1

I use Casbin as authorization library for my REST API, written in Go.
To load the policy from my Mongo database, I use MongoDB Adapter.

A single policy Mongo document looks like this:

{
  "_id": {
    "$oid": "639491f73e4c9bec05a1d1ec"
  },
  "ptype": "p",
  "v0": "admin",
  "v1": "laptops",
  "v2": "read",
  "v3": "",
  "v4": "",
  "v5": ""
}

In my business logic, I validate if the user can access (read) laptops:

// Resolves to true
if can, _ := e.Enforce(user, "laptops", "read"); can {
    ...

This works fine.
The problem now is when I delete the policy document, I would expect that I'm not allowed to access laptops anymore. This is only the case when I restart my application.

Thus, it appears that the Enforce checks are not being evaluated real-time.

As a workaround, I could call the LoadPolicy method as soon as the request comes in but this looks like a dirty hack to me.

I would really appreciate some help / suggestions.

studio-pj
  • 689
  • 6
  • 19
  • Policies are obviously cached in memory so the implementation doesn't have to query the database every time (when the policies rarely change in the DB - performance!). After you modify the policies in the database, invalidate the cache. – icza Dec 10 '22 at 17:06

0 Answers0