https://editor.casbin.org/

UI specific:

• 1. Improve UI effect with TailwindCSS
• 2. Rebuild it with Nextjs?
• 3. Real-time response about syntax and run
• 4. Fit the browser and no scrollbar by default
• 5. Show the current Casbin version used (like Node-Casbin v1.2.3)
• 6. Perhaps wrap into Electron in future

More advanced:

• 7. Show more about how Casbin matcher works (like matcher result for each policy)
• 8. Support more languages of Casbin, like Go Casbin can be called via Casdoor API: https://casdoor.org/docs/permission/exposed-casbin-apis , we may need CLI to interact with other Casbin like Java, Python, etc.
• 9. Integrate with ChatGPT to provide guidance on how to write Casbin policy

@nodece , currently, there's no way to let users provide the attributes in ABAC in our editor: https://casbin.org/en/editor. We need to add this.

This issue is originally raised in: https://casbin.org/en/editor#comment-4485545919

If you put

[policy_effect]
e = some(whe re (p.eft == allow))
# note the  ^  space inside the `where` 

the validator claims that it is valid.

For now, I believe the only way to truly validate this portion is by making sure the string for e is exactly one of the four allowed strings (including spaces), as discussed here casbin/casbin#211

https://casbin.org/en/editor

Currently, if we don't choose ABAC in the drop-down, even if we specify a ABAC policy, it doesn't work.

See more details at: #25 (comment)

This confuses a lot of our users. We need to make ABAC and all other features available for every option.

Does not matter what appears in the text boxes, it always claims there are no errors and that the "test pass"

See: #4

reset button

Want to prioritize this issue? Try:

Describe the bug
Here is my model. It can goes well with the golang code, but in the editor shows "Unable to find matchers in model"
https://editor.casbin.org/#FMUKBBSQ2

To Reproduce
Steps to reproduce the behavior:

Expected behavior

Screenshots

Desktop (please complete the following information):

• OS: win10
• Browser chrome

Smartphone (please complete the following information):

Additional context

Migrate from php-casbin/php-casbin#90.

bumping the version in #9 has caused a regression:
running the plain ABAC example now shows Invalid policy, policy document cannot be false-y as error message.

Want to prioritize this issue? Try:

------

What's your scenario? What do you want to achieve?
deny the request of some type of devices from some ip addresses

Your model:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub_rule, obj, act, eft

[policy_effect]
e = !some(where (p.eft == deny))

[matchers]
m = eval(p.sub_rule) && r.obj == p.obj && r.act == p.act

Your policy:

p, r.sub.Device == 'Android', file, send, deny
p, r.sub.Device == 'Windows' && ipMatch(r.sub.Ip, '10.0.0.0/24'), file, save, deny

Your request(s):

{Device:'Android',Ip:'10.1.0.3'}, file, send
{Device:'iOS',Ip:'10.0.0.2'}, file, save

Is your feature request related to a problem? Please describe.
The code has keyMatch5 but the editor doesn't support it

Describe the solution you'd like
Add the keyMatch5 support

Additional context
example: https://casbin.org/casbin-editor/#8BUESA7BC

I am having trouble using the "in" grammar extension mentioned in https://casbin.org/docs/en/syntax-for-models#special-grammer. I tried both in the Casbin editor and in a .NET program.
See Example
The validation passes but when I run it I get the following message: "value.trim is not a function"

Model:

[request_definition]
r = sub, obj, act

[policy_definition]
p = role, sub_rule, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = eval(p.sub_rule) && r.obj == p.obj && r.act == p.act && p.role in (r.obj.Roles)

Policies:

p, Assistant, r.sub.Amount <= 5000, authorization, grant
p, Manager, r.sub.Amount > 5000, authorization, grant

Evaluation Data:

{Amount: 5100, Roles: ["Manager"]}, authorization, grant

model:

[request_definition]
r = sub, dom, obj

[policy_definition]
p = sub, dom, obj, eft

[role_definition]
g = _, _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))

[matchers]
m = g(r.sub, p.sub, p.dom) && g2(r.dom, p.dom) && r.obj == p.obj

policy:

p, leader, cust, dept9, allow
p, leader, loan, dept8, allow

g, alice, leader, cust

g2, saveCust, cust

request(s):

alice, saveCust, dept9 ---> false (expected: true)

Online editor

If I perform the following steps:

1. Go to https://casbin.org/en/editor
2. Choose RBAC with pattern from the dropdown.
3. Click Reset for good measure.
4. Click RUN THE TEST.

Then the Enforcement Result region says false, which is...unhelpful. I don't need failing examples, I need passing examples 😄

The RBAC with all pattern fails similarly.

I've tried a bunch of random things to try to get it to pass, but so far I'm unsuccessful. Ideas I've had:

• Do we need to update the Custom config code ourselves? I've tried keyMatch and keyMatch2 for both configuration values and neither worked.
• regexMatch(r.act, p.act) -- maybe this part is wrong? It seems like it should be a keyMatch and not a regex match (since there are no regexes in the policy), or it shouldn't be operating over the actions, but rather the subject.

Hi,

with model

# Request definition
[request_definition]
r = sub, action

# Policy definition
[policy_definition]
p = sub, action

# Policy effect
[policy_effect]
e = some(where (p.eft == allow))

# Matchers
[matchers]
m = (r.action == "dothejob" && r.sub == p.sub) || \
    (r.action == "undothejob" && r.sub == p.sub)

and policy

p, user1, dosomethingverynice

when requesting
user1, do thejob 

I get True

Is this expected behavior?

