Skip to content

feat: Port no-policy ABAC feature from Go Casbin #517

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 4 commits into from
Closed

feat: Port no-policy ABAC feature from Go Casbin #517

Copilot wants to merge 4 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Dec 8, 2025
edited
Loading

Ports the no-policy ABAC optimization from Go Casbin (#918) that allows matchers to evaluate purely on request attributes without iterating through policies.

Changes

  • Core enforcement logic: Added regex-based detection to check if matcher references policy tokens (p_, p2_, etc.). When matcher only uses request attributes (e.g., r.sub == r.obj.Owner), skip policy iteration and evaluate once.

  • Helper extraction: Created populateRequestParameters() to consolidate JSON parsing logic across policy and no-policy branches.

  • Validation: Added check to prevent eval() usage when policies aren't loaded, matching Go Casbin behavior.

Example

// Model matcher: m = r.sub == r.obj.Owner (no policy token references)
const e = await newEnforcer('examples/abac_not_using_policy_model.conf', 'policy.csv');

// Pure ABAC - matcher evaluated once without iterating policies
const data1 = { Name: 'data1', Owner: 'alice' };
await e.enforce('alice', data1, 'read');  // true (alice owns data1)
await e.enforce('bob', data1, 'read');    // false (bob doesn't own data1)

Pattern detection handles multiple policy types via regex {pType}\d*_ with proper escaping to prevent injection.

Original prompt

This section details on the original issue you should resolve

<issue_title>[feature] Port no-policy ABAC feature to Node-Casbin and Casbin-Editor</issue_title>
<issue_description>Required by: casbin/casbin#918 (comment)</issue_description>

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@CLAassistant
Copy link

CLAassistant commented Dec 8, 2025

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@hsluoyz hsluoyz marked this pull request as ready for review December 8, 2025 10:04
Copilot AI changed the title [WIP] Port no-policy ABAC feature to Node-Casbin and Casbin-Editor feat: Port no-policy ABAC feature from Go Casbin Dec 8, 2025
Copilot AI requested a review from hsluoyz December 8, 2025 10:24
@hsluoyz hsluoyz closed this Dec 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hsluoyz hsluoyz Awaiting requested review from hsluoyz

Assignees

@hsluoyz hsluoyz

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[feature] Port no-policy ABAC feature to Node-Casbin and Casbin-Editor

3 participants

@CLAassistant @hsluoyz