Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enfocer.enforce() not giving expected result when loading policy subset #165

Open
lukemsmyth opened this issue Nov 18, 2024 · 0 comments
Open

Enfocer.enforce() not giving expected result when loading policy subset #165

lukemsmyth opened this issue Nov 18, 2024 · 0 comments

Comments

@lukemsmyth
Copy link

I am trying to use domains to load only a subset of policies per these instructions. I have copied the example model.conf and policy.csv from the online editor's "RBAC with domains/tenants" example. I have a main.py to test things.

model.conf

[request_definition]
r = sub, dom, obj, act

[policy_definition]
p = sub, dom, obj, act

[role_definition]
g = _, _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act

policy.csv

p, admin, domain1, data1, read
p, admin, domain1, data1, write
p, admin, domain2, data2, read
p, admin, domain2, data2, write

g, alice, admin, domain1
g, bob, admin, domain2

main.py

import casbin

if __name__ == "__main__":
    adapter = casbin.persist.adapters.filtered_file_adapter.FilteredFileAdapter(
        "f_policy.csv"
    )
    adapter.filter.P = ["", "domain1", "", ""]
    adapter.filter.G = ["", "", "domain1"]
    model = casbin.Enforcer.new_model("model.conf")
    filtered_enforcer = casbin.Enforcer(model, adapter)
    filtered_enforcer.load_filtered_policy(filtered_enforcer.adapter.filter)
    print(f"filtered_enforcer.get_policy(): {filtered_enforcer.get_policy()}") # prints lines 1 and 2 from `policy.csv` as a list - this is expected
    unfiltered_enforcer = casbin.Enforcer("model.conf", "policy.csv")
    print(f"unfiltered_enforcer.get_policy(): {unfiltered_enforcer.get_policy()}") # prints lines 1-4 of `policy.csv` as a list - this is expected

    request_vals = ["alice", "domain1", "data1", "read"]
    print(f"request to filtered_enforcer: {filtered_enforcer.enforce(*request_vals)} (expected True)") # prints False - this is unexpected
    print(f"request to unfiltered_enforcer: {unfiltered_enforcer.enforce(*request_vals)} (expected True)") # prints True - this is expected

Problem

As you can see from the comments above, I am not getting the expected result when calling enforce() on the filtered_enforcer. I am not sure where I have gone wrong. I would guess that I have not translated the given Go example to Python properly but I'm not sure. When I give the same request values in the online editor, I get True (expected). I would guess this is because the enforcer instance is not being filtered.

Please let me know if you can give me any insight.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lukemsmyth