[Bug] LoadPolicy is not working properly since v2.7.2 to v2.39.0 with mongoadapter v2

[srPuebla]

Want to prioritize this issue? Try:

---

Describe the bug

I am using casbin in APIs, with echoframework. Instead a file, i am working with mongo-adapter.

I have configured the next below:

a, _ := mongodbadapter.NewAdapter(options.CoreMongoUri)
m := model.NewModel()
m.AddDef("r", "r", "sub, obj, act")
m.AddDef("p", "p", "sub, obj, act")
m.AddDef("g", "g", "_, _")
m.AddDef("e", "e", "some(where (p.eft == allow))")
m.AddDef("m", "m", "r.sub == p.sub && regexMatch(r.obj,p.obj) && regexMatch(r.act,p.act)")
casbinEnforcer, _ := casbin.NewEnforcer(m, a) // you can use SyncedEnforcer to LoadPolicy periodically

It is working successfully, however, i am trying to update to last version v2.39.0 and i am geting problems with LoadPolicy.
I was using v2.7.1, and if you update to v2.7.2, then you get the problem

To Reproduce
Steps to reproduce the behavior:
1º Add a Policy

exists_policy := casbinEnforcer.HasNamedPolicy("p", rule.Role, rule.Path, rule.Action)
if exists_policy {
	return c.JSON(http.StatusBadRequest, "Policy Already Exists")
}

c.Logger().Info("Create Role ", rule.Role, " Path ", rule.Path, " Action ", rule.Action)
res, err := casbinEnforcer.AddPolicy(rule.Role, rule.Path, rule.Action)
if err != nil {
	c.Logger().Warn(err)
}

2º Execute a LoadPolicy:

config.Logger.Debug("Loading policy")
errcas = casbinEnforcer.LoadPolicy()
if errcas != nil {
	config.Logger.Error("Error loading policy ",errcas)
}

3º Execute again step 1, and you can insert again a Policy (in spite of the fact that is repeated):
4º You can repeat that, and in Database you will find this:

> db.casbin_rule.find()
{ "_id" : ObjectId("6192888b9117e642a9c6a8e7"), "ptype" : "p", "v0" : "rol", "v1" : "path", "v2" : "actiontest", "v3" : "", "v4" : "", "v5" : "" }
{ "_id" : ObjectId("6192888e9117e642a9c6a8e9"), "ptype" : "p", "v0" : "rol", "v1" : "path", "v2" : "actiontest", "v3" : "", "v4" : "", "v5" : "" }
{ "_id" : ObjectId("6192888e9117e642a9c6a8eb"), "ptype" : "p", "v0" : "rol", "v1" : "path", "v2" : "actiontest", "v3" : "", "v4" : "", "v5" : "" }

Expected behavior
A clear and concise description of what you expected to happen.

When you LoadPolicy, you have to read from DB and update the cached policy, like in 2.7.1 version. For example, if you have several PODs running this, you can use SyncEnforcer to LoadPolicy of other pods who are making the changes.

Screenshots
Not neccessary

Desktop (please complete the following information):
Not

Smartphone (please complete the following information):
Not

Additional context

• Error found on Version from 2.7.2 to 2.39.0
• In version 2.7.1 or less, it is working.

I hope it helps.

Thanks for this module, its amazing.

[casbin-bot]

@tangyang9464 @closetool @sagilio

[hsluoyz]

@abichinger @Abingcbc

[Abingcbc]

@srPuebla I didn't get what you meant. I cannot reproduce by following your reproduce steps. It works well with version v2.39.0.
Can you directly describe your problem or paste your error message?

[srPuebla]

Hi @Abingcbc

Of course, maybe i didn´t explain myself.

I am gonna put a example main, and lets execute with the versions 2.7.1 and the others, ok? Lets GO!

Full Main.go:

package main

import (
	"github.com/casbin/casbin/v2"
	"github.com/casbin/casbin/v2/model"
	mongodbadapter "github.com/casbin/mongodb-adapter/v2"
	"log"
)

func main() {
	//Loading mongoadapter
	a, err := mongodbadapter.NewAdapter("mongodb://genericuser:generic123@127.0.0.1:27017/genericapi?authSource=genericapi")
	if err != nil {
		log.Fatal(err)
	}

	//Preparing casbin config
	m := model.NewModel()
	m.AddDef("r", "r", "sub, obj, act")
	m.AddDef("p", "p", "sub, obj, act")
	m.AddDef("g", "g", "_, _")
	m.AddDef("e", "e", "some(where (p.eft == allow))")
	m.AddDef("m", "m", "r.sub == p.sub && regexMatch(r.obj,p.obj) && regexMatch(r.act,p.act)")

