When we add policy by Enforcer, It will call the AddPolicy method like this:

protected bool AddPolicy(string sec, string ptype, List<string> rule)
{
    if (model.HasPolicy(sec, ptype, rule))
    {
        return false;
    }
    ...
    var ruleAdded = model.AddPolicy(sec, ptype, rule);
    return ruleAdded;
}

But when calling model.AddPolicy it will check again the policy exists like this:

public bool AddPolicy(string sec, string ptype, List<string> rule)
{
    if (!HasPolicy(sec, ptype, rule))
    {
        Model[sec][ptype].Policy.Add(rule);
        return true;
    }
    return false;
}

I think we should avoid repeated checking. but the AddPolicy method in Policy class is a public method. If we modify the existing implementation, It will cause unsafe calling. We can create an internal method without check to avoid it.

I'm loading nearly 10000 policies in my project .
the Casbin core module and Adapter is injected as Scoped service.
I found this method checking policy uniqueness every time when data line loaded. I wrote a method

private void PolicyUniquenization(Model model)
        {
            var m = model.Model;
            foreach(var key in m.Keys)
            {
                foreach (var ast in m[key].Values)
                {
                    ast.Policy = ast.Policy.Distinct().ToList();
                }
            }
        }

then alter Helper.LoadPolicyLine method without checking data uniqueness.
and invoke at the end of LoadPolicy method in Adapter

public void LoadPolicy(Model.Model model)
        {
            // some codes of polices loading...

            PolicyUniquenization(model);
        }

seems to make things better?
want to know if this modification causes any problem..

RABC model has poorer performance than other models from the result of the benchmark. I will try to improve it.

We already used semantic-release in Go and Nodejs, see Node-Casbin: casbin/node-casbin#153 (comment)

There's also a student working on Java: casbin/jcasbin#76

I think we should also integrate it into .NET. It will auto-release to GitHub Releases and Nuget. We need to find a plugin to use semantic-release in .NET project. I found these but not tried any one yet, maybe useful for you:

• https://spectrum.chat/semantic-release/general/is-semantic-release-only-for-nodejs-project~d73935a1-fa4b-4287-8410-845062dba82e
• https://github.com/axlj45/dotnet-semantic-release
• https://github.com/mdetweil/sempack

Can anyone work on it?

https://github.com/casbin-net/EFCore-Adapter

• Code coverage badge doesn't work yet.
• No README.
• No nuget badge, download times badge.

See for details: casbin-net/efcore-adapter#2

I'm using .net4.5 and trying to install it via nuget. The lowest version is 1.1.0. and it says requires .net standard2.0.

The question is why doesn't is support .net 4.5(.netstandard1.0)? As far as I know many dotnet core libraries also support .net framework.

See: https://travis-ci.org/casbin/Casbin.NET

Based on discussion here: https://gitter.im/casbin/Lobby, @mitesh-diligencevault needs an EF adapter for his ASP.NET project.

@huazhikui @xcaptain

casbin-net/efcore-adapter#2

We can use the tool (dotnet-format) to keep the code clean and the code style united.

Related comment
#44 (comment)

the assertion.PolicyStringSet property does not need to be public.

1. add assertion.AddPolicy(rule) method in Assertion Class replace these 2 steps:

assertion.Policy.Add(rule);
assertion.PolicyStringSet.Add(Utility.ArrayToString(rule));

2. add assertion.Contains(rule) mehod in Assertion Class replace Model[sec][ptype].PolicyStringSet.Contains(Utility.ArrayToString(rule))

3. add assertion.RemovePolicyAt(i) method replace these 2 steps:

assertion.Policy.RemoveAt(i);
assertion.PolicyStringSet.Remove(Utility.ArrayToString(rule));

Originally posted by @huazhikui in #39

We can use some const or read-only field to replace the string like "g", "p" and use String.Empty and Array.Empty to replace "", new string[]. I think it will make the code more maintainable.

string key1 = "192.168.2.123"; string key2 = "192.168.2.0/16";
bool result = BuiltInFunctions.IpMatch(key1, key2);

the result should be true but now is false.

