Open
Description
Description
When calling enforcer.GetPermissionsForUserInDomain(user, domain) using Casbin.NET with the EF Core Adapter, an exception is thrown if the specified domain does not exist in the casbin_rule table.
Steps to Reproduce:
- Use Casbin.NET with the EF Core Adapter.
- Call enforcer.GetPermissionsForUserInDomain("someuser", "nonexistent-domain") where "nonexistent-domain" does not exist in the casbin_rule table.
- Observe that a System.InvalidOperationException: Sequence contains no elements is thrown.
Expected Behavior:
The method should return an empty list/array when no permissions are found for the user in the specified domain, instead of throwing an exception.
Actual Behavior:
A System.InvalidOperationException is thrown with the message:
Sequence contains no elements
Environment:
Casbin.NET version: 2.12.0
EF Core Adapter version: 2.7.0
.NET version: net9.0
Database: SQL Server
rbac_with_domains.conf:
[request_definition]
r = sub, dom, obj, act
[policy_definition]
p = sub, dom, obj, act
[role_definition]
g = _, _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub, r.dom) && keyMatch(r.dom, p.dom) && regexMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
Policy
| Id | PType | V0 | V1 | V2 | V3 | V4 | V5 |
|---|---|---|---|---|---|---|---|
| 1 | p | my-app-admin | my-domain | /* | read | ||
| 2 | g | [email protected] | my-app-admin | my-domain |
Additional Context:
This issue makes it difficult to safely query permissions for data that may not exist. A workaround is to catch the exception, but ideally the method should return an empty result.