Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] can we use ipMatch in a police rule? #86

Closed
skyfall2022 opened this issue Apr 15, 2023 · 11 comments · Fixed by #87
Closed

[Question] can we use ipMatch in a police rule? #86

skyfall2022 opened this issue Apr 15, 2023 · 11 comments · Fixed by #87
Assignees
@hsluoyz
Labels
bug Something isn't working
Projects
Casbin Easy Tasks for Beginners/Stude...

Comments

@skyfall2022
Copy link

Want to prioritize this issue? Try:

issuehunt-to-marktext

------

What's your scenario? What do you want to achieve?
deny the request of some type of devices from some ip addresses

Your model:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub_rule, obj, act, eft

[policy_effect]
e = !some(where (p.eft == deny))

[matchers]
m = eval(p.sub_rule) && r.obj == p.obj && r.act == p.act

Your policy:

p, r.sub.Device == 'Android', file, send, deny
p, r.sub.Device == 'Windows' && ipMatch(r.sub.Ip, '10.0.0.0/24'), file, save, deny

Your request(s):

{Device:'Android',Ip:'10.1.0.3'}, file, send
{Device:'iOS',Ip:'10.0.0.2'}, file, save
@skyfall2022 skyfall2022 added the question Further information is requested label Apr 15, 2023
@casbin-bot
Copy link
Member

@tangyang9464 @JalinWang

@skyfall2022 skyfall2022 changed the title [Question] [Question] can we use ipMatch in a police rule? Apr 15, 2023
@skyfall2022
Copy link
Author

it will return 'Unclosed ( at character 83' if I run the test :<

@PokIsemaine
Copy link
Member

@skyfall2022 try to add ""

p, r.sub.Device == 'Windows' && ipMatch(r.sub.Ip, '10.0.0.0/24'), file, save, deny
// Add ""
p, "r.sub.Device == 'Windows' && ipMatch(r.sub.Ip, '10.0.0.0/24')", file, save, deny

@skyfall2022
Copy link
Author 

p, r.sub.Device == 'Windows' && ipMatch(r.sub.Ip, '10.0.0.0/24'), file, save, deny

it doesn't work, the enforcement result:
Unclosed quote after "r.sub.Device == 'Windows' && ipMatch(r_sub.Ip) && r_obj == p_obj && r_act == p_act" at character 84

@PokIsemaine
Copy link
Member

PokIsemaine commented Apr 15, 2023
edited 

p, r.sub.Device == 'Windows' && ipMatch(r.sub.Ip, '10.0.0.0/24'), file, save, deny

it doesn't work, the enforcement result: Unclosed quote after "r.sub.Device == 'Windows' && ipMatch(r_sub.Ip) && r_obj == p_obj && r_act == p_act" at character 84

I tried running a demo locally and it didn't get an error

image

@PokIsemaine
Copy link
Member

@skyfall2022
Hey, did you use Casbin Editor (Casbin Node.js) to test?
I found this different from the local results (casbin golang).

image

@skyfall2022
Copy link
Author

skyfall2022 commented Apr 15, 2023
edited

yes, I did. I will try to use golang instead. thanks!

@hsluoyz
Copy link
Member

hsluoyz commented Apr 15, 2023

@PokIsemaine why are Go and Node.js different? This is an issue that needs to fix, as we aim to provide the same result for different languages

@PokIsemaine
Copy link
Member

@PokIsemaine why are Go and Node.js different? This is an issue that needs to fix, as we aim to provide the same result for different languages

I don't know about node-casbin yet, and it may take me a while to investigate the cause.

@casbin-bot
Copy link
Member

@nodece

@casbin-bot casbin-bot added the enhancement New feature or request label Apr 17, 2023
@hsluoyz hsluoyz transferred this issue from casbin/casbin Apr 17, 2023
@hsluoyz hsluoyz added bug Something isn't working and removed enhancement New feature or request question Further information is requested labels Apr 17, 2023
@nodece
Copy link
Member

nodece commented Apr 17, 2023

Please update your policy:

p, r.sub.Device == 'Android', file, send, deny
p, "r.sub.Device == 'IOS' && ipMatch(r.sub.Ip,'10.0.0.0/24')", file, save, deny

@hsluoyz hsluoyz mentioned this issue Apr 18, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hsluoyz hsluoyz

Labels
bug Something isn't working
Projects
Casbin Easy Tasks for Beginners/Stude...
Node-Casbin Easy Tasks
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: upgrade casbin to latest v5.26.1 nodece/editor
5 participants
@hsluoyz @nodece @PokIsemaine @casbin-bot @skyfall2022