Understanding how to correctly update policies in a database

Question

Understanding how to correctly update policies in a database

andrerav opened this issue a year ago · comments

Hi,

I have inherited a legacy Go program that uses casbin and gorm-adapter to update a set of policies in a database. The program is basically sequenced as follows:

	rules = [][]string { ... } 
	roles = [][]string { ... } 
	users = [][]string { ... } 

	enforcer.GetAdapter().(*gormadapter.Adapter).Transaction(enforcer, func(e casbin.IEnforcer) error {
		var userGroups [][]string
		namedGroupingPolices := enforcer.GetNamedGroupingPolicy("g")

		for _, namedGroupingPolicy := range namedGroupingPolices {
			if strings.Contains(namedGroupingPolicy[0], "user:") {
				userGroups = append(userGroups, namedGroupingPolicy)
			}
		}

		gormDB.Exec("DELETE FROM casbin_rule")

		enforcer.LoadPolicy()
		enforcer.AddNamedPolicies("p", rules)
		enforcer.AddNamedGroupingPolicies("g", roles)
		enforcer.AddNamedGroupingPolicies("g", userGroups)
		enforcer.AddNamedGroupingPolicies("g", users)
		return nil
	})
	if err != nil {
		fmt.Printf("Transaction failed: %+v\n", err)
		return
	}

Now, the obvious problem I am trying to fix is that the line with the DELETE sql statement is being executed outside the transaction. However, I don't understand why the DELETE statement is there. All I know is that if I simply remove it, this program will not update the policies in the database.

What is the recommended practice to do what this program is supposed to do, given that you hopefully understand what this program is trying to achieve?

(Sorry for posting this as an issue, but you don't have a discussion section here)

casbin-bot · Answer 1 · Thu Apr 27 2023 07:45:02 GMT+0800 (China Standard Time)

@tangyang9464 @JalinWang @imp2002

Yang Luo · Answer 2 · Thu Apr 27 2023 07:55:33 GMT+0800 (China Standard Time)

@PokIsemaine

weloe · Answer 3 · Thu Apr 27 2023 08:40:46 GMT+0800 (China Standard Time)

about use transaction, you can use db := enforcer.GetAdapter().(*gormadapter.Adapter).GetDb() to exec sql like
casbin/casbin#1205 (comment)
about update policies, can use update api

// UpdatableAdapter is the interface for Casbin adapters with add update policy function.
type UpdatableAdapter interface {
	Adapter
	// UpdatePolicy updates a policy rule from storage.
	// This is part of the Auto-Save feature.
	UpdatePolicy(sec string, ptype string, oldRule, newRule []string) error
	// UpdatePolicies updates some policy rules to storage, like db, redis.
	UpdatePolicies(sec string, ptype string, oldRules, newRules [][]string) error
	// UpdateFilteredPolicies deletes old rules and adds new rules.
	UpdateFilteredPolicies(sec string, ptype string, newRules [][]string, fieldIndex int, fieldValues ...string) ([][]string, error)
}

Andreas Ravnestad · Answer 4 · Thu Apr 27 2023 16:43:16 GMT+0800 (China Standard Time)

Fantastic @weloe, thank you very much. On the short term, using GetDb() solved my problem. On the longer term, I will definitely try to rewrite this into using UpdatableAdapter instead.