From 58e8f9f90b0fe868bbf240920c42b3eab590f362 Mon Sep 17 00:00:00 2001
From: imp2002 <hi@nohup.life>
Date: Fri, 21 Jul 2023 18:01:37 +0800
Subject: [PATCH] feat: fix `Effect` in Casbin rule (#2103)

* fix: Add `Effect` to Casbin rule of role

fix: https://github.com/casdoor/casdoor/issues/2102

* Update permission_enforcer.go

---------

Co-authored-by: hsluoyz <hsluoyz@qq.com>
---
 object/permission_enforcer.go | 21 ++++-----------------
 1 file changed, 4 insertions(+), 17 deletions(-)

diff --git a/object/permission_enforcer.go b/object/permission_enforcer.go
index b7207312..5bbcb2c6 100644
--- a/object/permission_enforcer.go
+++ b/object/permission_enforcer.go
@@ -104,29 +104,16 @@ func getPolicies(permission *Permission) [][]string {
 	permissionId := permission.GetId()
 	domainExist := len(permission.Domains) > 0
 
-	for _, user := range permission.Users {
+	usersAndRoles := append(permission.Users, permission.Roles...)
+	for _, userOrRole := range usersAndRoles {
 		for _, resource := range permission.Resources {
 			for _, action := range permission.Actions {
 				if domainExist {
 					for _, domain := range permission.Domains {
-						policies = append(policies, []string{user, domain, resource, strings.ToLower(action), permission.Effect, permissionId})
+						policies = append(policies, []string{userOrRole, domain, resource, strings.ToLower(action), strings.ToLower(permission.Effect), permissionId})
 					}
 				} else {
-					policies = append(policies, []string{user, resource, strings.ToLower(action), permission.Effect, "", permissionId})
-				}
-			}
-		}
-	}
-
-	for _, role := range permission.Roles {
-		for _, resource := range permission.Resources {
-			for _, action := range permission.Actions {
-				if domainExist {
-					for _, domain := range permission.Domains {
-						policies = append(policies, []string{role, domain, resource, strings.ToLower(action), "", permissionId})
-					}
-				} else {
-					policies = append(policies, []string{role, resource, strings.ToLower(action), "", "", permissionId})
+					policies = append(policies, []string{userOrRole, resource, strings.ToLower(action), strings.ToLower(permission.Effect), "", permissionId})
 				}
 			}
 		}