+10

go.mod

reviewed

··· 1 1 + module tangled.sh/oppi.li/casbin-repro 2 2 + 3 3 + go 1.24.1 4 4 + 5 5 + require github.com/casbin/casbin/v2 v2.108.0 6 6 + 7 7 + require ( 8 8 + github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect 9 9 + github.com/casbin/govaluate v1.3.0 // indirect 10 10 + )

+14

go.sum

reviewed

··· 1 1 + github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I= 2 2 + github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= 3 3 + github.com/casbin/casbin/v2 v2.108.0 h1:aMc3I81wfLpQe/uzMdElB1OBhEmPZoWMPb2nfEaKygY= 4 4 + github.com/casbin/casbin/v2 v2.108.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco= 5 5 + github.com/casbin/govaluate v1.3.0 h1:VA0eSY0M2lA86dYd5kPPuNZMUD9QkWnOCnavGrw9myc= 6 6 + github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A= 7 7 + github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc= 8 8 + github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= 9 9 + golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 10 10 + golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 11 11 + golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 12 12 + golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 13 13 + golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 14 14 + golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=

+88

main.go

reviewed

··· 1 1 + package main 2 2 + 3 3 + import ( 4 4 + "fmt" 5 5 + "log" 6 6 + 7 7 + "github.com/casbin/casbin/v2" 8 8 + "github.com/casbin/casbin/v2/model" 9 9 + fileadapter "github.com/casbin/casbin/v2/persist/file-adapter" 10 10 + ) 11 11 + 12 12 + const ( 13 13 + Model = ` 14 14 + [request_definition] 15 15 + r = sub, dom, obj, act 16 16 + 17 17 + [policy_definition] 18 18 + p = sub, dom, obj, act 19 19 + 20 20 + [role_definition] 21 21 + g = _, _, _ 22 22 + 23 23 + [policy_effect] 24 24 + e = some(where (p.eft == allow)) 25 25 + 26 26 + [matchers] 27 27 + m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act` 28 28 + ) 29 29 + 30 30 + func main() { 31 31 + fmt.Println("=== casbin issue repro ===") 32 32 + 33 33 + m, err := model.NewModelFromString(Model) 34 34 + if err != nil { 35 35 + log.Fatal("failed to create model:", err) 36 36 + } 37 37 + 38 38 + a := fileadapter.NewAdapter("policy.csv") 39 39 + e, err := casbin.NewEnforcer(m, a) 40 40 + if err != nil { 41 41 + log.Fatal("failed to create enforcer:", err) 42 42 + } 43 43 + 44 44 + // add policies and users 45 45 + fmt.Println("\n1. adding policies and users...") 46 46 + e.AddPolicy("server:owner", "server-foo", "fooserver", "server:invite") 47 47 + e.AddGroupingPolicy("server:owner", "server:member", "server-foo") 48 48 + e.AddGroupingPolicy("user-a", "server:owner", "server-foo") 49 49 + e.AddGroupingPolicy("user-b", "server:member", "server-foo") 50 50 + if err = e.SavePolicy(); err != nil { 51 51 + log.Fatal("failed to save policies: ", err) 52 52 + } 53 53 + 54 54 + // check domains before removal 55 55 + fmt.Println("2. domains before removal:") 56 56 + domains, _ := e.GetAllDomains() 57 57 + fmt.Printf(" %v\n", domains) 58 58 + 59 59 + // check users before removal 60 60 + fmt.Println("3. users with server:member role before removal:") 61 61 + users := e.GetUsersForRoleInDomain("server:member", "server-foo") 62 62 + fmt.Printf(" %v\n", users) 63 63 + 64 64 + // remove domain using DeleteDomains 65 65 + fmt.Println("4. Calling DeleteDomains('server-foo')...") 66 66 + e.DeleteDomains("server-foo") 67 67 + if err = e.SavePolicy(); err != nil { 68 68 + log.Fatal("failed to save policies: ", err) 69 69 + } 70 70 + 71 71 + // check domains after removal - domain still exists! 72 72 + fmt.Println("5. Domains after removal:") 73 73 + domains, _ = e.GetAllDomains() 74 74 + fmt.Printf(" %v\n", domains) 75 75 + 76 76 + // check users after removal - users are properly removed 77 77 + fmt.Println("6. users with server:member role after removal:") 78 78 + users = e.GetUsersForRoleInDomain("server:member", "server-foo") 79 79 + fmt.Printf(" %v\n", users) 80 80 + 81 81 + // show the bug 82 82 + if len(domains) == 0 { 83 83 + fmt.Println("\nsuccess: all domains removed") 84 84 + } else { 85 85 + fmt.Printf("\n bug: expected 0 domains, got %d: %v\n", len(domains), domains) 86 86 + fmt.Println(" DeleteDomains() only removes users/roles, not the domain itself!") 87 87 + } 88 88 + }

policy.csv

reviewed

This is a binary file and will not be displayed.