core_enforcer.set_role_manager() overriden on loading policy
jeff-bonevich opened this issue · comments
I have the following example code:
enforcer = casbin.Enforcer("config/rbac_model.conf")
role_manager = MyRoleManager()
adapter = casbin.FileAdapter("config/rbac_policy.csv")
enforcer.set_role_manager(role_manager)
print('after role manager set', enforcer.get_role_manager())
enforcer.set_adapter(adapter)
print('after adapter set', enforcer.get_role_manager())
enforcer.load_policy()
print('after policy loaded', enforcer.get_role_manager())which outputs the following when run:
after role manager set <__main__.MyRoleManager object at 0x103106070>
after adapter set <__main__.MyRoleManager object at 0x103106070>
after policy loaded <casbin.rbac.default_role_manager.role_manager.RoleManager object at 0x103106100>
It looks to me as though load_policy() calls self.init_rm_map() which forces the role manager back to either a default RoleManager or DomainManager.
How can I override the default RoleManager to load roles from my own source?
@ffyuanda @Zxilly @techoner @elfisworking
Maybe something like the following?
def init_rm_map(self):
if "g" in self.model.keys():
for ptype in self.model["g"]:
assertion = self.model["g"][ptype]
if ptype not in self.rm_map.keys():
if assertion.value.count("_") == 2:
self.rm_map[ptype] = default_role_manager.RoleManager(10)
else:
self.rm_map[ptype] = default_role_manager.DomainManager(10)
@jeff-bonevich can you check how Golang implements this? https://github.com/casbin/casbin
Go version doesn't call initRmMap in loadPolicy.
https://github.com/casbin/casbin/blob/b993a944ff99882cb4b13f4b53c143cbe2d8cded/enforcer.go#L282-L296
It is reasonable because loadPolicy just change the policy but doesn't change the model. So there is no need to reinitialize the role manager again.
We can simply remove this line. I have tried and all test cases can still be passed.
pycasbin/casbin/core_enforcer.py
Line 210 in 725715f