ErrorException  : Creating default object from empty value

  at /var/www/html/vendor/casbin/casbin/src/Model/Policy.php:174
    170|      * @param string[] $rule
    171|      */
    172|     public function addPolicy(string $sec, string $ptype, array $rule): void
    173|     {
  > 174|         $this->items[$sec][$ptype]->policy[] = $rule;
    175|         $this->items[$sec][$ptype]->policyMap[implode(self::DEFAULT_SEP, $rule)] = count($this->items[$sec][$ptype]->policy) - 1;
    176|     }
    177| 
    178|     /**

  Exception trace:

  1   Illuminate\Foundation\Bootstrap\HandleExceptions::handleError("Creating default object from empty value", "/var/www/html/vendor/casbin/casbin/src/Model/Policy.php", ["g", "g"])
      /var/www/html/vendor/casbin/casbin/src/Model/Policy.php:174

  2   Casbin\Model\Policy::addPolicy("g", "g")
      /var/www/html/vendor/casbin/casbin/src/InternalEnforcer.php:48

sorry for formatting :)
Fresh install on Laravel 6. Migrations created table rules
Just tried some artisan commands, the first two created something and the last one
php artisan role:assign eve write
made an error.

Hi, I can't find how to access the authenticated users when applying Enforcer middleware.

For example I have the following route:

Route::get('/only-admin', function () { return "You are admin"; })->middleware('enforcer:admin');

When entering I got an 403 which is ok, but whom is enforcer validating? I don't find a way to relate the User model with Enforcer. Probably I am doing it wrong, how can I do this? Thanks!

背景:
laravel8+，采取的是restful风格路由，角色绑定路由

1、在casbin的官网编辑器中示例如下：

2、在laravel插件里配置如下：

3、laravel代码如下：

4、请求结果如下：

5、查看日志问题出在regexMatch方法校验。

6、我未重写regexMatch方法。

谢谢大佬们的指导，拜谢。

addRolesForUser返回true，实际没写入，addRoleForUser是可以的，追踪看到
private function updateWatcher(): void { if (!is_null($this->watcher) && $this->autoNotifyWatcher) { $this->watcher->update(); } }
里面$this->watcher为空，帮忙看看是不是bug，还是说需要哪里调用才启动批量插入

Starting from v2.2.0 I'm getting the following error while executing Enforcer::deleteRoleForUser

Call to undefined method Casbin\Enforcer::buildIncrementalRoleLinks()\n#0 /var/www/html/vendor/casbin/casbin/src/ManagementEnforcer.php(582): Casbin\InternalEnforcer->removePolicyInternal()\n#1 /var/www/html/vendor/casbin/casbin/src/ManagementEnforcer.php(540): Casbin\ManagementEnforcer->removeNamedGroupingPolicy()\n#2 /var/www/html/vendor/casbin/casbin/src/Enforcer.php(100): Casbin\ManagementEnforcer->removeGroupingPolicy()\n#3 /var/www/html/app/Observers/Auth/UserAccessGroupObserver.php(65): Casbin\Enforcer->deleteRoleForUser()\n#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Events/Dispatcher.php(412):
...
casbin/casbin version is v3.6.0

If it's difficult to implement, then it seems "require" in composer.json is not quite correct..

"require" : {
"casbin/casbin": "~3.1",
...
}

Problem 1
- casbin/psr3-bridge[v1.1.0, ..., v1.2.0] require casbin/casbin ^2.0 -> found casbin/casbin[v2.0.0, ..., v2.4.0] but it conflicts with your root composer.json require (^3.20).
- casbin/psr3-bridge v1.3.0 requires psr/log ^1.1 -> found psr/log[1.1.0, ..., 1.1.4] but the package is fixed to 2.0.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
- casbin/laravel-authz v3.1.0 requires casbin/psr3-bridge ^1.1 -> satisfiable by casbin/psr3-bridge[v1.1.0, v1.2.0, v1.3.0].
- Root composer.json requires casbin/laravel-authz ^3.1 -> satisfiable by casbin/laravel-authz[v3.1.0].

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

Do you need to consider upgrading the version

Good afternoon,
there was a problem when executing the command: composer require casbin/laravel-authz

Please tell me what could be the problem?

Laravel version: "laravel/framework": "^10.10",
Thanks!

