jinzhu
commented
7 years ago Hello @hsluoyz
Do you have any idea for how to integrate it into roles?
Closed hsluoyz closed 7 years ago
jinzhu
commented
7 years ago Hello @hsluoyz
Do you have any idea for how to integrate it into roles?
hsluoyz
commented
7 years ago Hi @jinzhu ,
I saw roles is also used in some other repos. So not breaking API should be better. My idea is that roles works as the API layer, and uses casbin as the backend to do the permission check. For example, Permission class can contain a casbin handler, and then pass the access request to it. An example would be: https://github.com/tomoya92/pybbs-go/commit/8835a01c614e0bfaf5bcbf2e1ddbbd4b1beee733
Also, by using casbin, roles can gain more features like specifying a user as the accessing entity, roles can inherit each other, policy persistence into files, DB, etc. Of course, supporting these features need to extend the current roles API.
jinzhu
commented
7 years ago @hsluoyz I think you could use casbin as the backend for roles based on current API? for example, use it here? https://doc.getqor.com/plugins/roles.html#register-roles
Any misunderstanding?
hsluoyz
commented
7 years ago Exactly the other way around, roles API is exposed to user side, not casbin. I think the below flow would be easier to show it:
What it looks like now: web user ---> web framework ---> roles (do permission check)
My idea: web user ---> web framework ---> roles ---> casbin (do permission check)
jinzhu
commented
7 years ago Hello @hsluoyz
I am revisiting this issue, could you make a PR based on your idea? I am not exactly sure how it will be used yet...
df1228
commented
5 years ago @hsluoyz, new user to casbin and qor, it seems casbin is more flexible on checking permission than qor/roles. can you give an example or make a pr about this ? :)
hsluoyz
commented
5 years ago Hi @df1228 , I think you can just use Casbin directly, if you want more flexibility.
dfang
commented
5 years ago @hsluoyz but i need to integrate it with qor admin like this https://doc.getqor.com/admin/authentication.html#authorization-for-menus
Hi, there is a project called casbin. It is an authorization library that supports models like ACL, RBAC, ABAC. Maybe it can assist your need in the perm management. I can make a PR if you like:)