[Question]casbin.NewEnforcer encountered Unforeseen results #689

walterlife · 2021-01-27T13:57:55Z

Hi, Team
First of all great library
I encountered a scenario, the same policy, the first check failed, and the check succeeded after 10ms. Have you encountered such a scenario?

2021-01-27 20:00:20.700 INFO model/policy.go:58 Policy:
2021-01-27 20:00:20.700 INFO model/policy.go:60 p: sub, tenant, obj, act, eft, group: [[team_admin 20882020120002 SAVE_SUBGROUP allow ] [team_admin 20882020120002 DELETE_SUBGROUP allow ] [team_admin 20882020120002 QUERY_SUBGROUP_LIST allow ] [team_admin 20882020120002 SAVE_MEMBER allow ] [team_admin 20882020120002 DELETE_MEMBER allow ] [team_admin 20882020120002 QUERY_TEAM_MEMBER_LIST allow ] [team_admin 20882020120002 AdminPermission allow ] [team_admin 20882020120002 WorkerPermission allow ]]
2021-01-27 20:00:20.700 INFO model/policy.go:64 g: , , _: [[1397 team_admin 20882020120002]]
2021-01-27 20:00:20.700 INFO model/assertion.go:86 Role links for: g
2021-01-27 20:00:20.700 INFO rolemanage/role_manager.go:234 1397 < team_admin
2021-01-27 20:00:20.701 INFO v2@v2.12.0/enforcer.go:570 Request: 1397, 20882020120002, WorkerPermission, , 8 ---> false

2021-01-27 20:00:20.722 INFO model/policy.go:58 Policy:
2021-01-27 20:00:20.722 INFO model/policy.go:60 p: sub, tenant, obj, act, eft, group: [[team_admin 20882020120002 SAVE_SUBGROUP allow ] [team_admin 20882020120002 DELETE_SUBGROUP allow ] [team_admin 20882020120002 QUERY_SUBGROUP_LIST allow ] [team_admin 20882020120002 SAVE_MEMBER allow ] [team_admin 20882020120002 DELETE_MEMBER allow ] [team_admin 20882020120002 QUERY_TEAM_MEMBER_LIST allow ] [team_admin 20882020120002 AdminPermission allow ] [team_admin 20882020120002 WorkerPermission allow ]] 
2021-01-27 20:00:20.722 INFO model/policy.go:64 g: , , _: [[1397 team_admin 20882020120002]]
2021-01-27 20:00:20.722 INFO model/assertion.go:86 Role links for: g
2021-01-27 20:00:20.722 INFO rolemanage/role_manager.go:234 1397 < team_admin
2021-01-27 20:00:20.722 INFO v2@v2.12.0/enforcer.go:570 Request: 1397, 20882020120002, WorkerPermission, , 8 ---> true

Above is the problematic data

The text was updated successfully, but these errors were encountered:

nodece · 2021-01-27T14:09:48Z

Could you try casbin.NewSyncedEnforcer?

hsluoyz · 2021-01-27T14:17:27Z

@walterlife plz add the issue title.

walterlife · 2021-01-27T14:26:07Z

Could you try casbin.NewSyncedEnforcer?

I use NewEnforcer,Is there any difference between the two

hsluoyz · 2021-01-27T15:05:58Z

@walterlife can you provide:

Example model
Example policy
Example code

walterlife · 2021-01-27T15:16:16Z

@walterlife can you provide:

Example model

Example policy

Example code

hsluoyz · 2021-01-28T02:18:46Z

@walterlife any update?

walterlife · 2021-01-28T02:32:57Z

[request_definition]
r = sub, tenant, obj, act, group

[policy_definition]
p = sub, tenant, obj, act, eft, group

[role_definition]
g = _, _, _

[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))

[matchers]
m = (g(r.sub, p.sub, r.tenant) \
    && r.tenant == p.tenant \
    && (r.group == p.group || p.group == '*') \
    && keyMatch(r.obj, p.obj) \
    && regexMatch(r.act, p.act)) \
	|| (r.sub == p.sub && p.tenant == '*' && p.obj == '*') \
    || (r.sub == p.sub && r.tenant == p.tenant && p.obj == '*') \
    || (r.sub == p.sub && r.tenant == p.tenant && p.obj == '*' && r.group == p.group)

above is model config
I use it like this

ok, errs := enforcer.Enforce(rule.V0, rule.V1, res.Resource, action, rule.V5)

hsluoyz · 2021-01-28T07:44:17Z

@closetool plz take a look.

kilosonc · 2021-01-28T07:53:11Z

@walterlife may I have your policy file and source code

walterlife · 2021-01-28T14:48:08Z

@walterlife may I have your policy file and source code

Is it convenient to add WeChat?

kilosonc · 2021-01-28T15:21:06Z

@walterlife may I have your policy file and source code

Is it convenient to add WeChat?

