Closed hsluoyz closed 7 years ago
Hello @hsluoyz
Do you have any idea for how to integrate it into roles?
Hi @jinzhu ,
I saw roles is also used in some other repos. So not breaking API should be better. My idea is that roles works as the API layer, and uses casbin as the backend to do the permission check. For example, Permission
class can contain a casbin handler, and then pass the access request to it. An example would be: https://github.com/tomoya92/pybbs-go/commit/8835a01c614e0bfaf5bcbf2e1ddbbd4b1beee733
Also, by using casbin, roles can gain more features like specifying a user as the accessing entity, roles can inherit each other, policy persistence into files, DB, etc. Of course, supporting these features need to extend the current roles API.
@hsluoyz I think you could use casbin
as the backend for roles based on current API? for example, use it here? https://doc.getqor.com/plugins/roles.html#register-roles
Any misunderstanding?
Exactly the other way around, roles API is exposed to user side, not casbin. I think the below flow would be easier to show it:
What it looks like now: web user ---> web framework ---> roles (do permission check)
My idea: web user ---> web framework ---> roles ---> casbin (do permission check)
Hello @hsluoyz
I am revisiting this issue, could you make a PR based on your idea? I am not exactly sure how it will be used yet...
@hsluoyz, new user to casbin and qor, it seems casbin is more flexible on checking permission than qor/roles. can you give an example or make a pr about this ? :)
Hi @df1228 , I think you can just use Casbin directly, if you want more flexibility.
@hsluoyz but i need to integrate it with qor admin like this https://doc.getqor.com/admin/authentication.html#authorization-for-menus
Hi, there is a project called casbin. It is an authorization library that supports models like ACL, RBAC, ABAC. Maybe it can assist your need in the perm management. I can make a PR if you like:)