why my casbin is always ture,even I used e.loadpolicy[Question]
liutheuniverse opened this issue · comments
liutheuniverse commented
Want to prioritize this issue? Try:
What's your scenario? What do you want to achieve?
Your answer here
Your model:
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act,eft
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
Your policy:
g,caixukun,admin_produce
p,admin_produce,data3,write,allow
g,caofengze,admin_purchase
p,admin_purchase,data3,write,allow
p,caixukun,data3,write,deny
Your request(s):
caixukun, data3, write ---> true (expected:false)
Your code:
@user.post("/user/api/request")
def request(user:casbin):
sub=user.username
obj=user.obj
act=user.act
e.load_policy()
if e.enforce(sub,obj,act)==True:
return {"allow":"allow to run the sector"}
else:
return {"error":"UNAUTHENTICATE"}
casbin-bot commented
@techoner @Nekotoxin