	//getting casbin enforcer
	casbinEnforcer, err := casbin.NewEnforcer(m, a)
	if err != nil {
		log.Fatal(err)
	}


	//Preparing actions to add a policy
	sub := "example_sub"
	obj := "example_obj"
	act := "example_act"
	
	//Loadpolicy to reload the database with the casbinEnforcer
	errcas := casbinEnforcer.LoadPolicy()
	if errcas != nil {
		log.Fatal("Error loading policy ",errcas)
	}
	
	//Checking if policy exists
	exists_policy := casbinEnforcer.HasNamedPolicy("p", sub, obj, act)
	if exists_policy {
		log.Fatal("Policy already exists ")
	}

	//Create the policy
	log.Println("Create Policy ", sub, " Obj ", obj, " Action ", act)
	res, err := casbinEnforcer.AddPolicy(sub, obj, act)
	if err != nil {
		log.Fatal("Error Adding Policy ")
	}
	if !res{
		// If the rule already exists, the function returns false and the rule will not be added.
		log.Println("Rule not added, cause already exists")
	}else{
		log.Println("Rule added")
	}

	log.Println("Fin")
}

With version 2.7.1 or less:
1º We execute the program first time. The result is:

2021/11/18 19:33:32 Create Policy example_sub Obj example_obj Action example_act
2021/11/18 19:33:32 Rule added
2021/11/18 19:33:32 Fin

2º We execute the program second time. The result is:

2021/11/18 19:33:44 Policy already exists

3º We check the mongodb and we find the document:

> db.casbin_rule.find()
{ "_id" : ObjectId("61969c7c7289e59c1cdb847a"), "ptype" : "p", "v0" : "example_sub", "v1" : "example_obj", "v2" : "example_act", "v3" : "", "v4" : "", "v5" : "" }

With version 2.7.2 or more:
1º We execute the program first time. The result is:

2021/11/18 19:36:47 Create Policy example_sub Obj example_obj Action example_act
2021/11/18 19:36:49 Rule added
2021/11/18 19:36:51 Fin

2º We execute the program second time. The result is:

2021/11/18 19:37:14 Create Policy example_sub Obj example_obj Action example_act
2021/11/18 19:37:17 Rule added
2021/11/18 19:37:17 Fin

3º We check the mongodb and we find several documents:

> db.casbin_rule.find()
{ "_id" : ObjectId("61969d3f2a85df020bda3247"), "ptype" : "p", "v0" : "example_sub", "v1" : "example_obj", "v2" : "example_act", "v3" : "", "v4" : "", "v5" : "" }
{ "_id" : ObjectId("61969d5a1d4bcd507dfc1750"), "ptype" : "p", "v0" : "example_sub", "v1" : "example_obj", "v2" : "example_act", "v3" : "", "v4" : "", "v5" : "" }

I expect the behaviour of v2.7.1 or less.
LoadPolicy means "LoadPolicy reloads the policy from file/database." and its doesnt work from v2.7.2 or more.

With this example, could you reproduce the problem?

Thanks and i hope this helps!!

[srPuebla]

Hi again @Abingcbc

I think that the problem is with mongodb-adapter

If you update the version to v3, github.com/casbin/mongodb-adapter/v3 v3.2.1, then it works properly

The point is... that i cant migrate from v2 to v3 cause i have too many policies on my PRO enviroment and when i load v3, mongoadapter fails.

But this is not the problem of this library.

Thank you so mucho for help, i hope that it helps others.

If you get this issue, update the last version! github.com/casbin/mongodb-adapter/v3 v3.2.1

Regards!

[Abingcbc]

@srPuebla Thanks for your reply❤️ I have reproduced the bug and I will work on this issue

[Abingcbc]

I think the root cause is that from v2.7.2, casbin started using a map to index policies. But mongo-adapter v2 doesn't load policies into the map.
https://github.com/casbin/mongodb-adapter/blob/v2.1.0/adapter.go#L217
And it was fixed in v3.0.0
https://github.com/casbin/mongodb-adapter/blob/v3.0.0/adapter.go#L194
So this is a breaking change =.=

One way to work around is manually adding all policies in m[sec][key].Policy into m[sec][key].PolicyMap. So I have submitted a PR to add a function called SyncPolicyIndex.

You can call this function immediately after calling LoadPolicy and it will work well with mongoadapter v2 and casbin v2.7.2+.
But of course the best way is to update the version of adapter. :)

[hsluoyz]

Discussed with @Abingcbc and we believe it has no need to fix.