search

casbin / gorm-adapter

GORM adapter for Casbin, see extended version of GORM Adapter Ex at: https://github.com/casbin/gorm-adapter-ex
https://github.com/casbin/casbin
Apache License 2.0
678 stars 206 forks source link

"accessible by" feature for ORM integrations #195

Closed aguynamedben closed 1 year ago

aguynamedben commented 1 year ago

I've used authorization frameworks that have such tight integration with ORMs that you can write controllers like this:

# get posts, but only the ones allowed for Ben!
def get_posts_for_ben
  ben = User.find_by(email: "ben@email.com")
  ability = Ability.for_user(ben)
  @posts = Post.accessible_by(ability)

There are a few authorization libraries I know of that have this capability:

This Authorization framework + ORM integration increases safety and simplifies development. A new engineer can join a project, write business logic, chain .accessible_by, and respect for the ACL is built into the queries at a low-level.

Do you know of any ORM integrations with casbin that provide this? (in any language) I'm looking at casbin-gorm and other adapters, but don't see this level of ORM integration. Do you know of any adapters or other libraries have this as a goal?

Thank you!

casbin-bot commented 1 year ago

@tangyang9464 @JalinWang

jeremycare commented 1 year ago

@aguynamedben, We are also facing the same problem with Casbin vs CASL.

Screenshot 2023-01-19 at 14 03 30

I don't see a proper way to do number 4 with Casbin, really I wasn't able to find anything in the documentation that talks about such things..

Were you able to find something?

casbin-bot commented 1 year ago

@tangyang9464 @JalinWang @imp2002

hsluoyz commented 1 year ago

We can implement GetAllowedRecordsForUser() first in gorm-adapter as an example. Then extend to other Go adapters and even other languages of Casbin

@PokIsemaine