We have a structure like this:

Grand Parent
Parent
Children
Grand Children
So on....

I have two questions:

1. If user has permission on Parent, how do we find out the grand parent to show as View?
2. If the user navigates to Grand Children directly for that specific parent, how do we perform that check, and allow access?

Thanks,
Harsimrat

https://github.com/casbin-net/EF-Adapter

Synced from Golang: casbin/casbin#549

I think the best way to integrate IEnforcer (rbac api) and ManagementEnforcer (management api) to a one IEnforcer is use Extension Method to implement it. Here are some reasons:

1. IEnforcer can be a simple and clean interface.
2. We can maintain the RBAC and Management API at different class, and we can easy to add new helper type API.
3. Follow the CARP desgin.

It will become a break change, we should change the protect field to Read-only property (also GetModel method can do it) and delete the InternalEnforcer, ManagementEnforcer and CoreEnforcer and convert them to a Enforcer class which only includes the API in InternalEnforcer and CoreEnforcer in now version).

Relate comment:
#55 (comment)

A new feature in #101.

Description

This is the multi-threading feature at https://casbin.org/docs/en/overview.
It will provide a ReaderWriterLockSlim and Dictonary implemention.

I think we should move the NewModel API to Model class. It will follow the go implement.
It will be some break changes if we directly delete them, So we can set Obsolete at on them now and remove at the next mainline version.

Hello
Plaese I want to make access control model with ABAC and only role from RBAC.
its will be only in C#.
the idea is to test this model software in openstack .
( access control model in C# and its will test this kind of access control Policy in openstack if we move to openstack as SaaS)
Please any one could help me.

Thanks

I think we can use the BenchmarkDotNet, And the test case will include cases in model_b_test.go.

I am evaluating Casbin.NET for my company. I have a visual studio 2019 ASP.NET core in .NET framework 4.7.2 project that i am attempting to use the Casbin.NET nuget package with. Version 1.2.0 installs and executes perfectly but 1.22 and 1.23 , though they install, result in an error when an Enforcer is instantiated. The error is "Could not load file or assembly 'DynamicExpresso.Core, Version=2.3.1.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. A strongly-named assembly is required. (Exception from HRESULT: 0x80131044)".

The key/value/tokens properties can be set internal write, I think the user should not change them without the model's APIs, and we can implement an IReadOnlyAssertion interface for the assertion that only read the properties. This change will be included in #124.

I noticed the main project had some recent updates, but not this one. How long does it usually take to catch up?

Auto publish package on Github Actions when we add new version tag.

publish

We will be able to easily find the current optimization points and we can also compare performance with other languages implement.

Currently, we have some unofficial implementations for C#. And maybe it's time to have an official one. I'm not sure if this code base is the best one, but suggestions are always welcome.

@xgenvn, can you help contribute to it?

@huazhikui, can you provide a to-do list?

Hello, Thank you for this awesome project, I have been using this project for more than 1 month, it works well but sadly lack an official efcore adapter, some discussions can be found at #4 . I created a sample project at https://github.com/xcaptain/CasbinTestProj it contains my setup for my private project. If you want I think I can help create an efcore adapter.

https://dotnet.microsoft.com/apps/aspnet/mvc

I noticed the .net version of casbin does not has the multi threading features. May I know how should we use the enforcer in multi threading environment?

In InternalEnforcer.cs, there are 3 methods add or remove policy data. All these methods will add or delete data in memory first then call adapter to perform the mutation of data in data store behind the adapter.

It will cause data inconsistency issue if no revert or rollback logic in all those methods. Please refers to the bold area of the partial code below:

bool ruleAdded = model.AddPolicy(sec, ptype, rule);
if (!ruleAdded)
{
    return false;
}

if (adapter != null && autoSave)
{
    try
    {
        await adapter.AddPolicyAsync(sec, ptype, rule);
    }
    catch (NotImplementedException)
    {
    }
    catch (Exception e)
    {
       **// rollback logic to revert the related memory data**
        throw e;
    }

    if (watcher != null)
    {
        // error intentionally ignored
        watcher.Update();
    }
}

SavePolicy() method fails when trying to save basic_model.conf in the examples folder.

