node-casbin icon indicating copy to clipboard operation
node-casbin copied to clipboard

Published 20 hours ago verified publisher icon casbin

How to use globMatch when matching roles

Open jkalberer opened this issue 3 years ago • 2 comments

Hi, I might be misunderstanding how the matcher works with the g function with roles. I'm following this example except I'm using the globMatch - https://casbin.org/docs/en/rbac-with-pattern

I'm trying to use the online editor to test my rules and setup https://casbin.org/casbin-editor/#FCWSF9J7X

My config is:

[request_definition]
r = subject, domain, object, action

[policy_definition]
p = subject, domain, object, action

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.subject, p.subject) && globMatch(r.domain, p.domain) && globMatch(r.object, p.object) && globMatch(r.action, p.action)

Policy:

# Testing with wildcard as the subject
p, foo:*:bar, domain, resource, read

# testing with wildcard as the group
p, foo2:rule:bar, domain, resource2, read
g, foo2:*:bar, foo2:rule:bar

Checks:

foo:test:bar, domain, resource, read
foo2:test:bar, domain, resource2, read

Am I using this feature incorrectly? Any help is appreciated!

jkalberer avatar Aug 09 '22 23:08 jkalberer

@nodece @Zxilly @Shivansh-yadav13

casbin-bot avatar Aug 10 '22 01:08 casbin-bot

@Shivansh-yadav13

/cc @Zxilly @nodece

hsluoyz avatar Aug 10 '22 01:08 hsluoyz

Apologies -- I figured this out. I still had my matcher set to a custom matcher I was debugging with:

This is the pattern to use when you want to use a wildcard for g

# testing with wildcard as the group
p, foo2:rule:bar, domain, resource2, read
g, foo2:*:bar, foo2:rule:bar

And the test:

foo2:test:bar, domain, resource2, read

jkalberer avatar Aug 10 '22 16:08 jkalberer