Skip to content

fix(policy): update policy_map by calling add_policy #377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

Victor-Bayim
Copy link

This Pull Request fixes the issue where add_policies does not update the internal policy_map when adding new policies (see #356). Previously, add_policies simply appended new rules to the policy list without invoking add_policy, causing priority and other related information to be missing from policy_map. The main changes include:

Invoke add_policy for Each Rule

In add_policies, each new rule is added via the add_policy method to ensure that both the policy list and the policy_map are updated.
This approach is aligned with the Go Casbin implementation for consistency.
Duplicate Check

If any rule already exists, the function returns False to prevent adding duplicates.
Testing

All existing test cases have been run locally, and they pass successfully.
Additional tests for priority-based rules can be added in the future to further confirm that policy_map is correctly updated.
By applying this fix, add_policies now properly maintains the internal data structures, preventing access control logic errors due to an out-of-sync policy_map. Feedback and reviews are welcome!

@CLAassistant
Copy link

CLAassistant commented Mar 20, 2025

CLA assistant check
All committers have signed the CLA.

@Victor-Bayim Victor-Bayim changed the title Fix add_policies: update policy_map by calling add_policy for each rule (#356) fix(policy): update policy_map by calling add_policy (#356) Mar 20, 2025
@Victor-Bayim Victor-Bayim changed the title fix(policy): update policy_map by calling add_policy (#356) fix(policy): update policy_map by calling add_policy Mar 20, 2025
@Victor-Bayim Victor-Bayim force-pushed the fix/add_policies_policy_map branch from 0fdb343 to c3c3c78 Compare March 20, 2025 16:24
@Victor-Bayim Victor-Bayim force-pushed the fix/add_policies_policy_map branch from c3c3c78 to 46ba668 Compare March 21, 2025 13:27
@Victor-Bayim Victor-Bayim force-pushed the fix/add_policies_policy_map branch from 068de06 to 11079f3 Compare March 23, 2025 03:19
@hsluoyz hsluoyz requested a review from Copilot June 30, 2025 14:10
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes an issue where add_policies did not update the policy_map correctly by invoking add_policy for each new rule.

  • Rules are now added via add_policy in add_policies to ensure proper updates to both the policy list and the policy_map.
  • The update_policy and update_policies methods have been revised to update the policy_map consistently, and the remove_* functions now rebuild policy_map after modifications.
Comments suppressed due to low confidence (1)

casbin/model/policy.py:175

  • The removal of the p_priority check in update_policy changes the behavior by allowing rule priority to be updated without validation. Verify that this change is intentional and consider reintroducing a safeguard if maintaining the existing priority is required.
        ast.policy[rule_index] = new_rule

Comment on lines +216 to +219
new_map = {}
for idx, r in enumerate(assertion.policy):
new_map[DEFAULT_SEP.join(r)] = idx
assertion.policy_map = new_map
Copy link
Preview

Copilot AI Jun 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The logic to rebuild policy_map is duplicated in several methods (remove_policy, remove_filtered_policy_returns_effects, remove_filtered_policy). Consider refactoring this into a helper function to improve maintainability.

Suggested change
new_map = {}
for idx, r in enumerate(assertion.policy):
new_map[DEFAULT_SEP.join(r)] = idx
assertion.policy_map = new_map
assertion.policy_map = self._rebuild_policy_map(assertion.policy)

Copilot uses AI. Check for mistakes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants