[BUG] Table gets empty/cleared while using e.RemoveFilteredPolicy and e.RemoveFilteredGroupingPolicy

Question

[BUG] Table gets empty/cleared while using e.RemoveFilteredPolicy and e.RemoveFilteredGroupingPolicy

arafat-java opened this issue 3 years ago · comments

With gorm adapter when we use e.RemoveFilteredPolicy(0, identityId) and if the identityId is empty then the adapter drops the v0 clause completely from the delete query

So instead of
DELETE FROM "casbin_rule" WHERE ptype = 'p' and v0 = ''
it fires
DELETE FROM "casbin_rule" WHERE ptype = 'p'
And this accidentally causes all the p records to get deleted

Similary with e.RemoveFilteredGroupingPolicy(0, identityId) if the identityId is empty then the adapter drops the v0 clause completely from the delete query
So instead of
DELETE FROM "casbin_rule" WHERE ptype = 'g' and v0 = ''
it fires
DELETE FROM "casbin_rule" WHERE ptype = 'g'
And this accidentally causes all the g records to get deleted

This is very dangerous and luckily we encountered this in dev instead of production environment else it would have been a real disaster. Now although we have added validations to validate the identityId but this issue can cause a real mess in prodcution environments

Yang Luo · Answer 1 · Tue Aug 10 2021 09:17:37 GMT+0800 (China Standard Time)

@closetool @tangyang9464

github-actions · Answer 2 · Tue Sep 14 2021 21:42:38 GMT+0800 (China Standard Time)

🎉 This issue has been resolved in version 3.4.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