node-casbin icon indicating copy to clipboard operation
node-casbin copied to clipboard

Published 20 hours ago verified publisher icon casbin

How to add implicit role for user

Open shridhar-purandare opened this issue 2 years ago • 6 comments

Hi,

We have below policy for RBAC

g, monoSamples_p3, monoSamples_p1 g, monoSamples_p3, monoSamples_p2 p, monoSamples_p1, monoSamples, p1 p, monoSamples_p2, monoSamples, p2

We use below model: [request_definition] r = sub, obj, act

[policy_definition] p = sub, obj, act

[role_definition] g = _, _

[policy_effect] e = some(where (p.eft == allow))

[matchers] m = g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)

How can I add user Alice to role monoSamples_p3 which is implicit role ?

I have tried e.addRoleForuser, rolemanager.AddLink etc, which does not work. Please let me know the API

End result I want to achieve is to have below line added to my policy g, Alice, monoSamples_p3

shridhar-purandare avatar Aug 01 '22 22:08 shridhar-purandare

@nodece @Zxilly @Shivansh-yadav13

casbin-bot avatar Aug 01 '22 22:08 casbin-bot

@shridhar-purandare, I have checked, await e.addRoleForUser('alice', 'monoSamples_p3'); and rm.addLink('alice', 'monoSamples_p3'); both are working and adding the role. Can you give code how you tried? Maybe a problem is there?

Shivansh-yadav13 avatar Aug 02 '22 00:08 Shivansh-yadav13

@Shivansh-yadav13 : I am calling this as well. await e.addRoleForUser('alice', 'monoSamples_p3'); But it does not work. Because monoSamples_p3 this is kind of user as well because it has g, line. and not p line. It's an inherited role.

Can you please confirm where you used model and policy described above ?

shridhar-purandare avatar Aug 02 '22 15:08 shridhar-purandare

@shridhar-purandare I have tested locally with the policies and the model you have given. And it should not be a problem even if monoSamples_p3 is a user.

code

import { newEnforcer } from "casbin";

const e = await newEnforcer('./model.conf', './policy.csv');

await e.addRoleForUser('alice', 'monoSamples_p3');
console.log(await e.getImplicitRolesForUser('alice'));

output

[ 'monoSamples_p3', 'monoSamples_p1', 'monoSamples_p2' ]

Shivansh-yadav13 avatar Aug 02 '22 15:08 Shivansh-yadav13

@Shivansh-yadav13 : can you please paste your generated policy ?

shridhar-purandare avatar Aug 02 '22 17:08 shridhar-purandare

@shridhar-purandare the update in the policy is only in the instance of the enforcer and it does not reflects in the policy.csv file, this features has been disabled (in-case you are expecting that).

This is what the policy looks in the enforcer after adding the role.

[ 'monoSamples_p3', 'monoSamples_p1', 'monoSamples_p2' ] // g
[
  [ 'monoSamples_p1', 'monoSamples', 'p1' ],
  [ 'monoSamples_p2', 'monoSamples', 'p2' ]
]

Shivansh-yadav13 avatar Aug 03 '22 04:08 Shivansh-yadav13

Closed as stale

hsluoyz avatar Jan 31 '23 14:01 hsluoyz