Problem 1
- casbin/laravel-authz[v0.1, ..., v0.2, v1.0.0] require laravel/framework ~5.1 -> found laravel/framework[v5.1.0, ..., v5.8.38] but it conflicts with your root composer.json require (^10.10).
- casbin/laravel-authz[v1.1.0, ..., v1.2.0] require laravel/framework ~5.1|~6.0 -> found laravel/framework[v5.1.0, ..., v5.8.38, v6.0.0, ..., v6.20.44] but it conflicts with your root composer.json require (^10.10).
- casbin/laravel-authz v1.3.0 requires laravel/framework ~5.5|~6.0 -> found laravel/framework[v5.5.0, ..., v5.8.38, v6.0.0, ..., v6.20.44] but it conflicts with your root composer.json require (^10.10).
- casbin/laravel-authz[v1.4.0, ..., v1.5.0] require laravel/framework ~5.5|~6.0|~7.0 -> found laravel/framework[v5.5.0, ..., v5.8.38, v6.0.0, ..., v6.20.44, v7.0.0, ..., v7.30.6] but it conflicts with your root composer.json require (^10.10).
- casbin/laravel-authz[v1.6.0, v2.0.0, ..., v2.5.1, v3.0.0, ..., v3.0.2] require laravel/framework ~5.5|~6.0|~7.0|~8.0 -> found laravel/framework[v5.5.0, ..., v5.8.38, v6.0.0, ..., v6.20.44, v7.0.0, ..., v7.30.6, v8.0.0, ..., v8.83.27] but it conflicts with your root composer.json require (^10.10).
- casbin/laravel-authz v3.1.0 requires illuminate/support ~5.5|~6.0|~7.0|~8.0 -> found illuminate/support[v5.5.0, ..., v5.8.36, v6.0.0, ..., v6.20.44, v7.0.0, ..., v7.30.6, v8.0.0, ..., v8.83.27] but these were not loaded, likely because it conflicts with another require.
- casbin/laravel-authz[v3.1.1, ..., v3.1.3] require illuminate/support ~5.5|~6.0|~7.0|~8.0|~9.0 -> found illuminate/support[v5.5.0, ..., v5.8.36, v6.0.0, ..., v6.20.44, v7.0.0, ..., v7.30.6, v8.0.0, ..., v8.83.27, v9.0.0, ..., v9.52.16] but these were not loaded, likely because it conflicts with another require.
- casbin/laravel-authz[v3.1.4, ..., v3.1.5] require casbin/casbin ~3.1 -> found casbin/casbin[v3.1.0, ..., v3.21.5] but it conflicts with your root composer.json require (^0.1.1).
- Root composer.json requires casbin/laravel-authz * -> satisfiable by casbin/laravel-authz[v0.1, v0.2, v1.0.0, ..., v1.6.0, v2.0.0, ..., v2.5.1, v3.0.0, ..., v3.1.5].

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.
You can also try re-running composer require with an explicit version constraint, e.g. "composer require casbin/laravel-authz:*" to figure out if any version is installable, or "composer require casbin/laravel-authz:^2.1" if you know which you need.

Symfony\Component\ErrorHandler\Error\FatalError: Class Lauthz\Adapters\DatabaseAdapter contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (Casbin\Persist\UpdatableAdapter::updatePolicies) in file /web_root/vendor/casbin/laravel-authz/src/Adapters/DatabaseAdapter.php on line 23

Schema need to use with Illuminate\Support\Facades\Schema

Language : PHP
The framework："laravel/lumen-framework": "^8.0",
Package: "casbin/laravel-authz": "^3.1"

Problem description：

/ alice has the admin role
Enforcer::addRoleForUser('alice', 'admin');
// bob has the member role
Enforcer::addRoleForUser('bob', 'member');

Enforcer::addPermissionForUser('member', '/foo', 'GET');
Enforcer::addPermissionForUser('member', '/foo/:id', 'GET');

Enforcer::addRoleForUser('admin', 'member');

Enforcer::addPermissionForUser('admin', '/foo', 'POST');
Enforcer::addPermissionForUser('admin', '/foo/:id', 'PUT');
Enforcer::addPermissionForUser('admin', '/foo/:id', 'DELETE');

dd(Enforcer::enforce("alice", "/foo/1", "PUT")); 

This result is false , But without using frames, this result is true

without framework

<?php

require "./vendor/autoload.php";

$adapter = \CasbinAdapter\DBAL\Adapter::newAdapter([
    'driver' => 'pdo_mysql',
    'host' => '127.0.0.1',
    'dbname' => 'db_mall',
    'user' => 'root',
    'password' => 'xxx',
    'port' => '3306',
]);

$enforcer = new \Casbin\Enforcer("./lauthz-rbac-model.conf", $adapter);
// alice has the admin role
$enforcer->addRoleForUser('alice', 'admin');
// bob has the member role
$enforcer->addRoleForUser('bob', 'member');

$enforcer->addPermissionForUser('member', '/foo', 'GET');
$enforcer->addPermissionForUser('member', '/foo/:id', 'GET');

$enforcer->addRoleForUser('admin', 'member');

$enforcer->addPermissionForUser('admin', '/foo', 'POST');
$enforcer->addPermissionForUser('admin', '/foo/:id', 'PUT');
$enforcer->addPermissionForUser('admin', '/foo/:id', 'DELETE');

var_dump($enforcer->enforce("alice", "/foo/1", "PUT"));

This result is true

model.conf

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && keyMatch2(r.obj, p.obj) && regexMatch(r.act, p.act)

the same db data,the same model.conf, please help me,thanks

laravel 7.x is released at 3/3/2020 , add 7.x support please, thx.

