Comments (11)
hsluoyz
commented on June 9, 2024
@M1serry
/cc @leeqvip
from php-casbin.
leeqvip
commented on June 9, 2024
Follow the code below:
<?php
require_once './vendor/autoload.php';
use Casbin\Enforcer;
$e = new Enforcer('./model.conf', './policy.csv', false);
var_dump($e->getPolicy());
var_dump($e->getGroupingPolicy());
var_dump($e->enforce('1', '2', 'read')); // false
var_dump($e->enforce('1', '4', 'read')); // trueoutput:
array(2) {
[0]=>
array(3) {
[0]=>
string(1) "4"
[1]=>
string(1) "2"
[2]=>
string(4) "read"
}
[1]=>
array(3) {
[0]=>
string(1) "2"
[1]=>
string(1) "4"
[2]=>
string(4) "read"
}
}
array(1) {
[0]=>
array(2) {
[0]=>
string(1) "1"
[1]=>
string(1) "2"
}
}
bool(false)
bool(true)
@heqichang This result is as expected, can it help you ?
from php-casbin.
heqichang
commented on June 9, 2024
@leeqvip Please insert one more group policy {2, 4} , then test again. You will got {true, true}.
dump(Enforcer::getPolicy());
dump(Enforcer::getGroupingPolicy());
dump(Enforcer::enforce('1', '2', 'read')); // true
dump(Enforcer::enforce('1', '4', 'read')); // true^ array:2 [
0 => array:3 [
0 => "4"
1 => "2"
2 => "read"
]
1 => array:3 [
0 => "2"
1 => "4"
2 => "read"
]
]
^ array:2 [
0 => array:2 [
0 => "1"
1 => "2"
]
1 => array:2 [
0 => "2"
1 => "4"
]
]
true
true
Enforcer::enforce('1', '2', 'read') should be false.
from php-casbin.
leeqvip
commented on June 9, 2024
@heqichang In my example, there is indeed a g2, 2, 4 in the policies, getGroupingPolicy() will only print g policy, not g2.
Does your policies have a g, 2, 4 instead of g2, 2, 4 ?
from php-casbin.
heqichang
commented on June 9, 2024
@heqichang In my example, there is indeed a
g2, 2, 4in the policies,getGroupingPolicy()will only printgpolicy, notg2.Does your policies have a
g, 2, 4instead ofg2, 2, 4?
Yes,it's 'g,2,4'.
I missunderstood g2 is the second group in online editor. The online test is true, but it's let me confused. User (id = 1) in group1 (id = 2), but group1 (id = 2) does not have expect 'p, 2, 2, read' policy. Why the request '1, 2, read' result is true after insert 'g,2,4'? Is anything wrong my conf file?
from php-casbin.
leeqvip
commented on June 9, 2024
p, 4,2, read
p, 2,4, read
g, 1, 2
g, 2,4
@heqichang userid1 inherits groupid2, groupid2 inherits groupid4, and will hit p, 4, 2, read in the policies.
from php-casbin.
heqichang
commented on June 9, 2024
@leeqvip I got it. Can I stop the hierarchy function by code? In our business, a group never be a member of another group.
from php-casbin.
hsluoyz
commented on June 9, 2024
@heqichang see maxHierarchyLevel: https://casbin.io/docs/rbac#role-hierarchy
from php-casbin.
heqichang
commented on June 9, 2024
@leeqvip I tried below code, but still got true.
Enforcer::setRoleManager(new RoleManager(1));
Enforcer::loadPolicy();
dump(Enforcer::getRoleManager());
dump(Enforcer::getPolicy());
dump(Enforcer::getGroupingPolicy());
dump(Enforcer::enforce('1', '2', 'read'));
dump(Enforcer::enforce('1', '4', 'read')); Output
^ Casbin\Rbac\DefaultRoleManager\RoleManager {#407
#allDomains: array:1 [
"casbin::default" => Casbin\Rbac\DefaultRoleManager\Roles {#410
-roles: array:3 [
1 => Casbin\Rbac\DefaultRoleManager\Role {#454
+name: "1"
-roles: array:1 [
0 => Casbin\Rbac\DefaultRoleManager\Role {[#801](https://github.com/php-casbin/php-casbin/issues/138#sf-dump-447866650-ref2801)
+name: "2"
-roles: array:1 [
0 => Casbin\Rbac\DefaultRoleManager\Role {[#796](https://github.com/php-casbin/php-casbin/issues/138#sf-dump-447866650-ref2796)
+name: "4"
-roles: []
}
]
}
]
}
2 => Casbin\Rbac\DefaultRoleManager\Role {[#801](https://github.com/php-casbin/php-casbin/issues/138#sf-dump-447866650-ref2801)}
4 => Casbin\Rbac\DefaultRoleManager\Role {[#796](https://github.com/php-casbin/php-casbin/issues/138#sf-dump-447866650-ref2796)}
]
}
]
#maxHierarchyLevel: 1
#hasPattern: false
#matchingFunc: null
#hasDomainPattern: false
#domainMatchingFunc: null
}
^ array:2 [
0 => array:3 [
0 => "4"
1 => "2"
2 => "read"
]
1 => array:3 [
0 => "2"
1 => "4"
2 => "read"
]
]
^ array:2 [
0 => array:2 [
0 => "1"
1 => "2"
]
1 => array:2 [
0 => "2"
1 => "4"
]
]
true
true
Anything wrong my step?
from php-casbin.
leeqvip
commented on June 9, 2024
@heqichang The hierarchy level start from 0,and then rebuild role links.
Enforcer::setRoleManager(new RoleManager(0));
Enforcer::buildRoleLinks();from php-casbin.
heqichang
commented on June 9, 2024
@leeqvip it works! Thanks a lot!
from php-casbin.
Related Issues (20)
- support Priority Explicitly or subjectPriority HOT 1
- Database Adapter class not updated with new updateFilteredPolicies HOT 3
- The result after packaging is not as expected HOT 3
- Issue in ManagementEnforcer : getAllSubject/Object... has field indexes hard coded HOT 3
- array_combine(): Both parameters should have an equal number of elements HOT 13
- Enforcement results of the Casbin Editor and the enforce() PHP implementation differ HOT 4
- DeleteUser() removes roles but leaves permissions HOT 4
- [Feature] Add cache for g function HOT 3
- Could change addPermissionsForUser function declaration HOT 3
- May be should cast $name1 and $name2 to string before call hasLink function in generateGFunction. HOT 1
- Cannot use multiple policy rule HOT 2
- globMatch raises error HOT 1
- PHP Depreciated for php v8.2.0 : $this->enabled HOT 1
- composer is fetching v0.1.1 HOT 9
- Regression after RoleManager rewrite HOT 1
- RBAC with domain and domain pattern returns invalid results HOT 4
- ErrorException when some user belong no role in subjectPriority mode HOT 1
- Multiple request, policy, effect, matcher type support HOT 2
- Implement keyGet() and keyGet2() built-in method HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from php-casbin.