add a super role into rbac with domains

Question

add a super role into rbac with domains

oknixus opened this issue 3 years ago · 1 comments

I encountered a new problems. I want add a super role into rbac with domains model.
So I modify the config file as below:

[request_definition]
r = sub, dom, obj, act

[policy_definition]
p = sub, dom, obj, act

[role_definition]
g = _, _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = (g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act) || r.sub == "root"

and then, I write a line code Enforcer::addRoleForUser('bob', 'root'); for adding a new rule in the table rules.

The error grouping policy elements do not meet role definition displays again.
Or I got a no permission in Enforcer::enforce('bob', 'article', 'content', 'read').

I have searched in google and bing and stockoverflow. Finally I got a poor result.

Please help me finish it. Thanks very much.

Answer 1 · 2023-03-22T07:58:27.000Z

I think I should read the docment syntax for models again and again.
This package have no problems.