Question: how to preload policy from file, then use db-backed adapter?
Closed this issue · 12 comments
My use case is that I'd like to define some access rules for roles beforehand but later on my app assigns users to roles, this should be kept in the database. What I'm doing right now is and what works:
- load model from file
- assign db-backed adapter to enforcer
- programmatically setup role policies <- lots of boilerplate code here
What I'd somehow like to do is:
- load model from file into enforcer
- load initial policy from file enforcer
- switch enforcer to use db-backed adapter, this should keep the policy loaded from file before
I know there's casbin::CoreApi::set_adapter, but this seems to discard any policies loaded before.
Any hints on this highly appreciated!
@smrpn @hackerchai @PsiACE @GopherJ
@bk138 see: https://casbin.org/docs/en/adapters#migrateconvert-between-different-adapter
@hsluoyz This does not work for the use case outlined above as it discards the policy loaded from adapter A completely. Here's some of my code:
let model = DefaultModel::from_file("casbin_model.conf").await?;
// CSV file has initial policy, e.g. rules for groups
let adapter = FileAdapter::new("casbin_policy.csv");
// enforcer uses initial policy from CSV file
let mut enforcer = Enforcer::new(model, adapter).await?;
// need to later assign user to groups etc, using db-backed adapter for this
let adapter = SqlxAdapter::new(std::env::var("DATABASE_URL")?, 10).await?;
// as per https://casbin.org/docs/en/adapters#migrateconvert-between-different-adapter,
// but policy from CSV file completely discarded
enforcer.set_adapter(adapter).await?;
enforcer.load_policy().await?;Should I file an issue with sqlx-adapter?
Found https://github.com/casbin-rs/examples/blob/master/actix-middleware-example/src/main.rs#L73 - is this the way to achieve a policy preload?
Found https://github.com/casbin-rs/examples/blob/master/actix-middleware-example/src/main.rs#L73 - is this the way to achieve a policy preload?
yes, you can use this way in prodcution
@hackerchai What about adding this to the README?
@bk138 sounds good. Can you make a PR?
I would, but I have some difficulties comprehending the logic in https://github.com/casbin-rs/examples/blob/master/actix-middleware-example/src/main.rs#L73 - @hackerchai can you maybe elaborate on the logic? In particular, why is the enforcer cloned in https://github.com/casbin-rs/examples/blob/master/actix-middleware-example/src/main.rs#L69 and the policies added to the cloned one instead of "main" enforcer?
@bk138 sounds good. Can you make a PR?
I would, but I have some difficulties comprehending the logic in https://github.com/casbin-rs/examples/blob/master/actix-middleware-example/src/main.rs#L73 - @hackerchai can you maybe elaborate on the logic? In particular, why is the enforcer cloned in https://github.com/casbin-rs/examples/blob/master/actix-middleware-example/src/main.rs#L69 and the policies added to the cloned one instead of "main" enforcer?
@bk138 https://github.com/casbin-rs/examples/blob/master/actix-middleware-example/src/main.rs#L69 Why we use clone_enforcer? Because we have casbin_actor as well as casbin_middleware, and they both use casbin enforcer. In order to make these two component use the sane enforcer, we clone the enforcer first.
@bk138 sounds good. Can you make a PR?
I would, but I have some difficulties comprehending the logic in https://github.com/casbin-rs/examples/blob/master/actix-middleware-example/src/main.rs#L73 - @hackerchai can you maybe elaborate on the logic? In particular, why is the enforcer cloned in https://github.com/casbin-rs/examples/blob/master/actix-middleware-example/src/main.rs#L69 and the policies added to the cloned one instead of "main" enforcer?
@bk138 https://github.com/casbin-rs/examples/blob/master/actix-middleware-example/src/main.rs#L73 Here is the logic to import preset casbin rules into the database via casbin_adapter. The rules in csv file explains g2 group declaration, roles and role-group combination, default admin rules.