I test by rbac_model_matcher_using_in_op.conf, and got a grammar error: Unclosed ( at character 72

Env: node-casbin: "^5.11.1",

Overview of the issue

The enforcer always returns false after changing the policy definition.

the model conf

Example of configuration using RBAC

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, note,act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

Policy

p, alice, ok, data1, read
p, bob, oo, data2, write
p, data2_admin, what, data2, read
p, data2_admin, how ,data2, write

g, alice, data2_admin

my request

bob, oo, write

I used the same model, policy, and request, but the results were different between the website editor and local code.

on website

on local code

model.conf

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub)

policy.csv

p, admin, data1, read

g2, alice, admin

main.go

package main

import (
	"fmt"

	"github.com/casbin/casbin/v2"
)

func main() {
	e, _ := casbin.NewEnforcer("./model.conf", "./policy.csv")
	res, _ := e.Enforce("alice", "data1", "read")
	fmt.Print(res) // display false
}

go.mod

module casbin

go 1.15

require github.com/casbin/casbin/v2 v2.28.2 // indirect

Hi, I was editing on casbin-editor and I found a problem. I thought it might be a bug.

Environment

Windows 10 Professional 20H2 19042.572
Firefox 82.0.2 (64bit)

Requirement & issue's scene

I clicked the RESET button on editor

Expected result description

I was wondering a RESET for all the text fields in this page, all the changes I just edit should be recovered to default.

Actual result description

After page refreshed, those text fields never recovered, and I found what I just edit in the localStorage of the browser.

Logs

None

Screenshot

I tested this model policy and request below, expected result must be

true
true
false
true
true
true
true

but it only on ABAC example page, if I switched to other example and paste same config, result will be

true
true
false
true
true
true
false

the different is last request, It true on ABAC example page and false on other example page, any reason why this happen or I missconfig something?
link to result image

Tks !!!

What's your scenario? What do you want to achieve?
Is my config correct or this is editor page problem ?

Your model:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m =( r.sub == r.obj.Owner ) ||  g(r.sub, p.sub) && (g2(r.obj, p.obj) && r.act == p.act || keyMatch2(r.obj, p.obj) && regexMatch(r.act, p.act)) 

Your policy:

p, alice, data1, read
p, bob, data2, write
p, data_group_admin, data_group, write


p, data_group_admin, /alice_data/:resource, GET
p, data_group_admin, /alice_data2/:id/using/:resId, GET

g, alice, data_group_admin
g2, data1, data_group
g2, data2, data_group

Your request(s):

alice, data1, read
alice, data1, write
alice, data2, read
alice, data2, write 
alice, /alice_data/hello, GET
alice, /alice_data2/23/using/32, GET
alice, { Owner: 'alice'}, GET

Hello,

I've been trying to use this file from the main casbin project rbac_with_domain_pattern_policy.csv in order to select a "*" for domain but it seems that this doesn't work using the provided conf and csv, is it because this is not yet available in the nodejs version?

Want to prioritize this issue? Try:

Describe the bug
keyGet2 in matchers is not evaluated correctly

To Reproduce
Steps to reproduce the behavior:
I want to implement RBAC with domain.
What I tried is,

• policy.csv

p, admin, /workspaces/:workspace_id, (GET)|(PUT)|(DELETE), allow
p, member, /workspaces/:workspace_id, GET, allow

g, alice, admin, workspace1
g, alice, member, workspace2
g, bob, admin, workspace2

• model.conf

[request_definition]
r = sub, dom, obj, act

[policy_definition]
p = sub, obj, act, eft

[role_definition]
g = _, _, _

[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))

[matchers]
m = g(r.sub, p.sub, r.dom) && keyMatch2(r.obj, p.obj) && regexMatch(r.act, p.act) && getKey2(r.obj, p.obj, 'workspace_id') == r.dom

Expected behavior
request alice, workspace1, /workspaces/workspace1, GET expects true, but actually false returns.

Desktop (please complete the following information):

• OS: Windows
• Browser: Microsoft Edge (editor ceased working in chrome)
• Version: Online Editor

Additional context
Registering custom function solved my issue already, but I still don't understand why the above implementation didn't go.

[request_definition]
r = sub, dom, obj, act

[policy_definition]
p = sub, obj, act, eft

[role_definition]
g = _, _, _

[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))

[matchers]
m = g(r.sub, p.sub, r.dom) && keyMatch2(r.obj, p.obj) && regexMatch(r.act, p.act) && parseWorkspace(r.obj, p.obj, r.dom)

package main

import (
	"fmt"
	"github.com/casbin/casbin/v2"
	"github.com/casbin/casbin/v2/util"
	"log"
)

func main() {
	e, err := casbin.NewEnforcer("./model.conf", "./policy.csv")
	if err != nil {
		log.Fatal(err)
	}
	
	e.AddFunction("parseWorkspace", ParseWorkspace)

	enforce, err := e.Enforce("alice", "workspace1", "/workspaces/workspace1", "GET")
	if err != nil {
		return
	}

	fmt.Println(enforce)
}

func parseWorkspace(requestObj string, policyObj string, dom string) bool {
	return util.KeyGet2(requestObj, policyObj, "workspace_id") == dom
}

func ParseWorkspace(args ...interface{}) (interface{}, error) {
	name1 := args[0].(string)
	name2 := args[1].(string)
	name3 := args[2].(string)

	return parseWorkspace(name1, name2, name3), nil
}

Summary

Currently, multiple-sections-type has been supported, we need to pass a context to enforce when using this feature.

Add netlify preview for PRs like this: casbin/casbin-website#258 (comment)

See: https://editor.casbin.org/