Problem with multiple policies of different length
AxelRHD opened this issue · comments
I have a problem with policies of different field count.
This is my configuration:
[request_definition]
r = sub, url, meth
r1 = sub, page, act
[policy_definition]
p = sub, url, meth, eft
p1 = sub, page, act
[role_definition]
g = _, _
[policy_effect]
e = !some(where (p.eft == deny))
e1 = some(where (p1.eft == allow))
[matchers]
m = g(r.sub, p.sub) && keyMatch(r.url, p.url) && regexMatch(r.meth, p.meth) || r.sub == "admin"
m1 = g(r1.sub, p1.sub) && keyMatch(r1.page, p1.page) && keyMatch(r1.act, p1.act) || r1.sub == "admin"
p has 4 fields, p1 only 3.
Using only one policy works perfectly fine:
ptype | v0 | v1 | v2 | v3 | v4 | v5 |
---|---|---|---|---|---|---|
g | usr | grp | ||||
p | grp | /endpoint | GET | allow |
But adding one line with the type p1 ...
ptype | v0 | v1 | v2 | v3 | v4 | v5 |
---|---|---|---|---|---|---|
g | usr | grp | ||||
p | grp | /endpoint | GET | allow | ||
p1 | grp | data | read |
... leads to following error:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x569800]
This is the code:
package main
import (
"log"
"github.com/casbin/casbin/v2"
mongodbadapter "github.com/casbin/mongodb-adapter/v3"
mongooptions "go.mongodb.org/mongo-driver/mongo/options"
)
func casbinApp() {
var err error
opts := mongooptions.Client().ApplyURI(mongoConnString)
a, err := mongodbadapter.NewAdapterWithCollectionName(opts, "casbin", "testing")
if err != nil {
log.Fatalln(err)
}
e, err := casbin.NewEnforcer("./acl_rest.conf", a)
if err != nil {
log.Fatalln("CONF ERROR:\n", err)
}
err = e.LoadPolicy()
if err != nil {
log.Fatalln("POLICY ERROR:\n", err)
}
}
Is it not possible to have different lengths of policies? Maybe I got the concept of Casbin wrong, but in this case it would be useless. Or is there a mistake somewhere in my project?
Thank you in advance.
Oh... I noticed, that p1 is no valid syntax and is has to start with p2.
Each line in a policy is called a policy rule. Each policy rule starts with a policy type, e.g., p, p2. It is used to match the policy definition if there are multiple definitions. The above policy shows the following binding. The binding can be used in the matcher.
I didn't know, that this is specification not only convention.