From 782b937d0e7cf44658b6de6332dfbe3a396ec5f3 Mon Sep 17 00:00:00 2001
From: Hellobigxu <guoxing0614@hotmail.com>
Date: Fri, 20 Apr 2018 12:15:51 +0800
Subject: [PATCH 1/5] Update adapter.go
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

ignore “” string， just keep same logic with casbin
---
 adapter.go | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/adapter.go b/adapter.go
index 6252f80..c1c8ef1 100644
--- a/adapter.go
+++ b/adapter.go
@@ -271,22 +271,34 @@ func (a *adapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int,
 	selector["ptype"] = ptype
 
 	if fieldIndex <= 0 && 0 < fieldIndex+len(fieldValues) {
-		selector["v0"] = fieldValues[0-fieldIndex]
+		if len(fieldValues[0-fieldIndex]) !=0 {
+			selector["v0"] = fieldValues[0-fieldIndex]
+		}
 	}
 	if fieldIndex <= 1 && 1 < fieldIndex+len(fieldValues) {
-		selector["v1"] = fieldValues[1-fieldIndex]
+		if len(fieldValues[0-fieldIndex]) !=0 {
+			selector["v1"] = fieldValues[1-fieldIndex]
+		}
 	}
 	if fieldIndex <= 2 && 2 < fieldIndex+len(fieldValues) {
-		selector["v2"] = fieldValues[2-fieldIndex]
+		if len(fieldValues[0-fieldIndex]) !=0 {
+			selector["v2"] = fieldValues[2-fieldIndex]
+		}
 	}
 	if fieldIndex <= 3 && 3 < fieldIndex+len(fieldValues) {
-		selector["v3"] = fieldValues[3-fieldIndex]
+		if len(fieldValues[0-fieldIndex]) !=0 {
+			selector["v3"] = fieldValues[3-fieldIndex]
+		}
 	}
 	if fieldIndex <= 4 && 4 < fieldIndex+len(fieldValues) {
-		selector["v4"] = fieldValues[4-fieldIndex]
+		if len(fieldValues[0-fieldIndex]) !=0 {
+			selector["v4"] = fieldValues[4-fieldIndex]
+		}
 	}
 	if fieldIndex <= 5 && 5 < fieldIndex+len(fieldValues) {
-		selector["v5"] = fieldValues[5-fieldIndex]
+		if len(fieldValues[0-fieldIndex]) !=0 {
+			selector["v5"] = fieldValues[5-fieldIndex]
+		}
 	}
 
 	_, err := a.collection.RemoveAll(selector)

From df39428e1c196ec3960179de22294a38cc002b8d Mon Sep 17 00:00:00 2001
From: Hellobigxu <guoxing0614@hotmail.com>
Date: Fri, 20 Apr 2018 12:21:54 +0800
Subject: [PATCH 2/5] Update adapter.go

---
 adapter.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/adapter.go b/adapter.go
index c1c8ef1..fc97d4f 100644
--- a/adapter.go
+++ b/adapter.go
@@ -276,27 +276,27 @@ func (a *adapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int,
 		}
 	}
 	if fieldIndex <= 1 && 1 < fieldIndex+len(fieldValues) {
-		if len(fieldValues[0-fieldIndex]) !=0 {
+		if len(fieldValues[1-fieldIndex]) !=0 {
 			selector["v1"] = fieldValues[1-fieldIndex]
 		}
 	}
 	if fieldIndex <= 2 && 2 < fieldIndex+len(fieldValues) {
-		if len(fieldValues[0-fieldIndex]) !=0 {
+		if len(fieldValues[2-fieldIndex]) !=0 {
 			selector["v2"] = fieldValues[2-fieldIndex]
 		}
 	}
 	if fieldIndex <= 3 && 3 < fieldIndex+len(fieldValues) {
-		if len(fieldValues[0-fieldIndex]) !=0 {
+		if len(fieldValues[3-fieldIndex]) !=0 {
 			selector["v3"] = fieldValues[3-fieldIndex]
 		}
 	}
 	if fieldIndex <= 4 && 4 < fieldIndex+len(fieldValues) {
-		if len(fieldValues[0-fieldIndex]) !=0 {
+		if len(fieldValues[4-fieldIndex]) !=0 {
 			selector["v4"] = fieldValues[4-fieldIndex]
 		}
 	}
 	if fieldIndex <= 5 && 5 < fieldIndex+len(fieldValues) {
-		if len(fieldValues[0-fieldIndex]) !=0 {
+		if len(fieldValues[5-fieldIndex]) !=0 {
 			selector["v5"] = fieldValues[5-fieldIndex]
 		}
 	}

From 45c784b06bbae981403d1605f79e5abe2d05bf3f Mon Sep 17 00:00:00 2001
From: "guoxing.xu" <guoxing.xu@hobot.cc>
Date: Sat, 21 Apr 2018 14:13:21 +0800
Subject: [PATCH 3/5] Fixed a bug. When do RemoveFilteredPolicy(0,sub,,act)
 doesn't affect the policy in the storage

