Skip to content

Policies with explicit integer priorities are not sorted correctly #326

Closed
#327
Closed
Policies with explicit integer priorities are not sorted correctly#326
#327
Assignees
hsluoyz
Labels
bugSomething isn't working
@nschwane

Description

@nschwane
nschwane
opened on Oct 18, 2023

When using policies with explicit priorities that are integers, the policies are sorted as strings instead of as numbers. This will put a policy with priority 10 in front of a policy with priority 2.

Example

model.conf

[request_definition]
r = sub, obj, act

[policy_definition]
p = priority, sub, obj, act, eft

[role_definition]
g = _, _

[policy_effect]
e = priority(p.eft) || deny

[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

policy.csv

p, 10, data1_deny_group, data1, read, deny
p, 10, data1_deny_group, data1, write, deny
p, 10, data2_allow_group, data2, read, allow
p, 10, data2_allow_group, data2, write, allow


p, 1, alice, data1, write, allow
p, 1, alice, data1, read, allow
p, 2, bob, data2, read, deny

g, bob, data2_allow_group
g, alice, data1_deny_group

Example Python

>>> import pprint
>>> from casbin import Enforcer
>>> enforcer = Enforcer('model.conf', 'policy.csv')
>>> enforcer.enforce_ex('bob', 'data2', 'read')
(True, ['10', 'data2_allow_group', 'data2', 'read', 'allow'])
>>> pprint.pprint(enforcer.model['p']['p'].policy)
[['1', 'alice', 'data1', 'write', 'allow'],
 ['1', 'alice', 'data1', 'read', 'allow'],
 ['10', 'data1_deny_group', 'data1', 'read', 'deny'],
 ['10', 'data1_deny_group', 'data1', 'write', 'deny'],
 ['10', 'data2_allow_group', 'data2', 'read', 'allow'],
 ['10', 'data2_allow_group', 'data2', 'write', 'allow'],
 ['2', 'bob', 'data2', 'read', 'deny']]
>>>

The result of calling enforce() should be False.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions