Closed zamrokk closed 5 years ago
Fixed by :
[matchers]
m = g(r.sub, p.sub) && g(r.obj, p.obj) && r.act == p.act
why it was not set by default ? :/
Well it works
Hi @zamrokk , your solution is not robust as you are mixing resource roles with user roles. If you happen to have a user named data3
, and a role named datagroup
. The former will inherit the latter based on your policy. The correct way is to use g2
for resource roles.
g, alice, data2_admin
g2, data3, datagroup
See RBAC with resource roles
at: https://github.com/casbin/jcasbin#examples
yes correct , I understand it better now :)
thanks for the info :P
if I create a new group of resource from the base example, then Alice is not able to access to resources contains on this new group but only the group itself
if I request like this
then the answer is : NO , expected is : YES
proof :