Rbac

[gedw99]

https://github.com/TheSaaSZoo/PermissionPanther

https://docs.permissionpanther.com/blog

I like its ability to do what google drive does which a forum might need.

the docs are good in explaining why it’s so simple but powerful

ent can easily model this too, cause it’s so simple

[Southclaws]

Looks interesting, thanks for sharing!

It's still quite early for now, I'm using a library called Restrict however the last commit was over 2 years ago and it's missing a couple of vital features.

[el-mike]

Looks interesting, thanks for sharing!

It's still quite early for now, I'm using a library called Restrict however the last commit was over 2 years ago and it's missing a couple of vital features.

@Southclaws Hi! I'm the creator of Restrict, I've stumbled upon this post looking through the usages of the library. I've stopped extending it due to low interest from the community (with most devs going with more complex solutions like Casbin), but I'm definitely eager to implement some new features, if you'd like to continue using it. If so - let me know what are you interested in. You can contact me via email, or simply open a Github Issue in restrict's repo.

[Southclaws]

Hey @el-mike thanks for reaching out! I've looked around and I still think Restrict does the best job of providing a simple abstraction for RBAC compared to the very "feature-rich" (bloated!) alternatives.

I've been putting off implementing proper RBAC for a while now, the end goal is to provide a role system similar to Discord with customisable permissions but the first step is ensuring every operation implements some form of RBAC check.

From what I remember, the complexities came with providing multiple roles for a single account (say you have a role that provides permission to edit threads, then a separate role that provides permission to delete threads) and also making this all dynamic DB backed data. But I will have to take another look to figure out what "vital features" I thought it was missing as it might be perfectly fine!

I'll open an issue if I notice anything, thanks!

[el-mike]

Thank you for clarification @Southclaws !

Yeah, adding multiple roles to a single account was something I've immediately regretted not including in v1, and was planning to add as a immediate follow up after the release, if there is is enough interest from the community. Eventually, I decided not to do it for the time being, but given it's a relatively simple thing to add to Restrict, I'm probably going to, especially seeing such demand already risen in your project.

In case of any other features you'd like to have, again - I'm open to consider and implement them!

[Southclaws]

@el-mike Yeah that was it, accounts holding multiple roles was the blocker. Right now there’s only a single role: Admin so it’s served quite well so far but the near future roadmap includes multiple roles that can be configured in a similar way to discord (either manually or via SAML or APIs/bots/wasm plugins)

I’d be happy to work with you and contribute this feature into Restrict as that’s pretty much the only feature I see missing and I really don’t want to 1. Write my own or 2. Use a large bloated enterprise solution like Casbin!

[el-mike]

@Southclaws got it - I already started to work on multiple roles support, but if you'd like to become a contributor as well, let me know! I will set up appropriate privilages for you, and take care of some repository settings I'd like to have for contributors to follow.

If not - I think I'll be able to provide this feature within a week :)

[Southclaws]

Amazing thank you! I can get that integrated once ready and provide feedback, when you push a branch I can take a look too. I think once Storyden is using RBAC for everything, I'll be able to get a better sense of what may be good areas to contribute improvements to.

Thanks for jumping back on Restrict, it's a great library!