Casbin.net Breaking changes while migrating from V1.13.0 to V2.9.1 - GetModel and GetPolicy

[shrey-shah]

I am trying to migrate Casbin.net package from V1.13.0 to V2.9.1. I was validating my permission setup with this function in the earlier version.

private bool IsValidPermissionPolicySetup(string model, string policy)
        {
            CustomEnforcer enforcer = new CustomEnforcer(model, policy);
            int model_count = enforcer.GetModel().Model.Count;
            if (enforcer.GetPolicy().Any(x => x.Count != model_count))
            {
                return false;
            }
            if (enforcer.GetPolicy().Any(x => x[model_count - 1] != "allow" && x[model_count - 1] != "deny"))
            {
                return false;
            }
            return true;
        }

in the wiki, it says that enforcer.GetModel() is now replaced by enforcer.Model. but I couldn't find a way to get this count as the IModel interface doesn't explicitly have any property. Also, the wiki doesn't mention the alternative of enforcer.GetPolicy() so not sure how to convert the above function to the latest version. Can someone help here?

[casbin-bot]

@sagilio @sociometry @AsakusaRinne

[sagilio]

Would you like to provide a valid model and policy text sample?

1. This piece of code may not be the correct implementation. enforcer.GetModel().Model.Count is the section count of the model, It may want to get the tokens count of policy.

For example:

• the section count is 4: [request_definition], [policy_definition], [policy_effect], [matchers]
• the tokens count of policy is 3: sub, obj, act

[request_definition]
r = sub, obj, act 

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == r.obj.Owner

You can get the tokens count like this:

var assertion = e.Model.Sections.GetPolicyAssertion(PermConstants.DefaultPolicyType);
var tokensCount =  assertion.Tokens.Count;

2. The check of enforcer.GetPolicy().Any(x => x.Count != model_count) is unnecessary now.
3. enforcer.GetPolicy() exist in the latest version yet, it is here:

   Casbin.NET/Casbin/Extensions/Enforcer/ManagementEnforcerExtension.cs

   Lines 111 to 116 in fe66cd4

   	/// <summary>
   	/// Gets all the authorization rules in the policy.
   	/// </summary>
   	/// <returns> all the "p" policy rules.</returns>
   	public static IEnumerable<IEnumerable<string>> GetPolicy(this IEnforcer enforcer) =>
   	enforcer.GetNamedPolicy(PermConstants.Section.PolicySection);

[shrey-shah]

permission model:

[request_definition]
		r = role, resource, action
		[policy_definition]
		p = role, resource, action, eft
		[policy_effect]
		# There must be atleast one rule to allow and no rule to deny
		e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
		[matchers]
		m = keyMatch(r.role, p.role) && (keyMatch(r.resource, p.resource) || keyMatch2(r.resource, p.resource)) && regexMatch(r.action, p.action)

permission policy sample:

p, SecurityAdmin, *, GET, allow
p, SecurityAdmin, /api/preferences, GET, deny
p, SecurityAdmin, /api/calendar_sync, GET, deny
p, SecurityAdmin, /api//bulk_download, POST, deny
p, SecurityAdmin, /api/service/*, POST, deny

the above code was used to validate if policy is setup as per the model. can we validate using any other way in the latest version?

[shrey-shah]

any update here?

[sagilio]

Here is the sample:

private bool IsValidPermissionPolicySetup(string model, string policy)
{
    CustomEnforcer enforcer = new CustomEnforcer(model, policy);
    return enforcer.GetPolicy().All(p =>
    {
        string last = p.Last();
        return last is "allow" or "deny";
    });
}