From 40835f00d137bce3c38b8b462e44ea448b56e962 Mon Sep 17 00:00:00 2001
From: khorshuheng <solemnpriest@gmail.com>
Date: Tue, 19 Nov 2024 21:11:18 +0800
Subject: [PATCH] fix: revert changes to casbin matcher

---
 libs/access-control/src/casbin/access.rs   |  2 +-
 libs/access-control/src/casbin/enforcer.rs | 42 ----------------------
 2 files changed, 1 insertion(+), 43 deletions(-)

diff --git a/libs/access-control/src/casbin/access.rs b/libs/access-control/src/casbin/access.rs
index 4fc5feb9..6b42ecda 100644
--- a/libs/access-control/src/casbin/access.rs
+++ b/libs/access-control/src/casbin/access.rs
@@ -159,7 +159,7 @@ g = _, _ # grouping rule
 e = some(where (p.eft == allow))
 
 [matchers]
-m = g(r.sub, p.sub) && p.obj == r.obj && (g(p.act, r.act) || cmpRoleOrLevel(r.act, p.act))
+m = r.sub == p.sub && p.obj == r.obj && (g(p.act, r.act) || cmpRoleOrLevel(r.act, p.act))
 "###;
 
 pub async fn casbin_model() -> Result<DefaultModel, AppError> {
diff --git a/libs/access-control/src/casbin/enforcer.rs b/libs/access-control/src/casbin/enforcer.rs
index f16c6b6b..ef7b1c9e 100644
--- a/libs/access-control/src/casbin/enforcer.rs
+++ b/libs/access-control/src/casbin/enforcer.rs
@@ -223,48 +223,6 @@ mod tests {
     AFEnforcer::new(enforcer).await.unwrap()
   }
 
-  #[tokio::test]
-  async fn collab_group_test() {
-    let enforcer = test_enforcer().await;
-
-    let uid = 1;
-    let group_id = "collab_owner_group:w1";
-    let workspace_id = "w1";
-    let object_1 = "o1";
-
-    // allow workspace member to access collab
-    enforcer
-      .update_policy(
-        SubjectType::Group(group_id.to_string()),
-        ObjectType::Collab(object_1),
-        ActionVariant::FromAccessLevel(&AFAccessLevel::FullAccess),
-      )
-      .await
-      .unwrap();
-
-    // include user in the collab owner group
-    enforcer
-      .add_grouping_policy(
-        &SubjectType::User(uid),
-        &SubjectType::Group(group_id.to_string()),
-      )
-      .await
-      .unwrap();
-
-    // when the user is the owner of the collab, then the user should have access to the collab
-    for action in [Action::Write, Action::Read] {
-      let result = enforcer
-        .enforce_policy(
-          workspace_id,
-          &uid,
-          ObjectType::Collab(object_1),
-          ActionVariant::FromAction(&action),
-        )
-        .await;
-      assert!(result.is_ok());
-    }
-  }
-
   #[tokio::test]
   async fn workspace_group_policy_test() {
     let enforcer = test_enforcer().await;