Can you just paste some piece of pivotal file here

hsluoyz · 2021-01-29T16:06:55Z

@walterlife plz provide model, policy, request and true + expected response, like this issue: #693

Better tested in: https://casbin.org/en/editor

hsluoyz · 2021-02-05T06:18:16Z

@closetool

I think his log already contains the rules. We can roughly reproduce it for now.

2021-01-27 20:00:20.722 INFO model/policy.go:60 p: sub, tenant, obj, act, eft, group: [[team_admin 20882020120002 SAVE_SUBGROUP allow ] [team_admin 20882020120002 DELETE_SUBGROUP allow ] [team_admin 20882020120002 QUERY_SUBGROUP_LIST allow ] [team_admin 20882020120002 SAVE_MEMBER allow ] [team_admin 20882020120002 DELETE_MEMBER allow ] [team_admin 20882020120002 QUERY_TEAM_MEMBER_LIST allow ] [team_admin 20882020120002 AdminPermission allow ] [team_admin 20882020120002 WorkerPermission allow ]] 
2021-01-27 20:00:20.722 INFO model/policy.go:64 g: , , _: [[1397 team_admin 20882020120002]]

kilosonc · 2021-02-05T11:05:48Z

@walterlife I can not make it happen again, so perhaps you used casbin in concurrency, and should use SyncedEnforcer

hsluoyz · 2021-02-07T13:48:33Z

Closed as resolved.

walterlife added the question label Jan 27, 2021

walterlife assigned hsluoyz Jan 27, 2021

walterlife changed the title ~~[Question]~~ [Question]casbin.NewEnforcer encountered Unforeseen results Jan 27, 2021

hsluoyz added this to Casbin Easy Tasks in Casbin Easy Tasks for Beginners/Student Applicants Jan 27, 2021

walterlife closed this as completed Jan 27, 2021

walterlife reopened this Jan 27, 2021

hsluoyz moved this from Casbin Easy Tasks to Casbin Easy Tasks 2 in Casbin Easy Tasks for Beginners/Student Applicants Jan 28, 2021

hsluoyz closed this as completed Feb 7, 2021

hsluoyz removed this from Casbin Easy Tasks 2 in Casbin Easy Tasks for Beginners/Student Applicants Feb 7, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Question]casbin.NewEnforcer encountered Unforeseen results #689

[Question]casbin.NewEnforcer encountered Unforeseen results #689

walterlife commented Jan 27, 2021 •

edited

nodece commented Jan 27, 2021

hsluoyz commented Jan 27, 2021

walterlife commented Jan 27, 2021

hsluoyz commented Jan 27, 2021

walterlife commented Jan 27, 2021

hsluoyz commented Jan 28, 2021

walterlife commented Jan 28, 2021 •

edited by hsluoyz

hsluoyz commented Jan 28, 2021

kilosonc commented Jan 28, 2021

walterlife commented Jan 28, 2021

kilosonc commented Jan 28, 2021

hsluoyz commented Jan 29, 2021

hsluoyz commented Feb 5, 2021

kilosonc commented Feb 5, 2021

hsluoyz commented Feb 7, 2021

[Question]casbin.NewEnforcer encountered Unforeseen results #689

[Question]casbin.NewEnforcer encountered Unforeseen results #689

Comments

walterlife commented Jan 27, 2021 • edited

nodece commented Jan 27, 2021

hsluoyz commented Jan 27, 2021

walterlife commented Jan 27, 2021

hsluoyz commented Jan 27, 2021

walterlife commented Jan 27, 2021

hsluoyz commented Jan 28, 2021

walterlife commented Jan 28, 2021 • edited by hsluoyz

hsluoyz commented Jan 28, 2021

kilosonc commented Jan 28, 2021

walterlife commented Jan 28, 2021

kilosonc commented Jan 28, 2021

hsluoyz commented Jan 29, 2021

hsluoyz commented Feb 5, 2021

kilosonc commented Feb 5, 2021

hsluoyz commented Feb 7, 2021

walterlife commented Jan 27, 2021 •

edited

walterlife commented Jan 28, 2021 •

edited by hsluoyz