Mongoose adapter for casbin

casbin / node-casbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Node.js and Browser

https://casbin.org

Apache License 2.0

2.61k stars 218 forks source link

Mongoose adapter for casbin #42

Closed ghaiklor closed 5 years ago

ghaiklor commented 5 years ago

As promised, we have published our mongoose adapter for casbin that we are using in production at the moment.

Feel free to review it and if everything is ok, hoping to add it as official recommended adapter in README for node-casbin.

https://github.com/elasticio/casbin-mongoose-adapter

P.S. I made it thanks to your MongoDB adapter written in Go, so basically, this one is just a port from Go to NodeJS.

hsluoyz commented 5 years ago

Hi @ghaiklor In fact, already did that even before you ask, see: https://github.com/casbin/node-casbin#policy-persistence

I saw lots of tests and docs. It's really a high-quality implementation, I also learnt something from it :) BTW, you can also add some badges, including Travis CI and code coverage, also the NPM version. Then it would be better.

Thanks for the contribution indeed!

ghaiklor commented 5 years ago

Wow, that is a really fast response, thank you 🙏 Yeah, I thought about badges, did not have time for this yet.

Regard to tests, there are not much tests. Just simple smoke tests that check that when you are modifying policy, changes reflects in MongoDB.

hsluoyz commented 5 years ago

@ghaiklor I think I can help. I have sent a PR here: https://github.com/elasticio/casbin-mongoose-adapter/pull/1. Can you switch on the following services? So the badges will work.

Travis CI: https://travis-ci.org/elasticio/casbin-mongoose-adapter
Coveralls: https://coveralls.io/github/elasticio/casbin-mongoose-adapter
Codebeat: https://codebeat.co/projects/github-com-elasticio-casbin-mongoose-adapter-master

hsluoyz commented 5 years ago

Thanks for merging the PR. This issue can be closed now :)

ghaiklor commented 5 years ago

@hsluoyz thanks, merged the PR.

We are using CircleCI instead of Travis, so I've updated the badge to grep status from CircleCI. Regard to coveralls, it is not integrated from our side, so there are no information (no sense for doing that).

I'll add the badge from coveralls once it will be enabled for the repo.

hsluoyz commented 5 years ago

@ghaiklor , Coveralls is free for open-source projects and I use it a lot. You can enable the repo in: https://coveralls.io/ if needed :)

Slind14 commented 5 years ago

@ghaiklor is there a reason for the additional layer of methods? e.g. using addPermissionForUser instead of addPolicy? The latter seems to work just fine and in real time.

ghaiklor commented 5 years ago

@Slind14 I think, this kind of questions better to ask @hsluoyz

AFAIU, addPermissionForUser is the public method which handles not only the policies but the RBAC relations as well.

When addPolicy is just an internal method for writing policies into the backend and ideally should not be used.

hsluoyz commented 5 years ago

@Slind14 ghaiklor's answer is not wrong. They belong to RBAC API and Management API respectively. You can find the info here:

https://casbin.org/docs/en/management-api https://casbin.org/docs/en/rbac-api

federicosan commented 5 years ago

would this let me create update and delete casbin policies into a mongodb document?

hsluoyz commented 5 years ago

Hi @federicosan , if you have questions about this adapter, please raise an issue at: https://github.com/elasticio/casbin-mongoose-adapter