[BUG] Table gets empty/cleared while using e.RemoveFilteredPolicy and e.RemoveFilteredGroupingPolicy
arafat-java opened this issue ยท comments
With gorm adapter when we use e.RemoveFilteredPolicy(0, identityId)
and if the identityId is empty then the adapter drops the v0 clause completely from the delete query
So instead of
DELETE FROM "casbin_rule" WHERE ptype = 'p' and v0 = ''
it fires
DELETE FROM "casbin_rule" WHERE ptype = 'p'
And this accidentally causes all the p records to get deleted
Similary with e.RemoveFilteredGroupingPolicy(0, identityId)
if the identityId is empty then the adapter drops the v0 clause completely from the delete query
So instead of
DELETE FROM "casbin_rule" WHERE ptype = 'g' and v0 = ''
it fires
DELETE FROM "casbin_rule" WHERE ptype = 'g'
And this accidentally causes all the g records to get deleted
This is very dangerous and luckily we encountered this in dev instead of production environment else it would have been a real disaster. Now although we have added validations to validate the identityId but this issue can cause a real mess in prodcution environments
@closetool @tangyang9464
๐ This issue has been resolved in version 3.4.2 ๐
The release is available on GitHub release
Your semantic-release bot ๐ฆ๐