/model/policy.go b/model/policy.go
@@ -179,10 +179,15 @@ func (model Model) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int
 	var effects [][]string
 	res := false
 	firstIndex := -1
+
+	if len(fieldValues) == 0 {
+		return false, effects
+	}
+
 	for index, rule := range model[sec][ptype].Policy {
 		matched := true
 		for i, fieldValue := range fieldValues {
-			if fieldValue != "" && rule[fieldIndex+i] != fieldValue {
+			if rule[fieldIndex+i] != fieldValue {
 				matched = false
 				break
 			}