I'm testing out a very simple permissions model, but seems like two policy_definition values in a model can not be handled in NodeJS? Is there another approach to the described model ?
Model description: users belong to an organization, organizations have subscription plans and plans have a list of features that users should be able to access.
The questions I would be asking are:
- Can
user:1accessfeature:A--> true - Can
user:1acessfeature:C--> false - Can
user:2accessfeature:A--> false
I have the following definitions and data
model.conf
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
p2 = p2_sub, p2_obj, p2_act # prefixed with `p2` for debuggability
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p2.p2_sub) && r.sub == p.obj && r.act == p.act && r.obj == p2.p2_obj
policy.csv
p, user:1, organization:1, view
p2, plan:1, feature:A, view
g, organization:1, plan:1
app.js
...
const e = await newEnforcer('model.conf', 'policy.csv');
const result = await e.enforce(sub, obj, act);
console.log(result);
....
When running the above code, it's failing with this message:
TypeError: Cannot read properties of undefined (reading 'p2_sub')
at /Users/elenaschneider/Work/carta-frontend-platform/common/temp/node_modules/.pnpm/expression-eval@4.0.0/node_modules/expression-eval/index.ts:102:21
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async Promise.all (index 1)
If I remove p2 policy from model.conf and policy.csv all works OK (but of course doesn't produce correct result)
