-
-
Notifications
You must be signed in to change notification settings - Fork 203
fix(policy): update policy_map by calling add_policy #377
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
fix(policy): update policy_map by calling add_policy #377
Conversation
0fdb343
to
c3c3c78
Compare
c3c3c78
to
46ba668
Compare
068de06
to
11079f3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR fixes an issue where add_policies did not update the policy_map correctly by invoking add_policy for each new rule.
- Rules are now added via add_policy in add_policies to ensure proper updates to both the policy list and the policy_map.
- The update_policy and update_policies methods have been revised to update the policy_map consistently, and the remove_* functions now rebuild policy_map after modifications.
Comments suppressed due to low confidence (1)
casbin/model/policy.py:175
- The removal of the p_priority check in update_policy changes the behavior by allowing rule priority to be updated without validation. Verify that this change is intentional and consider reintroducing a safeguard if maintaining the existing priority is required.
ast.policy[rule_index] = new_rule
new_map = {} | ||
for idx, r in enumerate(assertion.policy): | ||
new_map[DEFAULT_SEP.join(r)] = idx | ||
assertion.policy_map = new_map |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[nitpick] The logic to rebuild policy_map is duplicated in several methods (remove_policy, remove_filtered_policy_returns_effects, remove_filtered_policy). Consider refactoring this into a helper function to improve maintainability.
new_map = {} | |
for idx, r in enumerate(assertion.policy): | |
new_map[DEFAULT_SEP.join(r)] = idx | |
assertion.policy_map = new_map | |
assertion.policy_map = self._rebuild_policy_map(assertion.policy) |
Copilot uses AI. Check for mistakes.
This Pull Request fixes the issue where add_policies does not update the internal policy_map when adding new policies (see #356). Previously, add_policies simply appended new rules to the policy list without invoking add_policy, causing priority and other related information to be missing from policy_map. The main changes include:
Invoke add_policy for Each Rule
In add_policies, each new rule is added via the add_policy method to ensure that both the policy list and the policy_map are updated.
This approach is aligned with the Go Casbin implementation for consistency.
Duplicate Check
If any rule already exists, the function returns False to prevent adding duplicates.
Testing
All existing test cases have been run locally, and they pass successfully.
Additional tests for priority-based rules can be added in the future to further confirm that policy_map is correctly updated.
By applying this fix, add_policies now properly maintains the internal data structures, preventing access control logic errors due to an out-of-sync policy_map. Feedback and reviews are welcome!