feat: check model grammar when saving and provide a ACL model as init data (#1062)

Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com>
2025-07-03 12:30:19 +08:00 · 2022-08-24 17:21:05 +08:00
parent a383af0ebc
commit 7b0b426a76
2 changed files with 38 additions and 2 deletions
--- a/object/init.go
+++ b/object/init.go
@ -27,6 +27,7 @@ import (
 func InitDb() {
 	existed := initBuiltInOrganization()
 	if !existed {
 		initBuiltInModel()
 		initBuiltInPermission()
 		initBuiltInProvider()
 		initBuiltInUser()
@ -239,6 +240,33 @@ func initWebAuthn() {
 	gob.Register(webauthn.SessionData{})
 }
 func initBuiltInModel() {
 	model := GetModel("built-in/model-built-in")
 	if model != nil {
 		return
 	}
 	model = &Model{
 		Owner:       "built-in",
 		Name:        "model-built-in",
 		CreatedTime: util.GetCurrentTime(),
 		DisplayName: "Built-in Model",
 		IsEnabled:   true,
 		ModelText: `[request_definition]
 r = sub, obj, act
 [policy_definition]
 p = sub, obj, act
 [policy_effect]
 e = some(where (p.eft == allow))
 [matchers]
 m = r.sub == p.sub && r.obj == p.obj && r.act == p.act`,
 	}
 	AddModel(model)
 }
 func initBuiltInPermission() {
 	permission := GetPermission("built-in/permission-built-in")
 	if permission != nil {
@ -253,6 +281,7 @@ func initBuiltInPermission() {
 		Users:        []string{"built-in/admin"},
 		Roles:        []string{},
 		Domains:      []string{},
 		Model:        "model-built-in",
 		ResourceType: "Application",
 		Resources:    []string{"app-built-in"},
 		Actions:      []string{"Read", "Write", "Admin"},
--- a/object/model.go
+++ b/object/model.go
@ -17,6 +17,7 @@ package object
 import (
 	"fmt"
 	"github.com/casbin/casbin/v2/model"
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
 )
@ -85,13 +86,19 @@ func GetModel(id string) *Model {
 	return getModel(owner, name)
 }
-func UpdateModel(id string, model *Model) bool {
+func UpdateModel(id string, modelObj *Model) bool {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	if getModel(owner, name) == nil {
 		return false
 	}
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(model)
+	// check model grammar
 	_, err := model.NewModelFromString(modelObj.ModelText)
 	if err != nil {
 		panic(err)
 	}
 	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(modelObj)
 	if err != nil {
 		panic(err)
 	}