fix: matching_func works with multiply match (#172)

* fix: matching_func works with multipie match Closes #171 Signed-off-by: Zxilly <[email protected]> * chore: typo Closes #171 Signed-off-by: Zxilly <[email protected]>
casbin · Jun 30, 2021 · bbe45ad · bbe45ad
1 parent af5659b
commit bbe45ad
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 2 deletions.
diff --git a/casbin/rbac/default_role_manager/role_manager.py b/casbin/rbac/default_role_manager/role_manager.py
@@ -148,10 +148,14 @@ def role_judge():
 
             if self.has_pattern:
                 if self.matching_func(role1.name, role.name):
-                    return role_judge()
+                    if role_judge():
+                        return True
+                    continue
             else:
                 if role1.name == role.name:
-                    return role_judge()
+                    if role_judge():
+                        return True
+                    continue
         return False
 
     def get_roles(self, name, *domain):

diff --git a/examples/rbac_with_multiply_matched_pattern.conf b/examples/rbac_with_multiply_matched_pattern.conf
@@ -0,0 +1,16 @@
+# https://github.com/casbin/pycasbin/issues/171
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, role
+
+[role_definition]
+g  = _, _
+g2 = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g2(r.act, p.role) && (g(r.sub, p.sub) || p.sub=='*') && keyMatch(r.obj, p.obj)
diff --git a/examples/rbac_with_multiply_matched_pattern.csv b/examples/rbac_with_multiply_matched_pattern.csv
@@ -0,0 +1,16 @@
+# https://github.com/casbin/pycasbin/issues/171
+p, root, *, owner
+
+g, root@localhost, root
+
+g2, *.read, viewer
+
+g2, *.read, editor
+g2, *.update, editor
+
+g2, *.read, admin
+g2, *.update, admin
+g2, *.create, admin
+g2, *.delete, admin
+
+g2, *.*, owner
diff --git a/tests/test_enforcer.py b/tests/test_enforcer.py
@@ -247,6 +247,16 @@ def test_enforce_rbac_with_pattern(self):
         self.assertTrue(e.enforce("bob", "/pen2/1", "GET"))
         self.assertTrue(e.enforce("bob", "/pen2/2", "GET"))
 
+    def test_rbac_with_multipy_matched_pattern(self):
+        e = self.get_enforcer(
+            get_examples("rbac_with_multiply_matched_pattern.conf"),
+            get_examples("rbac_with_multiply_matched_pattern.csv"),
+        )
+
+        e.add_named_matching_func("g2", casbin.util.glob_match)
+
+        self.assertTrue(e.enforce("root@localhost", "/", "org.create"))
+
     def test_enforce_abac_log_enabled(self):
         e = self.get_enforcer(get_examples("abac_model.conf"))
         sub = "alice"