pycasbin: ABAC eval not working with empty dict
Model:
[request_definition]
r = sub, obj, type, act
[policy_definition]
p = rule, type, act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = eval(p.rule) && r.type == p.type && r.act == p.act
Policy:
p, r.sub.admin == True, user, delete
p, r.sub.identifier == r.obj.identifier, user, read
When attempting to eval the following:
abac_enforcer = casbin.Enforcer(
str(file_path(...)), str(file_path(...))
if abac_enforcer.enforce({"admin": False}, {}, "user", "delete"):
return True
Raises the following:
/simpleeval.py", line 481, in _eval_attribute
raise AttributeDoesNotExist(node.attr, self.expr)
simpleeval.AttributeDoesNotExist: ('identifier', '(r_sub.identifier == r_obj.identifier) and r_type == p_type and r_act == p_act')
I attempted this within the online editor and it works fine. Sorry if I’m missing something. New PyCasbin user here!
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 20 (13 by maintainers)
Commits related to this issue
- #178 examples Signed-off-by: ffyuanda <46557895+ffyuanda@users.noreply.github.com> — committed to ffyuanda/pycasbin by ffyuanda 3 years ago
@killswitch-GUI I don’t quite suggest change PyCasbin or simpleeval. You should instead follow the “object all the way down” logic when you use A(ttribute)BAC. And BTW
this is working simply because you set
It evaluates the first line in policy and turns out to be True and ignored the second line 😃
I’m checking the issue…