Unable to get property "Owner" of non-object "r_obj".

下面是 model 定义

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == r.obj.Owner

  $canVisit = Enforcer::enforce("alice",  "{Owner: 'alice'}",  "read");

My codes:

    // adds permissions to a user
    Enforcer::addPermissionForUser('admin', 'article', 'content', 'read');
    Enforcer::addPermissionForUser('admin', 'goods', 'content', 'write');

    Enforcer::addPermissionForUser('root', '*', '*', '*');

    // adds a role for a user.
    Enforcer::addRoleForUser('eve', 'root', '*');
    Enforcer::addRoleForUser('bob', 'admin', '*');
    Enforcer::addRoleForUser('tom', 'admin', 'goods');

    if (Enforcer::enforce("eve", "article", "content", "read")) {
        return sprintf('yes. %s', now()->format('Y-m-d H:i:s'));
    }

    if (Enforcer::enforce("bob", 'goods', 'content', 'read')) {
        return sprintf('bob has this perm. %s', now()->format('Y-m-d H:i:s'));
    }

    if (Enforcer::enforce('tom', 'goods', 'content', 'write')) {
        return sprintf('this is tom. %s', now()->format('Y-m-d H:i:s'));
    }

Enforcement result in my requests, only the last one without * passed enforcement:

In the casbin editor:

I found the dom can't use the pattern.

If I change the code to(use '*' instead of 'article'):

    if (Enforcer::enforce("eve", "*", "content", "read")) {
        return sprintf('yes. %s', now()->format('Y-m-d H:i:s'));
    }

It works fine:

Hi,

Lauthz\Facades\Enforcer has no type hints.

It is recommended to add @method static.

`namespace Lauthz\Facades;

use Illuminate\Support\Facades\Facade;

/**

• @see \Casbin\Enforcer
• @method static array getPermissionsForUser
  */
  class Enforcer extends Facade
  {`

Laravel 8.x cannot be installed

I am getting this issue, when I used following steps to reproduce this issue.

1. I am using laravel Laravel Framework 6.20.38.
2. add permission of logged user in laravel. Below are my code: $email = Auth::user()->email;
   // adds permissions to a user
   \Enforcer::addPermissionForUser($email, '/photo/index', 'GET');
3. When, I hit this allow path, I am getting this error:
4. Argument 1 passed to Casbin\Rbac\DefaultRoleManager\RoleManager::hasLink() must be of the type string, int given, called in /var/www/html/amitdeveloper28/vendor/casbin/casbin/src/Util/BuiltinOperations.php on line 440

The official document of larravel defines const coverage in the model, but we need to create our own data table, change the creation time and update time fields to createTime and updateTime. Can we add created in the configuration file_ At for repair

Now in laravel-authz the artisan commands are really cool and useful and maybe can be make more generic.

For example, I have this situation for my roles:

[role_definition] g = _, _ g2 = _, _ g3 = _, _, _
So I ask if it's possible to extends artisan command role:assign to take g,g1,g3 as type parameter, to make easier to insert roles.

Thanks

When I use it in workerman, the data I get is always the same，What should I do if I want to get a new instance.

 $policy = Enforcer::getPolicy();

Even if my database has been updated, this method always returns the old data,

The following method is singleton mode

    /**
     * Attempt to get the enforcer from the local cache.
     *
     * @param string $name
     *
     * @return \Casbin\Enforcer
     *
     * @throws \InvalidArgumentException
     */
    public function guard($name = null)
    {
        $name = $name ?: $this->getDefaultGuard();

        if (!isset($this->guards[$name])) {
            $this->guards[$name] = $this->resolve($name);
        }
        return $this->guards[$name];
    }

Can you please use casbin not lower than v2.3.0, where 'eval' in ABAC policy has been introduced.

> use Enforcer;
> Enforcer::addPermissionForUser('eve', 'articles', 'read');
= true

> Enforcer::addRoleForUser('eve', 'writer');
= true

> Enforcer::addPolicy('writer', 'articles','edit');
= true

> Enforcer::enforce("eve", "articles", "edit")

   ValueError  array_combine(): Argument #1 ($keys) and argument #2 ($values) must have the same number of elements.