It works if you add this notionally.

[role_definition]
g = _, _

If roles are optional in the model, can we make sure SavePolicy() ignores missing g?

Hi,

Why is PlatformTarget set to x64 ?
In my project-configuration I have set this to "Any CPU". I then get a build-warning:

Warning MSB3270 There was a mismatch between the processor architecture of the project being built "MSIL" and the processor architecture of the reference "C:\Users\nomha4.nuget\packages\casbin.net\1.2.4\lib\netstandard2.0\NetCasbin.dll", "AMD64". This mismatch may cause runtime failures. Please consider changing the targeted processor architecture of your project through the Configuration Manager so as to align the processor architectures between your project and references, or take a dependency on references with a processor architecture that matches the targeted processor architecture of your project.

Will it not build on other platforms ?

Can we fix the following warnings?

  InternalEnforcer.cs(32, 48): [CS0168] The variable 'e' is declared but never used
  InternalEnforcer.cs(71, 48): [CS0168] The variable 'e' is declared but never used
  InternalEnforcer.cs(109, 48): [CS0168] The variable 'e' is declared but never used
  Config.cs(99, 36): [CS0168] The variable 'e' is declared but never used
  DefaultFileAdapter.cs(29, 32): [CS0168] The variable 'e' is declared but never used
  InternalEnforcer.cs(32, 48): [CS0168] The variable 'e' is declared but never used
  InternalEnforcer.cs(71, 48): [CS0168] The variable 'e' is declared but never used
  DefaultFileAdapter.cs(29, 32): [CS0168] The variable 'e' is declared but never used
  InternalEnforcer.cs(109, 48): [CS0168] The variable 'e' is declared but never used
  Config.cs(99, 36): [CS0168] The variable 'e' is declared but never used
  NuGet.Build.Tasks.Pack.targets(198, 5): [NU5125] The 'licenseUrl' element will be deprecated. Consider using the 'license' element instead.
  NuGet.Build.Tasks.Pack.targets(198, 5): [NU5048] The 'PackageIconUrl'/'iconUrl' element is deprecated. Consider using the 'PackageIcon'/'icon' element instead. Learn more at https://aka.ms/deprecateIconUrl

I see a token in the appveyor definition file. I'd guess it's a security concern, but I don't know what access is available through that token.

We only need it to provide to the unit test coverage, We can try to use the new version coveralls.net to provide the unit test coverage at Azure Pipeline and it will only depend on .NET Core 3.1 platform.

We know .NET is from Microsoft. Azure Pipelines is also from Microsoft. So using Azure Pipelines as our CI will show strong credit that our code is well tested.

Moreover, our evaluator is also using it: https://github.com/davideicardi/DynamicExpresso

So we should add a CI badge for Azure Pipelines. Maybe other CI badges will be deprecated in future.

It like the build result.

I think we have two plans to fix it:

1. Provide some same test files for the async tests.
2. Refactor the unit test project and use some fixtures to make loading files is not inside of the unit test body.

.ASP NET Core is a free cross-platform open-source and the most popular framework for building web apps and services with .NET and C# now. We need to provide fine support to it.

Description about the Casbin.AspNetCore

It is an extension package for anyone to can use Casbin in ASP NET Core easily.
It will extend from the Microsoft.AspNetCore.Authorization. So It can be compatible with the existing authorization config. And it is also the first step of casbin-sam.

I think we can create a new repository named 'Casbin.AspNetCore' to develop it.

Related issue:

#24

It seems the assembly distributed with the nuget package is not signed, this makes it not very handy to reference Casbin.Net from a signed assembly.

I have seen an example of Pattern Matching available here: https://casbin.org/docs/en/rbac#use-pattern-matching-in-rbac

I was wondering is it possible to do something like this in Casbin:

g, /specificgenre/book/:id, book_group

That means only books which are of specific genre are allowed access using pattern matching?

KeyMatch4 is not supported, can we pls add the support?