---
 adapter.go      | 12 ++++++------
 adapter_test.go | 15 +++++++++++++++
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/adapter.go b/adapter.go
index fc97d4f..4f0f0e3 100644
--- a/adapter.go
+++ b/adapter.go
@@ -271,32 +271,32 @@ func (a *adapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int,
 	selector["ptype"] = ptype
 
 	if fieldIndex <= 0 && 0 < fieldIndex+len(fieldValues) {
-		if len(fieldValues[0-fieldIndex]) !=0 {
+		if fieldValues[0-fieldIndex] != "" {
 			selector["v0"] = fieldValues[0-fieldIndex]
 		}
 	}
 	if fieldIndex <= 1 && 1 < fieldIndex+len(fieldValues) {
-		if len(fieldValues[1-fieldIndex]) !=0 {
+		if fieldValues[1-fieldIndex] != "" {
 			selector["v1"] = fieldValues[1-fieldIndex]
 		}
 	}
 	if fieldIndex <= 2 && 2 < fieldIndex+len(fieldValues) {
-		if len(fieldValues[2-fieldIndex]) !=0 {
+		if fieldValues[2-fieldIndex] != "" {
 			selector["v2"] = fieldValues[2-fieldIndex]
 		}
 	}
 	if fieldIndex <= 3 && 3 < fieldIndex+len(fieldValues) {
-		if len(fieldValues[3-fieldIndex]) !=0 {
+		if fieldValues[3-fieldIndex] != "" {
 			selector["v3"] = fieldValues[3-fieldIndex]
 		}
 	}
 	if fieldIndex <= 4 && 4 < fieldIndex+len(fieldValues) {
-		if len(fieldValues[4-fieldIndex]) !=0 {
+		if fieldValues[4-fieldIndex] != "" {
 			selector["v4"] = fieldValues[4-fieldIndex]
 		}
 	}
 	if fieldIndex <= 5 && 5 < fieldIndex+len(fieldValues) {
-		if len(fieldValues[5-fieldIndex]) !=0 {
+		if fieldValues[5-fieldIndex] != "" {
 			selector["v5"] = fieldValues[5-fieldIndex]
 		}
 	}
diff --git a/adapter_test.go b/adapter_test.go
index 76f6fff..95ed333 100644
--- a/adapter_test.go
+++ b/adapter_test.go
@@ -136,6 +136,21 @@ func TestAdapter(t *testing.T) {
 		t.Errorf("Expected LoadPolicy() to be successful; got %v", err)
 	}
 	testGetPolicy(t, e, [][]string{})
+
+	e.AddPolicy("alice", "data3", "read")
+	// Reload the policy from the storage to see the effect.
+	if err := e.LoadPolicy(); err != nil {
+		t.Errorf("Expected LoadPolicy() to be successful; got %v", err)
+	}
+	// The policy has a new rule: {"alice", "data1", "write"}.
+	testGetPolicy(t, e, [][]string{{"alice", "data3", "read"}})
+	// test RemoveFiltered Policy with "" fileds
+	e.RemoveFilteredPolicy(0, "alice", "", "read")
+	testGetPolicy(t, e, [][]string{})
+	if err := e.LoadPolicy(); err != nil {
+		t.Errorf("Expected LoadPolicy() to be successful; got %v", err)
+	}
+	testGetPolicy(t, e, [][]string{})
 }
 
 func TestFilteredAdapter(t *testing.T) {

From eb280bf066d489692a46ef7352fd67f0d898e552 Mon Sep 17 00:00:00 2001
From: "guoxing.xu" <guoxing.xu@hobot.cc>
Date: Sat, 21 Apr 2018 16:06:31 +0800
Subject: [PATCH 4/5] Fixed a bug. When do RemoveFilteredPolicy(0,sub,,act)
 doesn't affect the policy in the storage

---
 adapter_test.go                   | 20 ++++++++++++++++----
 examples/rbac_tenant_service.conf | 15 +++++++++++++++
 2 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 examples/rbac_tenant_service.conf

diff --git a/adapter_test.go b/adapter_test.go
index 95ed333..1facced 100644
--- a/adapter_test.go
+++ b/adapter_test.go
@@ -136,17 +136,29 @@ func TestAdapter(t *testing.T) {
 		t.Errorf("Expected LoadPolicy() to be successful; got %v", err)
 	}
 	testGetPolicy(t, e, [][]string{})
+}
+func TestDeleteFilteredAdapter(t *testing.T) {
+	a := NewAdapter(getDbURL())
+	e := casbin.NewEnforcer("examples/rbac_tenant_service.conf", a)
+
+	e.AddPolicy("domain1", "alice", "data3", "read", "accept", "service1")
+	e.AddPolicy("domain1", "alice", "data3", "write", "accept", "service2")
 
