[Question] How to get permissions while using resource roles

[yanwii]

Want to prioritize this issue? Try:

---

What's your scenario? What do you want to achieve?
Your answer here

Your model:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act

Your policy:

p, alice, data_group, write

g, alice, data_group_admin
g2, data1, data_group
g2, data2, data_group

Your request(s):

If I want to get all permissions for user alice and resource data1, it doesn't work

enforcer.GetFilteredPolicy(0, "alice", "data1")
expected: [["alice", "data1", "write"]...]
actual: []

enforcer.GetImplicitPermissionsForUser("alice") 
expected: [["alice", "data1", "write"]...]
actual: [["alice", "data_group", "write"]...]

Is there any API supporte this action?

[casbin-bot]

@tangyang9464 @JalinWang

[hsluoyz]

@yanwii right now, GetFilteredPolicy() doesn't support g or g2. GetImplicitPermissionsForUser() only supports g but doesn't support g2.

We need to support both g and g2 in GetImplicitPermissionsForUser()