ABAC with rules in policy: online editor gives different results to pyCasbin Enforcer.enforce #164
Closed
Description
I am trying to implement ABAC with rules in the policies (per these instructions).
Online Editor set up
I have set up my model, policy and request in the online editor like so:
model.conf
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub_rule, obj, act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = eval(p.sub_rule) && r.obj == p.obj && r.act == p.act
policy.csv
p, "r.sub.rank == 5 && keyMatch(""IT"", r.sub.org)", "data", "GET"
request
{rank: 5, org: "IT"}, data, GET
Online editor results
I am getting a result of true Reason: ["r.sub.rank == 5 && keyMatch(\"IT\", r.sub.org)","data","GET"] from the online editor - this is expected. See screenshot below:
Local python environment set up
- Running Python 3.12 on MacOS
- Set up a new project in PyCharm
- including default
venv
- including default
- Installed casbin using
pip install casbin - Set up
model.confandpolicy.csvexactly the same as in the online editor. - Create a
main.pyfile to run my request
main.py
import casbin
if __name__ == '__main__':
enforcer = casbin.Enforcer("model.conf", "policy.csv")
request_vals = ['{rank: 5, org: "IT"}', 'data', 'GET']
print(enforcer.enforce(*request_vals)) # prints FalseThis code is printing False which is the opposite of the online editor and the unexpected result.
See screenshot below:
I'm not sure if I'm missing something or if this is a bug