search

casbin / node-casbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Node.js and Browser
https://casbin.org
Apache License 2.0
2.52k stars 211 forks source link

How to do Role hierarchy with domain using casbin #481

Open TessilimiTheo opened 4 days ago

TessilimiTheo commented 4 days ago

Hi for my usage,I need to setup casbin with role hierarchy to avoid duplication beetwen domain.

Example of policies

### Define global user role permissions
p, abstract_roles1, devis, read, *
p, abstract_roles1, devis, create, *

p, abstract_roles2, devis, read, *
p, abstract_roles2, organization, read, *
p, abstract_roles2, organization, write, *

### Define role inheritance
g, roles1, abstract_roles1, tenant1
g, roles1, abstract_roles1, tenant2
g, roles1, abstract_roles1, tenant3

g, roles2, abstract_roles2, tenant1
g, roles2, abstract_roles2, tenant2
g, roles2, abstract_roles2, tenant3

g, super_user, abstract_roles2, *

### Assign users to roles
g, michael, roles1, tenant1
g, antoine, roles1, tenant2
g, kevin, roles1, tenant3

g, thomas, roles2, tenant1
g, thomas, roles2, tenant2
g, lucie, roles2, tenant3

g, theo, super_user, *

Example of configuration

[request_definition]
r = sub, obj, act, dom

[policy_definition]
p = sub, obj, act, dom, eft

[role_definition]
g = _, _, _

[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))

[matchers]
m = (g(r.sub, p.sub, r.dom) || g(r.sub, p.sub, '*')) && (p.dom == '*' || r.dom == p.dom) && r.obj == p.obj && r.act == p.act

Is this method the best approach, or are there alternative methods available? How can I retrieve all permissions for a user using this library?

Currently, this.enforcer.getImplicitPermissionsForUser() is not functioning as intended.

casbin-bot commented 4 days ago

@nodece @Shivansh-yadav13