llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-22 18:25:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: restrict the model of application type resource permission (#2394)

Browse Source
This commit is contained in:
Yaodong Yu 2023-10-12 00:05:53 +08:00 committed by GitHub
parent 4de716fef3
commit e4208d7fd9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
object/enforcer.go
View File

@ -18,7 +18,6 @@ import (
"fmt" "fmt"
"github.com/casbin/casbin/v2" "github.com/casbin/casbin/v2"
"github.com/casbin/casbin/v2/config"
"github.com/casdoor/casdoor/util" "github.com/casdoor/casdoor/util"
xormadapter "github.com/casdoor/xorm-adapter/v3" xormadapter "github.com/casdoor/xorm-adapter/v3"
"github.com/xorm-io/core" "github.com/xorm-io/core"
@ -254,16 +253,10 @@ func (enforcer *Enforcer) LoadModelCfg() error {
return fmt.Errorf("the model: %s for enforcer: %s is not found", enforcer.Model, enforcer.GetId()) return fmt.Errorf("the model: %s for enforcer: %s is not found", enforcer.Model, enforcer.GetId())
} }
cfg, err := config.NewConfigFromText(model.ModelText) enforcer.ModelCfg, err = getModelCfg(model)
if err != nil { if err != nil {
return err return err
} }
enforcer.ModelCfg = make(map[string]string)
enforcer.ModelCfg["p"] = cfg.String("policy_definition::p")
if cfg.String("role_definition::g") != "" {
enforcer.ModelCfg["g"] = cfg.String("role_definition::g")
}
return nil return nil
} }

15
object/model.go
View File

@ -17,6 +17,7 @@ package object
import ( import (
"fmt" "fmt"
"github.com/casbin/casbin/v2/config"
"github.com/casbin/casbin/v2/model" "github.com/casbin/casbin/v2/model"
"github.com/casdoor/casdoor/util" "github.com/casdoor/casdoor/util"
"github.com/xorm-io/core" "github.com/xorm-io/core"
@ -188,3 +189,17 @@ func (m *Model) initModel() error {
return nil return nil
} }
func getModelCfg(m *Model) (map[string]string, error) {
cfg, err := config.NewConfigFromText(m.ModelText)
if err != nil {
return nil, err
}
modelCfg := make(map[string]string)
modelCfg["p"] = cfg.String("policy_definition::p")
if cfg.String("role_definition::g") != "" {
modelCfg["g"] = cfg.String("role_definition::g")
}
return modelCfg, nil
}

15
object/permission.go
View File

@ -150,6 +150,21 @@ func UpdatePermission(id string, permission *Permission) (bool, error) {
return false, nil return false, nil
} }
if permission.ResourceType == "Application" {
model, err := GetModel(util.GetId(owner, permission.Model))
if err != nil {
return false, err
}
modelCfg, err := getModelCfg(model)
if err != nil {
return false, err
}
if len(strings.Split(modelCfg["p"], ",")) != 3 {
return false, fmt.Errorf("the model: %s for permission: %s is not valid, application type resources need 3 size [policy_defination] model", permission.Model, permission.GetId())
}
}
affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(permission) affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(permission)
if err != nil { if err != nil {
return false, err return false, err