Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using wildcards for domain #255

Closed
EladProject opened this issue Apr 20, 2021 · 8 comments
Closed

Using wildcards for domain #255

EladProject opened this issue Apr 20, 2021 · 8 comments
Assignees
@hsluoyz
Labels
bug Something isn't working

Comments

@EladProject
Copy link

EladProject commented Apr 20, 2021
edited
Loading

Hi,

I have a situation where certain roles (meant for grouping a specific kind of resources) are domain-independent.
So I need to mix domain roles with non-domain roles.

I'd like to use a wildcard in the domain like so:

p, operation_role_GET_BOOKS, *, url, get_bookss_url2, (^GET$)|(^POST$)
g, USER_ID_2, role_*_admin, TENANT_ID_2
g, role_*_admin, operation_role_GET_BOOKS, *

and have the matcher allow the policies of operation_role_GET_BOOKS for USER_ID_2

But I can't get it to work.
If I use:

g, role_*_admin, operation_role_GET_BOOKS, TENANT_ID_2

it's working. But It's not what I need.

(P.S., I know I could have used resource groups, but that made my matcher more complex and another issue)
@hsluoyz hsluoyz self-assigned this Apr 20, 2021
@hsluoyz
Copy link
Member

hsluoyz commented Apr 20, 2021

@EladProject can you check if it has the same result on https://casbin.org/en/editor ? It is based on Node-Casbin.

Also post your model, policy, requests and expected result here.

@hsluoyz hsluoyz added the question Further information is requested label Apr 20, 2021
@EladProject
Copy link
Author

EladProject commented Apr 20, 2021
edited by hsluoyz
Loading

Yes, I tried it in the editor.

Model:

[request_definition]
r = sub, tenantId, resourceType, obj, act

[policy_definition]
p = sub, tenantId, resourceType, obj, act

[role_definition]
g = _, _ , _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub, r.tenantId) && \
    (r.tenantId == p.tenantId || p.tenantId == "*") && \
    r.resourceType==p.resourceType && \
    ( \
    	((r.obj == p.obj || p.obj == "*") && r.act == p.act) || \
        (p.resourceType == "url" && \
        	((keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)) )) \
    )

Policy:

p, operation_role_GET_BOOKS, TENANT_ID_1, url, get_books_url1, (^GET$)|(^POST$)
p, operation_role_GET_BOOKS, *, url, get_books_url2, (^GET$)|(^POST$)

g, USER_ID_1, role_*_admin, TENANT_ID_1
g, USER_ID_2, role_*_admin, TENANT_ID_2

g, role_*_admin, operation_role_GET_BOOKS, *

This my request:

USER_ID_2, TENANT_ID_2, url, get_books_url2, POST

@hsluoyz
Copy link
Member

hsluoyz commented Apr 20, 2021

@Zxilly

@Zxilly
Copy link
Contributor

Zxilly commented Apr 20, 2021

working on this

@Zxilly
Copy link
Contributor

Zxilly commented May 14, 2021
edited
Loading

@EladProject Have you noticed that RoleManager has a API called addDomainMatchingFunc?
If this fn is set, it will be called when the domain be checked.

node-casbin/src/rbac/defaultRoleManager.ts

Lines 172 to 180 in a50ad82

/**
* addDomainMatchingFunc support use domain pattern in g
* @param fn domain matching function
* ```
*/
public async addDomainMatchingFunc(fn: MatchingFunc): Promise<void> {
this.hasDomainPattern = true;
this.domainMatchingFunc = fn;
}

@EladProject
Copy link
Author

@Zxilly ,
Thanks, that does work.
I noticed that in the casbin online editor (RBAC with all pattern) it only works after setting this function. Is this the intended behavior?

@Zxilly
Copy link
Contributor

Zxilly commented Jun 2, 2021

@EladProject RBAC with all pattern will load all pattern for matchingFunc, but not domainMatchingFunc. I will later add an option.

@Zxilly
Copy link
Contributor

Zxilly commented Jul 14, 2021

resolved by casbin/casbin-editor#43

@Zxilly Zxilly closed this as completed Jul 14, 2021
@hsluoyz hsluoyz removed this from Node-Casbin Easy Tasks in Casbin Easy Tasks for Beginners/Student Applicants Jul 27, 2021
@hsluoyz hsluoyz added bug Something isn't working and removed question Further information is requested labels Jul 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hsluoyz hsluoyz

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hsluoyz @EladProject @Zxilly