> Enforcer::getRolesForUser('eve');
= [
    "writer",
  ]

> Enforcer::hasPermissionForUser('eve', 'articles', 'read');
= true

> Enforcer::hasPermissionForUser('eve', 'articles', 'edit');
= false

Am I using Enforcer::enforce function incorrectly?
and why does user eve not have access to 'edit articles', if she has a role 'writer', and role 'writer' have permission 'edit articles'?

"php": "^8.2",
"casbin/laravel-authz": "^3.1",
"laravel/framework": "^10.0"

Hi,

Is this library still being maintained?

Is there any way to call Enforcer::loadFilteredPolicy($filter); without calling loadPolicy on Enforcer creation?

In CoreEnforcer.php there is such logic:

// Do not initialize the full policy when using a filtered adapter
$ok = $this->adapter instanceof FilteredAdapter ? $this->adapter->isFiltered() : false;
if (!\is_null($this->adapter) && !$ok) {
$this->loadPolicy();
}

but $this->adapter->isFiltered() is false, because is called on Enforcer creation and $this->setFiltered(true) is called in loadFilteredPolicy

When I execute code“ Enforcer::deletePermissionsForUser($sub);”，it make an error;

@basakest

Package version used: casbin/laravel-authz: ^3.1 (v3.1.4 in lockfile)

When trying out this package I tried adding a policy using the policy:add command. As stated in the documentation found in the README.md:

I ran command php artisan policy:add admin,posts,index. This resulted in the following record being inserted:

Which I assumed was incorrect.
It also throws an error when comparing/checking the rule:

I manually changed the rule to the way the Enforcer facade adds it:

Which worked. So I think this is a bug.

Sidenote:

The command policy:add implies that it adds a policy while Enforcer::addPermissionForUser() (which does the same) implies that it adds a permission which is inconsistent. I suggest renaming one of the two to match the other.

I encountered a new problems. I want add a super role into rbac with domains model.
So I modify the config file as below:

[request_definition]
r = sub, dom, obj, act

[policy_definition]
p = sub, dom, obj, act

[role_definition]
g = _, _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = (g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act) || r.sub == "root"

and then, I write a line code Enforcer::addRoleForUser('bob', 'root'); for adding a new rule in the table rules.

The error grouping policy elements do not meet role definition displays again.
Or I got a no permission in Enforcer::enforce('bob', 'article', 'content', 'read').

I have searched in google and bing and stockoverflow. Finally I got a poor result.

Please help me finish it. Thanks very much.

I'd like to retrive an array of v2 values based on v0,v1,v3 values, is there a function that I can't find in docs or have I to create a custom Enforcer?

This is my conf:

[request_definition]
r = sub, clt, obj, act

[policy_definition]
p = sub, clt, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && ((r.clt == p.clt && r.obj == p.obj) || (r.clt == p.clt && r.obj == "*")) && r.act == p.act

Where sub is my user, clt is the table like (posts), obj is the id of obj in ctl and act is my action like index, edit, create, update, store, restore, destroy.

Can someone help me, pls?

强烈希望可以同时在lumen项目下使用， 目前我们公司项目大多数都采用的是lumen框架搭建的；
在安装php-casbin/laravel-authz的时候会报错，提示：必须在laravel上才能使用；
强制安装上之后，发现Laravel框架核心也被安装上了， 这样会导致项目vendor目录非常大。
所以希望发个能在lumen上使用的版本，谢谢。

HI!

I called the addFunction method of the FunctionMap class in the controller to create the function. I use RequestMiddleware, the FunctionMap::loadFunctionMap() method is called there - which returns a list of commands by default. And there is no my function. Where can I define my function so that it can be seen from the RequestMiddleware? Or is it necessary to override the default classes?

Not working properly

Class Lauthz\Adapters\DatabaseAdapter contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (Casbin\Persist\UpdatableAdapter::updateFilteredPolicies

Hi,

I'm storing my model.conf remotly and would like to fetch it at runtime(and eventually cache it)

I see that the config has a load from string option, I'm wondering how (where) one would set up request call to the model URL and then load the model as string.

Thank you

Hello,
I'm on a situation that sometimes I have more parameters for the policies, can this be made like in documentation? I can't figure out the way to make it work. It always tells me I provided less parameters.

[policy_definition]
p = sub, obj, act
p2 = sub, act

Thanks

I use this config
'database' => [
// Database connection for following tables.
'connection' => '',
// Rule table name.
'rules_table' => 'tbl_roles',
],

In the configuration file lauthz.php, I change the basic.model.config_file_path to __DIR__ . DIRECTORY_SEPARATOR . 'lauthz-rbac-with-domains-model.conf', and then copy the file example/rbac_with_domains_model.conf to config directory, and rename the file name to authz-rbac-with-domains-model.conf.

But the next step is ?

I got the error grouping policy elements do not meet role definition when I use the Enforcer::addRoleForUserInDomain('alice', 'admin', 'article');.

So how to use rbac with domains model ?