Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for different definitions? #2

Open
judahb opened this issue Jan 15, 2019 · 11 comments
Open

Support for different definitions? #2

judahb opened this issue Jan 15, 2019 · 11 comments

Comments

@judahb
Copy link

judahb commented Jan 15, 2019

Can i modify the definition in the express example to support a modified RBAC with domains/tenants? Meaning is a custom definition supported?
@tiagostutz
Copy link
Owner

Maybe you could implement is as another example...
You could rename the current example folder to "examples" and create 2 folders there: one that will have the current example (the folder could be named "simple") and another with this example you are proposing...

What do you think?

@judahb
Copy link
Author

judahb commented Jan 15, 2019

I need to build this for a solution that will be open sourced. So while i can do that as an example, I would prefer to know if a different definition is supported so i can get to work. If not, i will likely need to approach this differently.

@judahb
Copy link
Author

judahb commented Jan 15, 2019

Seems like that response was duplicated?

@tiagostutz
Copy link
Owner

tiagostutz commented Jan 15, 2019
edited
Loading

I would prefer to know if a different definition is supported so i can get to work

What do you exaclty mean by "different definition is supported"? You are supposed to be able to use all the definitions supported by Casbin. If you know Casbin supports the definition you are looking for, then it should work here also. If it doesn't we can fix it to do so.

@judahb
Copy link
Author

judahb commented Jan 15, 2019

Acknowledged. Thanks alot for the update. I will test the definition provided by casbin, and will let you know if i have any challenges.

@tiagostutz
Copy link
Owner

Nice! I'm waiting for your updates.
Cheers!

PS - My Internet was a mess here, so my last messages were duplicated and misformatted... fixed them now.....ehehehheehhe.

@judahb
Copy link
Author

judahb commented Jan 15, 2019

This will not work with definition below. Reason is the code is hardcoded to if(enforcer.enforce(username, path, method)) {

[request_definition]
r = sub, dom, obj, act

[policy_definition]
p = sub, dom, obj, act

[role_definition]
g = _, _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act

@judahb
Copy link
Author

judahb commented Jan 15, 2019

Also, it seems it ignore 'g', is that correct? I need roles for my multi tenant approach

req.originalUrl.match(new RegExp(ignoredPathsRegex, "g"))

@tiagostutz
Copy link
Owner

"g" is for "Global match" in the regex... so it would look for all the occurrences of the ignoredPathsRegex within the URL.

@tiagostutz
Copy link
Owner

@judahb can you provide an example showing "values" of your request? I mean, showing URLs and roles involved in a request and how would they should be handled?

@hsluoyz
Copy link

hsluoyz commented Feb 12, 2021
edited
Loading

@tiagostutz I think @judahb means that the enforcement code is written as:

if(enforcer.enforce(username, path, method)) {

But the request part in the model is:

[request_definition]
r = sub, dom, obj, act

The dom arg needs to be passed into the enforce() function:

const domain = "domain1";
if(enforcer.enforce(username, domain, path, method)) {

Is there any way to support the domain arg easily in this repo?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hsluoyz @tiagostutz @judahb