-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LoadFilteredPolicy not filtered as expected #5
Comments
I think your expectation for the filter functionality is not accurate. You also misunderstand what the filter is doing. The filter is getting P policies that has "data1" as its second value, and G policies that has "alice" as its first value. Keep in mind that P policies and G policies are kept as separate rows. If you want this function to return a policy that is both a P policy and a G policy then it will just return nothing. Why do do you want to use |
2)Don't know how you came to that conclusion, I gave the query which adapter will produce, it is pretty clear to me how it works. I question the design if it is not a defect.
** To be honest at this point the only peace of library which I use is just enforce part, I had to write my own code to update/read etc policies etc... most APIs are just useless for real application.. no possibility save policy in a transaction with other updates.. even loading functionality is flawed, why I cannot just pass a pgx.Pool to the adapter and it should get connections from it ? instead it will create a new connection , which will miss runtime configuration - another defect.. |
You completely misunderstood what |
"You completely misunderstood what LoadFilteredPolicy does" --- Yeah I'm loading subset for user 'alice' as defined in your example, why then it is loading policies for Admin ?... or can you explain what is the practical use of this if you understand: |
So I thought you wanted to turn the OR query into an AND query? OR did I misunderstand? What is the exact query that you want the adapter to produce? |
Logically I would expect something like this http://sqlfiddle.com/#!17/cc6db0/2 (not exact query, but the output) |
This adapter was made mirroring this official adapter: https://github.com/casbin/casbin-pg-adapter Please read its code and tell me if it does something different. Not only are you wrong, you are very rude for someone who are using someone else's free work. Guess what? You are also free to make your own software. |
First of all, I wasn't rude to you and raising problems is also a contribution, don't take it personal. I think I pretty clearly described the issue and made extra step (provided working example) to make sure my point is clear. On opposite you did't pay attention to what I wrote and attacked me from the first message... that I "completely misunderstood".. I read official docs for casbin https://casbin.org/docs/en/policy-subset-loading, what I see there is this example: filter := &fileadapter.Filter{ In this example they use model with domains, practical use of this use case they basically brake down policies by domains, so they filter out policies and users from different domain. i.e. p, admin, domain1, data1, read It still not optimal, cos you will be loading all policies and users for the domain, but at least I can see logic here. In your example: So, could you please tell me what I missing or wrote incorrect, so I finally can understand ? p.s. I appreciate that you contributing to open source software, but don't take it personal when people raising problems. |
I contributed significantly to the official adapter https://github.com/casbin/casbin-pg-adapter. So maybe I do know a lot more than you about what a correct implementation looks like. Unqualified remarks such as "defect", or "strange implementation" are not welcome at all. You better have a water-tight case when you come to me with remarks like that. Since this is free work, the burden of reading and understanding the example and the code fall largely on the user. This adapter maintains the same interface proposed by the official documentation so I don't understand what else I need to explain. The casbin-pg-adapter has the same example, yet countless people are able to use it without any problem. My advice to you, think harder, read the documentation harder, then you will understand. And don't complain about documentation. This is free work. Want to have better documentation? Feel free to fork. You need to be more charitable with your thought process and how you evaluate other people's works. I really will not tolerate any more unqualified remarks. |
-...So maybe I do know a lot more than you about what a correct implementation looks like.
Well, good luck maintaining this. |
I'm not sure whether my expectations of this functionality are incorrect or it is a defect.
Expected: The following filter should return policies where one of the policy params is equal to "data1" AND that policy assigned to user "alice".
e.LoadFilteredPolicy(&pgxadapter.Filter{ P: [][]string{{"", "data1"}}, G: [][]string{{"alice"}}, })
Actual behavior: It will return all the policies where one of the policy params is equal to "data1" (doesn't matter whether it is assigned to "alice" or not).
SQL statement generated by this filter will look like:
SELECT "p_type", "v0", "v1", "v2", "v3", "v4", "v5" FROM <table_name_here> WHERE (p_type = $1 AND (v1 = $2 )) OR (p_type = $4 AND ((v0 = $5)))
Which basically will return all records which matches P filter OR G filter.
As result further call to enforcer.GetPolicy() will return policies which were not assigned to user.
The text was updated successfully, but these errors were encountered: