chore: update version of dependency lua-casbin to 1.46.0

[rg2011]

Description

This PR updates the lua-casbin module dependency to version 1.46.0, to fix a bug that was reported upstream (casbin/lua-casbin#152).

Which issue(s) this PR fixes:

Fixes #12974

Checklist

• I have explained the need for this PR and the problem it solves: I reported it in issue bug: casbin enforcers overwrite each other - fixed upstream #12974
• I have explained the changes or the new features added to this PR: Tehre are no new features, just a dependency bump.
• I have added tests corresponding to this change
• I have updated the documentation to reflect this change
• I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

I haven't updated tests or documentation because I don't know if it applies to dependency bumps, it there is some doc to update please let me know. tests added in commit 2a72f84

Regarding backward compatibility, the only difference between the current lua-casbin version (1.45.0) and the new one (1.46.0) is the fix to bug casbin/lua-casbin#152:

https://github.com/casbin/lua-casbin/compare/v1.45.0..v1.46.0

So I believe there are no backward compatibility issues, but have not tested extensively.

[Baoyuantop]

Hi @rg2011, can you create a test based on the scenario described in the issue? We want to verify that the issue is fixed and prevent similar issues from occurring again in the future.

[rg2011]

Hi @rg2011, can you create a test based on the scenario described in the issue? We want to verify that the issue is fixed and prevent similar issues from occurring again in the future.

Hi @Baoyuantop, added a test for the casbin plugin.

• The test adds two configurations with different policy shapes:
  • The first configuration uses two policy parameters p = obj, act
  • The second configuration uses three policy parameters p = subj, obj, act
• I checked the test fails with version 1.45.0-1 of the casbin dependency, but passes with version 1.46.0-1

The test case exercises configurations with different policy shapes. In my original issue, the example configurations I used had also different request shapes. But I realized that was not a valid example: the casbin plugin is hardcoded to a request shape of 3 parameters. The examples in the issue are adapted from routes I use with a custom version of the plugin, not the upstream one.

For the test case, I kept the request shape at 3 parameters, r = sub, obj, act, and varied the policy shape instead. This configuration is valid for the standard casbin plugin, yet it triggers the same bug.

[Copilot]

Pull request overview

This PR bumps the casbin (lua-casbin) LuaRocks dependency to 1.46.0-1 to pick up the upstream fix for enforcer/model isolation (casbin/lua-casbin#152), and adds a regression test to ensure different Casbin model/policy “shapes” can coexist across routes without overwriting each other.

Changes:

• Update LuaRocks dependency casbin from 1.45.0-1 to 1.46.0-1.
• Add new integration/regression tests to validate multiple routes with different Casbin policy/model definitions work in sequence (issue #12974).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
apisix-master-0.rockspec	Bumps the casbin dependency version to include the upstream fix.
t/plugin/authz-casbin.t	Adds regression coverage for multi-route Casbin enforcer isolation with differing policy/model shapes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.