-	e.AddPolicy("alice", "data3", "read")
 	// Reload the policy from the storage to see the effect.
 	if err := e.LoadPolicy(); err != nil {
 		t.Errorf("Expected LoadPolicy() to be successful; got %v", err)
 	}
 	// The policy has a new rule: {"alice", "data1", "write"}.
-	testGetPolicy(t, e, [][]string{{"alice", "data3", "read"}})
+	testGetPolicy(t, e, [][]string{{"domain1", "alice", "data3", "read", "accept", "service1"},
+		{"domain1", "alice", "data3", "write", "accept", "service2"}})
 	// test RemoveFiltered Policy with "" fileds
-	e.RemoveFilteredPolicy(0, "alice", "", "read")
-	testGetPolicy(t, e, [][]string{})
+	e.RemoveFilteredPolicy(0, "domain1", "", "", "read")
+	if err := e.LoadPolicy(); err != nil {
+		t.Errorf("Expected LoadPolicy() to be successful; got %v", err)
+	}
+	testGetPolicy(t, e, [][]string{{"domain1", "alice", "data3", "write", "accept", "service2"}})
+
+	e.RemoveFilteredPolicy(0, "domain1", "", "", "", "", "service2")
 	if err := e.LoadPolicy(); err != nil {
 		t.Errorf("Expected LoadPolicy() to be successful; got %v", err)
 	}
diff --git a/examples/rbac_tenant_service.conf b/examples/rbac_tenant_service.conf
new file mode 100644
index 0000000..53360a3
--- /dev/null
+++ b/examples/rbac_tenant_service.conf
@@ -0,0 +1,15 @@
+[request_definition]
+r = tenant, sub, obj, act, service
+
+[policy_definition]
+p =tenant, sub, obj, act, service, eft
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = priority(p.eft) || deny
+
+[matchers]
+m = r.tenant == p.tenant && g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && (r.act == p.act || p.act == "*") && (r.service == p.service || p.service == "*")
+

From 196d37d476f226124d70e23a676b299e58e739c0 Mon Sep 17 00:00:00 2001
From: "guoxing.xu" <guoxing.xu@hobot.cc>
Date: Sat, 21 Apr 2018 16:06:31 +0800
Subject: [PATCH 5/5] Fixed a bug. When do RemoveFilteredPolicy(0,sub,,act)
 doesn't affect the policy in the storage

---
 adapter_test.go                   | 20 ++++++++++++++++----
 examples/rbac_tenant_service.conf | 15 +++++++++++++++
 2 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 examples/rbac_tenant_service.conf

diff --git a/adapter_test.go b/adapter_test.go
index 95ed333..1facced 100644
--- a/adapter_test.go
+++ b/adapter_test.go
@@ -136,17 +136,29 @@ func TestAdapter(t *testing.T) {
 		t.Errorf("Expected LoadPolicy() to be successful; got %v", err)
 	}
 	testGetPolicy(t, e, [][]string{})
+}
+func TestDeleteFilteredAdapter(t *testing.T) {
+	a := NewAdapter(getDbURL())
+	e := casbin.NewEnforcer("examples/rbac_tenant_service.conf", a)
+
+	e.AddPolicy("domain1", "alice", "data3", "read", "accept", "service1")
+	e.AddPolicy("domain1", "alice", "data3", "write", "accept", "service2")
 
-	e.AddPolicy("alice", "data3", "read")
 	// Reload the policy from the storage to see the effect.
 	if err := e.LoadPolicy(); err != nil {
 		t.Errorf("Expected LoadPolicy() to be successful; got %v", err)
 	}
 	// The policy has a new rule: {"alice", "data1", "write"}.
-	testGetPolicy(t, e, [][]string{{"alice", "data3", "read"}})
+	testGetPolicy(t, e, [][]string{{"domain1", "alice", "data3", "read", "accept", "service1"},
+		{"domain1", "alice", "data3", "write", "accept", "service2"}})
 	// test RemoveFiltered Policy with "" fileds
-	e.RemoveFilteredPolicy(0, "alice", "", "read")
-	testGetPolicy(t, e, [][]string{})
+	e.RemoveFilteredPolicy(0, "domain1", "", "", "read")
+	if err := e.LoadPolicy(); err != nil {
+		t.Errorf("Expected LoadPolicy() to be successful; got %v", err)
+	}
+	testGetPolicy(t, e, [][]string{{"domain1", "alice", "data3", "write", "accept", "service2"}})
+
+	e.RemoveFilteredPolicy(0, "domain1", "", "", "", "", "service2")
 	if err := e.LoadPolicy(); err != nil {
 		t.Errorf("Expected LoadPolicy() to be successful; got %v", err)
 	}
diff --git a/examples/rbac_tenant_service.conf b/examples/rbac_tenant_service.conf
new file mode 100644
index 0000000..53360a3
--- /dev/null
+++ b/examples/rbac_tenant_service.conf
@@ -0,0 +1,15 @@
+[request_definition]
+r = tenant, sub, obj, act, service
+
+[policy_definition]
+p =tenant, sub, obj, act, service, eft
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = priority(p.eft) || deny
+
+[matchers]
+m = r.tenant == p.tenant && g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && (r.act == p.act || p.act == "*") && (r.service == p.service || p.service == "*")
+