Support Casbin as the authorization backend

[hsluoyz]

Hi, Casbin is an authorization library that supports models like ACL, RBAC, ABAC.

Related to RBAC, Casbin has several advantages:

1. roles can be cascaded, aka roles can have roles.
2. support resource roles, so users have their roles and resource have their roles too. role = group here.
3. the permission assignments (or policy in casbin's language) can be persisted in files or database (MySQL and Cassandra).

And you can even customize your own access control model, for example, mix RBAC and ABAC together by using roles and attributes at the same time. It's very flexible.

I found currently rest-layer provides authentication but doesn't provide authorization yet. So I think maybe Casbin will become a help for authz implementation. I can provide help if you like. Let me know if you have any questions:)

[smyrman]

Contributions are always welcome.

I found currently rest-layer provides authentication but doesn't provide authorization yet.

Well, rest-layer actually dosn't implement any authentication, but you are right that there are some examples code for how users can add authentication themselves.

If you are interested in doing a PR with similar examples for how authorization could be done via Casbin using the existing hooks, I belive that would be very welcome.

@rs, please comment if you have anything to add.

[rs]

You summerized it pretty well. Casbin looks very interesting and it might be a good idea to mention it in the doc and provide some integration example. But the idea of rest-layer is to stay decoupled so you can easily plug whatever authen/z solution that fit your needs.