Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] Why doesn't DeleteRole delete role completely from the policies? #1363

Closed
Marif226 opened this issue Feb 22, 2024 · 1 comment · Fixed by #1364
Closed

[Question] Why doesn't DeleteRole delete role completely from the policies? #1363

Marif226 opened this issue Feb 22, 2024 · 1 comment · Fixed by #1364
Assignees
@hsluoyz
Labels
enhancement
Projects
Casbin Easy Tasks for Beginners/Stude...

Comments

@Marif226
Copy link
Contributor

Want to prioritize this issue? Try:

issuehunt-to-marktext

What's your scenario? What do you want to achieve?
Your answer here

Your model:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

Your policy:

p, role1, data1, read
p, role2, data1, write
p, role1, data2, read
p, role2, data2, write

g, role2, role1

Your request(s):

I want to completely delete role2, so that policy becomes:

p, role1, data1, read
p, role1, data2, read

The problem is, DeleteRole method in enforcer only deletes grouping policies, where role is inherited by others, so I need to call RemoveFilteredGroupingPolicy(0, role) manually. I think it is a good idea to include this to DeleteRole:

// DeleteRole deletes a role.
// Returns false if the role does not exist (aka not affected).
func (e *Enforcer) DeleteRole(role string) (bool, error) {
	var err error
	res1, err := e.RemoveFilteredGroupingPolicy(0, role)
	if err != nil {
		return res1, err
	}

	res2, err := e.RemoveFilteredGroupingPolicy(1, role)
	if err != nil {
		return res1, err
	}

	subIndex, err := e.GetFieldIndex("p", constant.SubjectIndex)
	if err != nil {
		return false, err
	}
	res3, err := e.RemoveFilteredPolicy(subIndex, role)
	return res1 || res2 || res3, err
}
@casbin-bot
Copy link
Member

@tangyang9464 @JalinWang

@Marif226 Marif226 mentioned this issue Feb 22, 2024
Merged
@Marif226 Marif226 changed the title [Question] Why doesn't DeleteRole delete role completely from the table? [Question] Why doesn't DeleteRole delete role completely from the policies? Feb 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hsluoyz hsluoyz

Labels
enhancement
Projects
Casbin Easy Tasks for Beginners/Stude...
Casbin Easy Tasks
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: delete grouping policies with index 0 as well in DeleteRole() API Marif226/casbin
3 participants
@hsluoyz @casbin-bot @Marif226