- Notifications
You must be signed in to change notification settings - Fork1.7k
Open
Assignees
Labels
Description
Want to prioritize this issue? Try:
What's your scenario? What do you want to achieve?
I have a RBAC - tenant based + some ABAC attributes thus i am trying to get all domain list but instead it fetch user roles so i tried setting the fields index's but it results in this error
// github.com/casbin/casbin/v2@v2.100.0/internal_api.gofunc (e*Enforcer)SetFieldIndex(ptypestring,fieldstring,indexint) {assertion:=e.model["p"][ptype]assertion.FieldIndexMap[field]=index// this is the line where error is generate}
Your model:
[request_definition]r = sub, dom, obj, act, resource_attr[policy_definition]p = sub, dom, obj, act, resource_attr, eft[role_definition]g = _, _, _# sub, role, dom[policy_effect]e = some(where (p.eft == allow)) && !some(where (p.eft == deny))[matchers]m = (g(r.sub, p.sub, r.dom) || g(r.sub, p.sub,"all")) && \ (r.dom == p.dom ||p.dom =="*") && \ (r.obj == p.obj ||p.obj =="*") && \ (r.act == p.act ||p.act =="*") && \ (r.resource_attr == p.resource_attr ||p.resource_attr =="*")
Your policy:
p, super_admin, *, *, *, *p, admin, *, users, delete, role:member, allow p, admin, *, users, delete, role:owner, denyp, admin, *, users, delete, role:super_admin, denyp, admin, *, users, delete, role:admin, denyp, member, *, users, delete, *, denyp, owner, domain_a, *, *, *p, admin, domain_a, *, *, *p, admin, domain_b, *, *, *g, user_A, super_admin, allg, user_B, owner, domain_ag, user_C, admin, domain_ag, user_D, member, domain_ag, user_E, member, domain_ap, user_D, domain_a, customer, *, *p, user_E, domain_a, leads, *, *g, user_E, admin, domain_bg, user_F, member, domain_bg, user_C, member, domain_bp, user_C, domain_b, workspacusers, *, createYour request(s):
# true, false, trueuser_E, domain_a, leads, create, * user_E, domain_a, customers, create, * user_E, domain_b, users, create, * # false, false, trueuser_D, domain_b, users, delete, * user_D, domain_a, leads, delete, * user_D, domain_a, customer, delete, *# false, true, true, falseuser_C, domain_a, users, delete, role:adminuser_C, domain_a, users, delete, role:admiuser_B, domain_a, users, delete, role:adminuser_D, domain_a, users, delete, *# super_admin all trueuser_A, domain_a, leads,*, createuser_A, domain_b, users,*, deleteand this is my code
varEnforcer*casbin.Enforcervarlogger=GetLogger("casbin")typeAuthorization_rulesstruct {IDuint`gorm:"primaryKey;autoIncrement"`Ptypestring`gorm:"size:512;uniqueIndex:unique_index"`V0string`gorm:"size:512;uniqueIndex:unique_index"`V1string`gorm:"size:512;uniqueIndex:unique_index"`V2string`gorm:"size:512;uniqueIndex:unique_index"`V3string`gorm:"size:512;uniqueIndex:unique_index"`V4string`gorm:"size:512;uniqueIndex:unique_index"`V5string`gorm:"size:512;uniqueIndex:unique_index"`V6string`gorm:"size:512;uniqueIndex:unique_index"`}funcInitCasbinEnforcer(db*gorm.DB) {gormadapter.TurnOffAutoMigrate(db)a,err:=gormadapter.NewAdapterByDBWithCustomTable(db,&Authorization_rules{},"authorization_rules")iferr!=nil {logger.Fatal().Err(err).Msg("Failed to initialize casbin")}m,err:=model.NewModelFromString(constants.CasbinModel)iferr!=nil {logger.Fatal().Err(err).Msg("Failed to initialize casbin")}Enforcer,err=casbin.NewEnforcer(m,a)iferr!=nil {logger.Fatal().Err(err).Msg("Failed to initialize casbin")}iferr=Enforcer.LoadPolicy();err!=nil {fmt.Errorf("failed to load policy: %w",err)}//Enforcer.AddNamedDomainMatchingFunc("g", "", util.KeyMatch)//Enforcer.SetFieldIndex("p", constant.DomainIndex, 1) // domain is second field//Enforcer.SetFieldIndex("g", constant.DomainIndex, 2) // domain is third field in role defEnforcer.EnableLog(true)}
Can find the problem why is it giving me this error am i missing something imp ??