search

jaypipes / procession

Main Procession server
Apache License 2.0
2 stars 0 forks source link

Flesh out basic authz system #11

Open jaypipes opened 7 years ago

jaypipes commented 7 years ago

We need a relatively simple RBAC/ABAC system for ensuring users are only able to view/edit the objects they are allowed to view/edit as well as take various administrative actions in the system. What I don't want is some over-complicated system that's impossible to decipher or relies on some policy language like Prolog.

My initial thinking on this is that after authenticating the user, the IAM service can attach to the Session object a global SystemPermissions object that describes the permissions the user has at a system level. The SystemPermissions object might look something like this: 

enum SystemPermission {
    READ_ANY = 0;
    READ_ANY_ORGANIZATION = 1;
    READ_ANY_USER = 2;
    READ_ANY_REPO = 3;
    READ_ANY_CHANGESET = 4;
    READ_ANY_CHANGE = 5;
    CREATE_ORGANIZATION = 100;
    CREATE_USER = 101;
    CREATE_REPO = 102;
    CREATE_CHANGESET = 103;
    CREATE_CHANGE = 104;
    DELETE_ANY_ORGANIZATION = 200;
    DELETE_ANY_USER = 201;
    DELETE_ANY_REPO = 202;
    DELETE_ANY_CHANGESET = 203;
    DELETE_ANY_CHANGE = 204;
}

message SystemPermissions {
    uint64 expires = 1;
    repeated SystemPermission permissions = 2;
}

There would be another ObjectPermissions object that would describe the permissions a user has on a particular object in Procession:

enum ObjectPermission {
    READ = 0;
    MODIFY = 1;
    DELETE = 2;
    SHARE = 3;
}

message ObjectPermissions {
    uint64 expires = 1;
    # This might be uint64 instead of repeated ObjectPermission if we think it's not likely
    # that there would ever be more than 64 different object permission entries in the
    # ObjectPermission enum...
    repeated ObjectPermission permissions = 2;
}

Upon the user attempting to perform some action against Procession, we'd ask the IAM service to send a single Permissions message back after authentication, possibly in the Session message:

message Permissions {
    SystemPermissions system = 1;
    ObjectPermissions object = 2;
}

The object field would be nil until the system proceeded processing of the request to a point where the object being modified or read was identified. The system field would contain privilege information enough to prevent unauthorized access or modification of "top-level resources".

jaypipes commented 7 years ago

Hi @hsluoyz! Thanks very much for the heads up on Casbin :) I will definitely check it out! You commented at just the right time, as I was going to start implementing some authz for Procession pretty soon.